Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/IL8ZnYjxYa2nPIFmlCehGqlFsz8.roa
File:                     IL8ZnYjxYa2nPIFmlCehGqlFsz8.roa (raw, json)
Hash identifier:          hDOh+ZelusM3YtzwvUAEUnORy2Yy7lPftah4CsYPJ18=
Subject key identifier:   20:BF:19:9D:88:F1:61:AD:A7:3C:81:66:94:27:A1:1A:A9:45:B3:3F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019CED98A61AD2451F377D8F942948C081CE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/IL8ZnYjxYa2nPIFmlCehGqlFsz8.roa
Signing time:             Sat 14 Mar 2026 18:25:30 +0000
ROA not before:           Sat 14 Mar 2026 18:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        185.232.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 16:33:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ed:98:a6:1a:d2:45:1f:37:7d:8f:94:29:48:c0:81:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 14 18:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20bf199d88f161ada73c81669427a11aa945b33f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d5:2f:55:f5:de:f6:7b:3b:64:46:b2:03:be:
                    f2:f0:ab:5b:91:03:44:3d:a3:7e:0a:44:4b:fe:db:
                    b0:a0:ad:65:ab:7d:3d:5a:9e:56:54:fc:fe:06:6a:
                    03:73:45:59:73:0b:d4:a7:97:11:46:00:8f:8b:26:
                    1f:40:54:02:73:00:12:12:8e:4b:92:ae:7c:8d:1f:
                    5f:6f:29:87:13:5a:08:44:81:b3:8e:41:62:4a:be:
                    aa:56:41:d6:0e:d1:20:28:7b:e6:29:a2:ad:9e:bf:
                    c0:f5:5d:39:7e:2f:7f:f7:c3:17:ed:44:74:19:0b:
                    64:d2:f2:38:49:8c:50:01:74:c6:c5:be:38:18:96:
                    11:c3:de:bc:25:0c:35:fe:55:87:4c:c8:46:34:91:
                    74:2c:f1:df:90:d2:a6:b5:f8:13:2b:cd:72:a7:e2:
                    d6:23:04:6a:3a:63:b7:1a:8b:e1:bc:9b:18:19:89:
                    94:3e:3b:b2:79:77:d5:65:af:70:f7:c2:b2:31:71:
                    86:29:6f:7c:86:68:4d:d3:24:59:af:62:1c:4d:93:
                    d0:5e:db:c6:0e:fd:f7:53:1a:9f:e4:c3:6a:da:97:
                    fa:ae:a8:4f:c7:c6:e2:d9:39:03:b9:1a:0e:13:7e:
                    bc:0f:72:a0:cf:66:ff:a7:dd:e2:8c:93:ea:13:64:
                    ae:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BF:19:9D:88:F1:61:AD:A7:3C:81:66:94:27:A1:1A:A9:45:B3:3F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/IL8ZnYjxYa2nPIFmlCehGqlFsz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:8d:8a:9d:d5:8b:05:28:7e:99:30:62:69:05:69:94:f5:92:
         76:30:30:86:b3:87:fe:2a:9d:97:70:27:32:35:4f:e7:8c:e3:
         7d:b7:59:61:ca:9f:79:3f:3b:ea:6a:2b:c2:b6:61:d2:6d:0c:
         a9:30:49:99:bd:41:a5:d7:a2:48:49:95:15:1a:81:a5:68:7d:
         4f:94:c9:5d:cb:52:f1:7d:41:fe:17:3b:c8:67:59:29:e7:0d:
         af:09:3b:06:33:e8:7a:73:a1:41:09:30:52:a9:81:f2:fc:e7:
         7a:f8:4f:2e:b5:af:0b:25:fa:e3:22:37:9b:d2:ae:fe:32:07:
         71:5b:63:cb:c8:c4:33:00:34:70:37:e6:ef:70:be:f6:fe:3a:
         95:33:24:16:19:f2:4a:3d:0f:dc:05:f1:49:1b:94:10:07:4d:
         f1:02:08:fa:31:d7:e6:30:b5:8e:c7:2c:1e:87:33:a8:df:3d:
         8b:6b:b1:d7:86:f7:c2:7e:0f:e0:15:f7:27:52:78:59:99:2d:
         62:28:49:b2:cb:a0:97:80:6e:66:18:6f:20:75:ee:a5:1d:ec:
         77:fd:fd:eb:ff:7f:de:f6:d0:25:45:f0:e8:44:d6:55:30:c8:
         e2:03:3e:22:0a:7e:36:1e:6b:05:64:e9:56:ec:fe:bc:e9:13:
         0d:f2:ea:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZztmKYa0kUfN32PlClIwIHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMzE0MTgyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJmMTk5ZDg4ZjE2MWFkYTczYzgxNjY5NDI3YTExYWE5NDViMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutUvVfXe9ns7ZEayA77y8KtbkQNE
PaN+CkRL/tuwoK1lq309Wp5WVPz+BmoDc0VZcwvUp5cRRgCPiyYfQFQCcwASEo5L
kq58jR9fbymHE1oIRIGzjkFiSr6qVkHWDtEgKHvmKaKtnr/A9V05fi9/98MX7UR0
GQtk0vI4SYxQAXTGxb44GJYRw968JQw1/lWHTMhGNJF0LPHfkNKmtfgTK81yp+LW
IwRqOmO3GovhvJsYGYmUPjuyeXfVZa9w98KyMXGGKW98hmhN0yRZr2IcTZPQXtvG
Dv33Uxqf5MNq2pf6rqhPx8bi2TkDuRoOE368D3Kgz2b/p93ijJPqE2SuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC/GZ2I8WGtpzyBZpQnoRqpRbM/MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSUw4Wm5ZanhZYTJuUElGbWxDZWhHcWxGc3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuejOMA0G
CSqGSIb3DQEBCwUAA4IBAQC8jYqd1YsFKH6ZMGJpBWmU9ZJ2MDCGs4f+Kp2XcCcy
NU/njON9t1lhyp95PzvqaivCtmHSbQypMEmZvUGl16JISZUVGoGlaH1PlMldy1Lx
fUH+FzvIZ1kp5w2vCTsGM+h6c6FBCTBSqYHy/Od6+E8uta8LJfrjIjeb0q7+Mgdx
W2PLyMQzADRwN+bvcL72/jqVMyQWGfJKPQ/cBfFJG5QQB03xAgj6MdfmMLWOxywe
hzOo3z2La7HXhvfCfg/gFfcnUnhZmS1iKEmyy6CXgG5mGG8gde6lHex3/f3r/3/e
9tAlRfDoRNZVMMjiAz4iCn42HmsFZOlW7P686RMN8uoD
-----END CERTIFICATE-----