Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mFiaSNnK6ef2SiTb6UviUaXeyKs.roa
File:                     mFiaSNnK6ef2SiTb6UviUaXeyKs.roa (raw, json)
Hash identifier:          R4gjK8zX4zjAUtjaR2vmPmoVvnW6cUTq6ibYXNrZmnI=
Subject key identifier:   98:58:9A:48:D9:CA:E9:E7:F6:4A:24:DB:E9:4B:E2:51:A5:DE:C8:AB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019E208AA30E91C1A6BA1243792702F239A3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mFiaSNnK6ef2SiTb6UviUaXeyKs.roa
Signing time:             Wed 13 May 2026 08:53:37 +0000
ROA not before:           Wed 13 May 2026 08:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        185.206.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 18 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:8a:a3:0e:91:c1:a6:ba:12:43:79:27:02:f2:39:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 13 08:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98589a48d9cae9e7f64a24dbe94be251a5dec8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e8:9d:59:fb:de:fa:6e:a8:c5:71:0f:45:b0:
                    1a:24:24:33:9e:ca:ee:20:af:0d:d8:b5:30:41:d0:
                    7b:78:8f:cb:35:a5:93:7f:d6:d2:a3:3f:fc:2f:ef:
                    a0:00:41:e5:f5:f6:ff:d6:4f:1c:a5:4f:48:b2:03:
                    fc:bd:b5:2e:04:56:0e:6b:a7:70:34:9c:5b:3c:0d:
                    be:07:73:0b:b2:f1:f5:94:6c:b2:d6:e2:b4:c1:58:
                    67:8b:05:7c:98:f8:0b:88:2e:21:6a:10:65:47:50:
                    98:b2:1d:fd:6f:35:89:56:19:67:8b:74:aa:26:d0:
                    7d:0c:e0:ea:a3:36:09:dd:c5:14:79:da:ef:3c:de:
                    5d:a7:06:ea:da:b4:7f:83:c1:28:17:f2:99:cb:35:
                    21:a0:c6:72:2d:9c:1a:9e:72:62:7f:4c:d1:9c:8b:
                    18:9a:26:3a:27:c7:c9:74:ee:2b:ee:45:ed:8f:33:
                    14:0e:cb:f9:7d:e6:53:2b:2e:f0:db:f2:d4:7e:d8:
                    47:4a:f4:85:29:73:99:2e:33:12:e0:1a:11:15:0a:
                    a5:e2:f2:8f:7e:10:3b:cd:b4:1b:c6:b0:44:97:23:
                    61:9f:da:d1:c9:4d:d3:10:3a:fb:29:b0:c1:c2:27:
                    1d:17:ff:61:b4:34:ee:f9:5b:c2:e1:12:73:04:16:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:58:9A:48:D9:CA:E9:E7:F6:4A:24:DB:E9:4B:E2:51:A5:DE:C8:AB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mFiaSNnK6ef2SiTb6UviUaXeyKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ff:a2:32:47:3b:7b:16:f4:a9:3d:54:80:c6:43:e0:85:fb:
         61:da:15:6a:d5:f7:32:00:a8:78:42:5e:e0:6f:bc:12:37:04:
         9a:0c:21:ae:57:98:92:4c:7d:ca:76:71:b3:44:73:9c:3b:cf:
         8b:75:e4:7e:0d:dc:bf:23:55:5f:2c:8a:fa:8b:82:17:44:ee:
         f4:cf:e8:cb:41:63:d9:1f:1f:74:f1:e5:bb:02:9d:f3:f0:e3:
         82:ff:10:8c:2c:99:ed:f9:b7:97:36:fc:48:b3:56:82:dc:89:
         c4:8f:09:6b:d2:23:14:57:9d:15:21:9e:19:47:ae:06:92:63:
         56:44:c9:5e:17:cb:37:20:91:c9:e0:37:a2:c6:71:41:bf:1f:
         8e:fb:7d:c0:ec:2c:69:cc:b4:4d:c1:20:43:88:04:9b:7d:99:
         07:a5:8c:f3:9d:79:ea:d8:23:f7:2e:5a:89:4c:e9:ce:b0:fd:
         5c:d7:44:b9:20:74:73:16:5c:6f:81:af:6a:0d:b3:73:90:e7:
         e3:49:ab:7a:87:26:51:58:e3:6c:ff:92:8f:a0:4d:4d:63:ed:
         7b:f0:8c:da:23:52:e0:c3:84:88:32:eb:a9:73:ca:4e:e2:04:
         5e:fd:9a:71:07:6a:7e:9c:b8:71:39:32:b6:68:72:b0:cc:b4:
         07:e7:53:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4giqMOkcGmuhJDeScC8jmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNTEzMDg1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU4OWE0OGQ5Y2FlOWU3ZjY0YTI0ZGJlOTRiZTI1MWE1ZGVjOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOidWfve+m6oxXEPRbAaJCQznsru
IK8N2LUwQdB7eI/LNaWTf9bSoz/8L++gAEHl9fb/1k8cpU9IsgP8vbUuBFYOa6dw
NJxbPA2+B3MLsvH1lGyy1uK0wVhniwV8mPgLiC4hahBlR1CYsh39bzWJVhlni3Sq
JtB9DODqozYJ3cUUedrvPN5dpwbq2rR/g8EoF/KZyzUhoMZyLZwannJif0zRnIsY
miY6J8fJdO4r7kXtjzMUDsv5feZTKy7w2/LUfthHSvSFKXOZLjMS4BoRFQql4vKP
fhA7zbQbxrBElyNhn9rRyU3TEDr7KbDBwicdF/9htDTu+VvC4RJzBBY7MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhYmkjZyunn9kok2+lL4lGl3sirMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbUZpYVNObks2ZWYyU2lUYjZVdmlVYVhleUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc75MA0G
CSqGSIb3DQEBCwUAA4IBAQCu/6IyRzt7FvSpPVSAxkPghfth2hVq1fcyAKh4Ql7g
b7wSNwSaDCGuV5iSTH3KdnGzRHOcO8+LdeR+Ddy/I1VfLIr6i4IXRO70z+jLQWPZ
Hx908eW7Ap3z8OOC/xCMLJnt+beXNvxIs1aC3InEjwlr0iMUV50VIZ4ZR64GkmNW
RMleF8s3IJHJ4DeixnFBvx+O+33A7CxpzLRNwSBDiASbfZkHpYzznXnq2CP3LlqJ
TOnOsP1c10S5IHRzFlxvga9qDbNzkOfjSat6hyZRWONs/5KPoE1NY+178IzaI1Lg
w4SIMuupc8pO4gRe/ZpxB2p+nLhxOTK2aHKwzLQH51Nk
-----END CERTIFICATE-----