Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/aACp-SkFP7ASwX_a2tuNg_nv_j4.roa
File:                     aACp-SkFP7ASwX_a2tuNg_nv_j4.roa (raw, json)
Hash identifier:          826QRydcpcHGVP83CrJwkOk7bh/+OgMxavlPdNEpobs=
Subject key identifier:   68:00:A9:F9:29:05:3F:B0:12:C1:7F:DA:DA:DB:8D:83:F9:EF:FE:3E
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       019E3BC5747A981D7D95DC5B713B9271FC72
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/aACp-SkFP7ASwX_a2tuNg_nv_j4.roa
Signing time:             Mon 18 May 2026 15:47:36 +0000
ROA not before:           Mon 18 May 2026 15:47:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        85.136.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 00:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3b:c5:74:7a:98:1d:7d:95:dc:5b:71:3b:92:71:fc:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: May 18 15:47:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6800a9f929053fb012c17fdadadb8d83f9effe3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d4:c1:a1:0b:25:bc:c1:9f:aa:51:9d:48:02:
                    83:ab:ea:3a:5a:69:45:0e:4f:29:49:89:c8:ae:88:
                    81:71:12:18:5b:1f:f0:dd:0a:ae:e3:2d:55:7b:4f:
                    b8:73:da:4f:35:84:6e:03:a3:ea:21:c0:69:93:2a:
                    85:37:9f:ce:a3:e4:fd:80:6c:4f:07:25:ba:1f:a1:
                    ff:e4:aa:16:d8:35:dc:44:9f:0e:06:20:2e:c4:d5:
                    8e:81:29:d0:40:ad:08:d4:ed:ba:6d:80:21:43:47:
                    f7:12:58:a8:34:9d:83:d6:88:c8:8c:91:74:de:75:
                    8d:23:86:8f:62:02:65:dd:e6:83:2d:51:65:9b:be:
                    68:d1:b7:e6:da:0c:6d:c0:80:ae:2b:46:cd:cc:84:
                    51:24:a3:3e:82:d3:5e:31:69:1a:03:5e:bd:8d:69:
                    d5:11:82:83:9c:85:57:d2:35:e8:5c:e7:9c:a0:32:
                    81:42:9b:31:66:45:f6:2c:4a:25:81:26:ad:e7:3c:
                    f8:9d:f0:29:9e:1c:e7:de:df:c8:09:94:47:84:43:
                    93:f9:9a:dc:ff:93:6a:d2:8f:74:d1:86:de:69:38:
                    f0:53:0e:07:cc:23:6e:14:50:8c:4f:c0:ad:de:50:
                    e2:ae:c0:6d:11:f2:87:b4:af:fd:2e:9c:a9:d3:6c:
                    bf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:00:A9:F9:29:05:3F:B0:12:C1:7F:DA:DA:DB:8D:83:F9:EF:FE:3E
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/aACp-SkFP7ASwX_a2tuNg_nv_j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.136.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:83:ed:7c:c3:5c:1a:8b:d8:0f:dd:49:9f:c7:66:90:d6:4c:
         a2:8d:55:0e:54:ae:c1:2b:32:1d:56:19:02:07:7b:93:d3:19:
         dd:a7:71:fd:6a:55:2d:b7:23:a1:03:4d:07:db:9c:b3:ee:d3:
         a0:1a:2f:1e:cf:5c:cf:93:19:e2:c2:60:50:78:71:a1:bb:7d:
         8b:8a:c7:b6:1b:a7:6f:fa:e2:6c:6d:46:85:10:3a:19:ea:f3:
         31:9d:dc:77:d0:26:44:c2:67:f2:8c:4e:e2:1f:aa:dd:4e:99:
         8a:df:ab:f4:4a:e9:9b:59:03:cf:6b:fc:ab:25:cd:76:0c:8e:
         c8:85:a7:65:64:eb:05:3d:2c:4a:43:a1:0c:fc:c6:89:f6:c4:
         02:e9:eb:79:5f:5e:7d:a9:d2:c4:96:ec:bc:3b:d6:80:fc:66:
         74:72:3b:60:1a:8f:c1:11:72:0e:22:1f:c9:8f:33:a7:70:e3:
         89:5e:31:06:e4:95:61:61:ff:69:a1:d8:31:f9:b2:3e:1a:51:
         a6:79:f0:0e:2a:4c:fb:41:d9:8c:8d:6d:15:db:18:14:fb:14:
         a6:cb:e2:18:5c:97:46:b6:9a:49:6f:6f:34:4f:b1:57:51:91:
         71:77:67:af:1e:ed:bc:b5:4f:b2:26:cb:ab:9c:11:fc:55:e6:
         27:f3:62:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ47xXR6mB19ldxbcTuScfxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjYwNTE4MTU0NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODAwYTlmOTI5MDUzZmIwMTJjMTdmZGFkYWRiOGQ4M2Y5ZWZmZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdTBoQslvMGfqlGdSAKDq+o6WmlF
Dk8pSYnIroiBcRIYWx/w3Qqu4y1Ve0+4c9pPNYRuA6PqIcBpkyqFN5/Oo+T9gGxP
ByW6H6H/5KoW2DXcRJ8OBiAuxNWOgSnQQK0I1O26bYAhQ0f3ElioNJ2D1ojIjJF0
3nWNI4aPYgJl3eaDLVFlm75o0bfm2gxtwICuK0bNzIRRJKM+gtNeMWkaA169jWnV
EYKDnIVX0jXoXOecoDKBQpsxZkX2LEolgSat5zz4nfApnhzn3t/ICZRHhEOT+Zrc
/5Nq0o900YbeaTjwUw4HzCNuFFCMT8Ct3lDirsBtEfKHtK/9Lpyp02y/TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgAqfkpBT+wEsF/2trbjYP57/4+MB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvYUFDcC1Ta0ZQN0FTd1hfYTJ0dU5nX252X2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVYjEMA0G
CSqGSIb3DQEBCwUAA4IBAQBwg+18w1wai9gP3Umfx2aQ1kyijVUOVK7BKzIdVhkC
B3uT0xndp3H9alUttyOhA00H25yz7tOgGi8ez1zPkxniwmBQeHGhu32Lise2G6dv
+uJsbUaFEDoZ6vMxndx30CZEwmfyjE7iH6rdTpmK36v0SumbWQPPa/yrJc12DI7I
hadlZOsFPSxKQ6EM/MaJ9sQC6et5X159qdLEluy8O9aA/GZ0cjtgGo/BEXIOIh/J
jzOncOOJXjEG5JVhYf9podgx+bI+GlGmefAOKkz7QdmMjW0V2xgU+xSmy+IYXJdG
tppJb280T7FXUZFxd2evHu28tU+yJsurnBH8VeYn82LA
-----END CERTIFICATE-----