Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/h4hw0o1BGCO1IauXuWvv1pBVH-c.roa
File:                     h4hw0o1BGCO1IauXuWvv1pBVH-c.roa (raw, json)
Hash identifier:          5IBae8jcl3eOYKt23qLWVmfDo0rcP1nvWM8WUvRm6eI=
Subject key identifier:   87:88:70:D2:8D:41:18:23:B5:21:AB:97:B9:6B:EF:D6:90:55:1F:E7
Certificate issuer:       /CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
Certificate serial:       019B7AC8AA97190626DF41360A32AE2EC4CC
Authority key identifier: 11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/h4hw0o1BGCO1IauXuWvv1pBVH-c.roa
Signing time:             Thu 01 Jan 2026 18:18:49 +0000
ROA not before:           Thu 01 Jan 2026 18:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203740
IP address blocks:        185.125.40.0/22 maxlen: 22
                          185.125.40.0/23 maxlen: 24
                          185.125.43.0/24 maxlen: 24
                          2a06:b7c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Feb 2026 20:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:aa:97:19:06:26:df:41:36:0a:32:ae:2e:c4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
        Validity
            Not Before: Jan  1 18:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=878870d28d411823b521ab97b96befd690551fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0c:de:9c:67:11:05:1d:6d:18:e3:15:9a:ba:
                    b7:67:8e:38:fb:01:9e:c5:9c:b5:84:6b:85:5e:ab:
                    fb:11:30:0a:e8:a3:08:84:ed:50:d7:d7:62:f1:7c:
                    f6:62:2a:cb:ce:24:9d:41:12:e5:26:af:26:16:d5:
                    a9:e1:03:19:91:c6:a9:3c:de:3c:ac:21:92:86:3d:
                    95:72:74:ee:f5:62:d8:40:f1:3a:36:b2:f8:f3:ff:
                    4b:e2:26:e9:1a:55:d9:85:be:f7:aa:33:11:4f:5f:
                    d2:e6:7c:1a:c5:9c:7f:23:85:6a:34:93:f7:19:43:
                    43:6e:fe:48:c7:ef:d8:3b:56:a7:17:b4:5a:e4:0e:
                    a1:1f:77:78:2a:8b:43:01:43:8b:89:a3:c8:60:b4:
                    d4:79:d3:5f:b2:35:be:2c:5c:fb:93:e0:6c:10:c0:
                    53:6d:aa:6e:9e:3a:4c:6c:78:db:df:5f:8e:03:49:
                    05:ea:d6:17:d6:31:48:95:39:84:53:bb:42:fc:26:
                    71:6b:7b:bf:0c:c7:ad:08:5c:84:ab:8f:f6:f5:84:
                    76:d0:c4:58:be:65:05:bd:43:41:44:f3:19:2c:01:
                    ad:10:91:c1:1e:b8:c5:2a:75:1e:b8:1e:45:23:98:
                    42:29:66:4f:4e:9e:60:fa:9f:f0:ab:b6:56:5e:cb:
                    a7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:88:70:D2:8D:41:18:23:B5:21:AB:97:B9:6B:EF:D6:90:55:1F:E7
            X509v3 Authority Key Identifier:
                keyid:11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/h4hw0o1BGCO1IauXuWvv1pBVH-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.40.0/22
                IPv6:
                  2a06:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:93:d9:e7:a8:a4:cf:4e:1f:93:23:20:57:76:b7:3c:d8:75:
         9a:e9:77:b5:68:c0:5d:c5:09:cd:8a:05:13:2b:cc:e2:33:20:
         a4:05:78:08:e1:01:81:0f:ff:67:a1:59:30:bf:7a:fa:fe:93:
         65:9b:00:c1:7b:9f:52:ac:a9:e9:4b:e9:69:8f:91:a5:e9:c1:
         bc:d7:25:6e:47:be:a7:34:b5:d0:d6:1c:92:25:ae:e0:a5:31:
         2b:83:22:54:9d:92:3b:89:ba:6b:2e:da:0e:0d:9d:2a:02:26:
         cd:d8:58:bb:07:74:57:b4:9c:28:99:4e:19:44:77:9f:04:74:
         7d:e0:c0:04:08:bf:32:e3:6d:2f:47:a6:7d:67:71:69:3b:5c:
         e7:cc:8f:2a:98:60:92:47:86:30:ec:48:a8:4c:ac:d9:ed:46:
         56:20:31:be:a3:d0:1a:ba:78:8b:8e:2c:17:bb:ee:b7:e1:8a:
         4c:51:0f:2c:d8:bf:5d:a5:a2:e2:07:af:f6:c7:7e:46:9e:2b:
         a6:08:e0:8d:be:12:97:dc:47:af:67:6d:28:f2:73:19:d5:61:
         5b:01:32:d6:8d:e1:23:ef:5b:08:2e:ae:82:dd:20:07:a5:93:
         b9:47:51:d8:4b:c0:39:5a:fd:53:df:50:d3:0d:db:5c:31:44:
         e9:6b:8f:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6yKqXGQYm30E2CjKuLsTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWUwY2JiZTVkMWMwYTA5NDY1MDk1ZTQ0NGZiYzFjNzkz
MmM2ODMwHhcNMjYwMTAxMTgxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg4NzBkMjhkNDExODIzYjUyMWFiOTdiOTZiZWZkNjkwNTUxZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAzenGcRBR1tGOMVmrq3Z444+wGe
xZy1hGuFXqv7ETAK6KMIhO1Q19di8Xz2YirLziSdQRLlJq8mFtWp4QMZkcapPN48
rCGShj2VcnTu9WLYQPE6NrL48/9L4ibpGlXZhb73qjMRT1/S5nwaxZx/I4VqNJP3
GUNDbv5Ix+/YO1anF7Ra5A6hH3d4KotDAUOLiaPIYLTUedNfsjW+LFz7k+BsEMBT
bapunjpMbHjb31+OA0kF6tYX1jFIlTmEU7tC/CZxa3u/DMetCFyEq4/29YR20MRY
vmUFvUNBRPMZLAGtEJHBHrjFKnUeuB5FI5hCKWZPTp5g+p/wq7ZWXsuniwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIeIcNKNQRgjtSGrl7lr79aQVR/nMB8GA1UdIwQY
MBaAFBEeDLvl0cCglGUJXkRPvBx5MsaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3Nzgt
ZDE1ZTUxNmRjNDVjLzEvaDRodzBvMUJHQ08xSWF1WHVXdnYxcEJWSC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3NzgtZDE1ZTUxNmRjNDVj
LzEvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX0oMA0E
AgACMAcDBQMqBrfAMA0GCSqGSIb3DQEBCwUAA4IBAQAYk9nnqKTPTh+TIyBXdrc8
2HWa6Xe1aMBdxQnNigUTK8ziMyCkBXgI4QGBD/9noVkwv3r6/pNlmwDBe59SrKnp
S+lpj5Gl6cG81yVuR76nNLXQ1hySJa7gpTErgyJUnZI7ibprLtoODZ0qAibN2Fi7
B3RXtJwomU4ZRHefBHR94MAECL8y420vR6Z9Z3FpO1znzI8qmGCSR4Yw7EioTKzZ
7UZWIDG+o9AauniLjiwXu+634YpMUQ8s2L9dpaLiB6/2x35GniumCOCNvhKX3Eev
Z20o8nMZ1WFbATLWjeEj71sILq6C3SAHpZO5R1HYS8A5Wv1T31DTDdtcMUTpa49A
-----END CERTIFICATE-----