Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/axdSVqIzRJIZuL4bUaXgsCZR0GA.roa
File:                     axdSVqIzRJIZuL4bUaXgsCZR0GA.roa (raw, json)
Hash identifier:          o1y1RiYLt8sTd8RRJ89cjZcmfxt/0UhXCW4mXlZ2wPw=
Subject key identifier:   6B:17:52:56:A2:33:44:92:19:B8:BE:1B:51:A5:E0:B0:26:51:D0:60
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       019CB3C82F4BC7DA777FF1FAD1A199401399
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/axdSVqIzRJIZuL4bUaXgsCZR0GA.roa
Signing time:             Tue 03 Mar 2026 12:59:26 +0000
ROA not before:           Tue 03 Mar 2026 12:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35197
IP address blocks:        185.170.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:c8:2f:4b:c7:da:77:7f:f1:fa:d1:a1:99:40:13:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Mar  3 12:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b175256a233449219b8be1b51a5e0b02651d060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:65:39:81:d2:4f:42:75:b8:a9:ab:f6:be:87:
                    aa:2b:7d:bf:62:df:c3:aa:c5:cc:c5:f1:11:39:ea:
                    8b:3f:f5:c7:a8:05:6e:b7:c9:6c:d3:9c:dd:c3:e1:
                    94:03:c4:aa:e0:0b:57:74:e4:9d:9c:65:52:a2:32:
                    be:0e:da:37:70:ea:40:9f:5b:28:b0:96:33:dc:02:
                    da:41:e5:42:bb:c1:e3:1c:7f:a6:24:c3:55:e3:e7:
                    c9:ee:2f:4b:a5:84:ce:05:6e:14:30:d0:9c:a5:8c:
                    72:7d:bb:3d:14:a5:22:84:cd:12:81:23:36:43:2f:
                    d4:c0:53:21:84:c2:e3:fc:b0:d5:bd:f4:e2:0e:09:
                    ff:a6:95:e1:7e:85:2d:c3:98:ab:44:f3:cf:bb:05:
                    ea:c0:8e:45:5b:06:0f:43:09:a1:7e:c3:17:d1:bb:
                    60:0c:66:1a:c0:0b:ff:62:9f:92:57:0f:1f:d3:f1:
                    d8:a6:ca:0d:9b:01:48:fc:61:7f:5b:8f:3d:21:88:
                    d9:9d:2c:f3:70:84:cc:f6:6c:12:63:bd:11:4e:0d:
                    01:95:85:93:7b:4c:36:28:9b:4a:a6:4b:1c:31:e4:
                    28:c9:67:17:30:be:0d:ba:29:e9:b5:a8:6f:5a:bc:
                    fc:d9:48:8b:99:c9:21:f8:b7:39:af:ab:2e:2c:03:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:17:52:56:A2:33:44:92:19:B8:BE:1B:51:A5:E0:B0:26:51:D0:60
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/axdSVqIzRJIZuL4bUaXgsCZR0GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:0a:c1:16:8a:80:52:c6:a1:e3:be:b9:22:f8:1a:7d:be:80:
         5c:8c:7a:aa:f6:55:43:db:a3:b5:da:02:fa:4b:72:af:ca:73:
         c7:a5:69:ea:55:0b:9b:8a:ed:42:a2:8b:6f:e3:61:c8:38:5c:
         72:8b:d0:39:7d:ec:46:2e:16:94:25:a4:7b:7f:0f:2c:29:9a:
         15:16:10:ed:45:81:81:f5:d1:26:9e:f5:97:97:6e:80:b7:5e:
         4f:b3:ed:ae:c9:14:1f:ef:b1:d5:9f:12:a6:c9:cd:b3:d8:2d:
         d1:c6:1a:0c:6c:97:85:75:b9:0c:a7:0a:68:06:cc:6f:b3:4d:
         e7:42:87:5d:e4:b0:a8:f7:94:18:01:5c:0a:9a:f9:bc:af:94:
         3e:d5:bb:8e:72:be:88:d2:2a:31:af:75:7c:87:f2:8a:19:dc:
         d1:b3:7a:05:09:be:d3:79:62:8b:52:6a:75:fa:22:f9:19:7f:
         11:de:d6:e1:29:0f:29:30:f5:98:0e:76:70:bd:07:03:91:b5:
         33:b0:38:e1:59:01:1a:79:4f:16:64:99:60:e3:70:98:18:e2:
         8a:b6:72:80:7e:41:fc:52:a5:cf:9d:dc:55:b9:6f:cf:f8:da:
         56:77:04:d6:83:d7:cf:04:91:4d:f9:e8:2b:67:db:7a:a2:d3:
         46:5f:69:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzyC9Lx9p3f/H60aGZQBOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjYwMzAzMTI1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjE3NTI1NmEyMzM0NDkyMTliOGJlMWI1MWE1ZTBiMDI2NTFkMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmU5gdJPQnW4qav2voeqK32/Yt/D
qsXMxfEROeqLP/XHqAVut8ls05zdw+GUA8Sq4AtXdOSdnGVSojK+Dto3cOpAn1so
sJYz3ALaQeVCu8HjHH+mJMNV4+fJ7i9LpYTOBW4UMNCcpYxyfbs9FKUihM0SgSM2
Qy/UwFMhhMLj/LDVvfTiDgn/ppXhfoUtw5irRPPPuwXqwI5FWwYPQwmhfsMX0btg
DGYawAv/Yp+SVw8f0/HYpsoNmwFI/GF/W489IYjZnSzzcITM9mwSY70RTg0BlYWT
e0w2KJtKpkscMeQoyWcXML4NuinptahvWrz82UiLmckh+Lc5r6suLANYJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsXUlaiM0SSGbi+G1Gl4LAmUdBgMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvYXhkU1ZxSXpSSkladUw0YlVhWGdzQ1pSMEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqDMA0G
CSqGSIb3DQEBCwUAA4IBAQBrCsEWioBSxqHjvrki+Bp9voBcjHqq9lVD26O12gL6
S3KvynPHpWnqVQubiu1Cootv42HIOFxyi9A5fexGLhaUJaR7fw8sKZoVFhDtRYGB
9dEmnvWXl26At15Ps+2uyRQf77HVnxKmyc2z2C3RxhoMbJeFdbkMpwpoBsxvs03n
Qodd5LCo95QYAVwKmvm8r5Q+1buOcr6I0ioxr3V8h/KKGdzRs3oFCb7TeWKLUmp1
+iL5GX8R3tbhKQ8pMPWYDnZwvQcDkbUzsDjhWQEaeU8WZJlg43CYGOKKtnKAfkH8
UqXPndxVuW/P+NpWdwTWg9fPBJFN+egrZ9t6otNGX2lc
-----END CERTIFICATE-----