Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/iTdLQoa1ZZc0xRlTVb7cKdKcrqo.roa
File:                     iTdLQoa1ZZc0xRlTVb7cKdKcrqo.roa (raw, json)
Hash identifier:          fRXMRZJi4kfSOE38kfwPxuehxymZ8uVjjmiNFMuJgTE=
Subject key identifier:   89:37:4B:42:86:B5:65:97:34:C5:19:53:55:BE:DC:29:D2:9C:AE:AA
Certificate issuer:       /CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
Certificate serial:       019CBD83BA58C1339525800ABBFA8B7660AD
Authority key identifier: 99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/iTdLQoa1ZZc0xRlTVb7cKdKcrqo.roa
Signing time:             Thu 05 Mar 2026 10:20:52 +0000
ROA not before:           Thu 05 Mar 2026 10:20:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.194.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:83:ba:58:c1:33:95:25:80:0a:bb:fa:8b:76:60:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
        Validity
            Not Before: Mar  5 10:20:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89374b4286b5659734c5195355bedc29d29caeaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:dd:74:93:73:29:d8:68:47:f1:cc:8d:d9:0c:
                    36:53:bb:c1:6d:68:b5:d5:b7:c4:60:37:2e:02:a6:
                    5a:75:4e:dc:4f:58:96:76:92:6d:7e:69:06:66:61:
                    1b:17:3d:15:72:0f:59:4e:88:b9:8b:54:c1:fc:20:
                    82:33:01:5d:ef:a3:d0:21:da:4d:b5:8e:78:11:18:
                    bf:60:da:4f:2f:55:ec:4f:99:95:34:79:07:11:a8:
                    ac:25:c1:ea:c6:4f:4b:0b:af:97:e5:50:69:4f:bb:
                    2c:73:e1:69:b1:31:1d:91:b2:9a:8e:d0:9c:59:4a:
                    b5:bc:c6:0e:00:8c:fe:4f:0c:49:59:ba:4c:61:2d:
                    f2:30:d6:73:d2:e3:c2:2e:81:c0:3e:9d:d7:73:8f:
                    3b:89:d7:07:dc:3b:09:4c:20:b6:68:dc:40:4a:fc:
                    86:ce:36:e3:85:97:c1:2e:48:30:07:1c:c1:1f:12:
                    ba:13:4a:34:2c:b4:45:9d:68:3c:11:c1:16:49:44:
                    34:71:ba:84:3b:d2:d6:7e:a5:36:93:a7:fe:f4:df:
                    6b:4b:a2:2e:87:50:18:55:a7:e2:8b:bf:e9:6f:ec:
                    5b:8d:b9:14:45:7c:3e:bb:a3:3a:f8:47:8f:df:a7:
                    09:b8:eb:31:dd:3b:a4:02:fe:78:da:2b:76:0c:c5:
                    52:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:37:4B:42:86:B5:65:97:34:C5:19:53:55:BE:DC:29:D2:9C:AE:AA
            X509v3 Authority Key Identifier:
                keyid:99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/iTdLQoa1ZZc0xRlTVb7cKdKcrqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cf:42:c7:cf:bc:a5:ad:bb:49:76:cd:a5:ae:50:c7:99:22:
         e1:24:c7:f9:3a:03:8e:4a:b8:63:ed:99:e9:a5:42:9c:df:45:
         9e:5d:f9:42:48:f3:a9:9a:bf:f4:29:4e:4d:03:e6:9a:5f:fd:
         9a:0d:b0:96:40:b5:20:65:fc:5a:17:10:86:0b:03:6a:80:3d:
         2b:11:ce:4a:ae:ab:68:05:2e:a9:de:38:3b:e3:9d:97:86:50:
         b7:d5:96:65:5c:c3:71:96:9f:60:f1:38:2c:4b:4a:c2:0c:81:
         78:b0:dd:2c:e5:25:b2:0b:ce:ee:71:bd:7c:c0:98:b6:c1:02:
         43:1a:13:c6:58:2e:30:8d:ac:8b:71:1c:f3:ef:d4:c3:7c:b0:
         23:26:0e:74:77:50:35:be:8f:8d:c5:69:e9:0b:03:1a:82:04:
         34:84:bb:99:06:c4:0b:33:51:6d:3b:8d:01:98:0b:b9:30:77:
         fb:c6:51:6e:84:04:cf:ad:9c:0c:57:ce:e5:77:46:1e:11:71:
         17:34:05:47:7e:c2:ab:43:41:0e:2e:6e:29:12:6d:8e:f4:97:
         58:14:7f:24:a9:3d:7a:e7:97:b4:97:ca:a8:1a:6c:c2:8f:e0:
         14:e8:02:7f:24:8b:fd:ad:b6:7c:ff:7f:f8:a5:90:54:bb:d3:
         ce:cf:e8:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9g7pYwTOVJYAKu/qLdmCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YTJjMmVjZjU4YzQ0YjM1YTBkYTI5NTdmZjRkY2EyZTYw
YjY4NmEwHhcNMjYwMzA1MTAyMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM3NGI0Mjg2YjU2NTk3MzRjNTE5NTM1NWJlZGMyOWQyOWNhZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk910k3Mp2GhH8cyN2Qw2U7vBbWi1
1bfEYDcuAqZadU7cT1iWdpJtfmkGZmEbFz0Vcg9ZToi5i1TB/CCCMwFd76PQIdpN
tY54ERi/YNpPL1XsT5mVNHkHEaisJcHqxk9LC6+X5VBpT7ssc+FpsTEdkbKajtCc
WUq1vMYOAIz+TwxJWbpMYS3yMNZz0uPCLoHAPp3Xc487idcH3DsJTCC2aNxASvyG
zjbjhZfBLkgwBxzBHxK6E0o0LLRFnWg8EcEWSUQ0cbqEO9LWfqU2k6f+9N9rS6Iu
h1AYVafii7/pb+xbjbkURXw+u6M6+EeP36cJuOsx3TukAv542it2DMVSjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk3S0KGtWWXNMUZU1W+3CnSnK6qMB8GA1UdIwQY
MBaAFJmiwuz1jESzWg2ilX/03KLmC2hqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAt
ZTVkNTA3YTgyNmJmLzEvaVRkTFFvYTFaWmMweFJsVFZiN2NLZEtjcnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAtZTVkNTA3YTgyNmJm
LzEvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucJXMA0G
CSqGSIb3DQEBCwUAA4IBAQBDz0LHz7ylrbtJds2lrlDHmSLhJMf5OgOOSrhj7Znp
pUKc30WeXflCSPOpmr/0KU5NA+aaX/2aDbCWQLUgZfxaFxCGCwNqgD0rEc5Krqto
BS6p3jg7452XhlC31ZZlXMNxlp9g8TgsS0rCDIF4sN0s5SWyC87ucb18wJi2wQJD
GhPGWC4wjayLcRzz79TDfLAjJg50d1A1vo+NxWnpCwMaggQ0hLuZBsQLM1FtO40B
mAu5MHf7xlFuhATPrZwMV87ld0YeEXEXNAVHfsKrQ0EOLm4pEm2O9JdYFH8kqT16
55e0l8qoGmzCj+AU6AJ/JIv9rbZ8/3/4pZBUu9POz+j0
-----END CERTIFICATE-----