Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/U0apLFpP69_tXdLzda-grKolMoc.roa
File:                     U0apLFpP69_tXdLzda-grKolMoc.roa (raw, json)
Hash identifier:          luYwz0PpHAMPxJN+VQDVTHVznpwlv94vqvOyZ0l/JsM=
Subject key identifier:   53:46:A9:2C:5A:4F:EB:DF:ED:5D:D2:F3:75:AF:A0:AC:AA:25:32:87
Certificate issuer:       /CN=5bd8d72b1cbfc67c379ad9a92c66fac6c8d3233a
Certificate serial:       019DDE28CF5FF5F0E51B1952A24E98D77F6D
Authority key identifier: 5B:D8:D7:2B:1C:BF:C6:7C:37:9A:D9:A9:2C:66:FA:C6:C8:D3:23:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/U0apLFpP69_tXdLzda-grKolMoc.roa
Signing time:             Thu 30 Apr 2026 11:31:49 +0000
ROA not before:           Thu 30 Apr 2026 11:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206281
IP address blocks:        185.177.144.0/22 maxlen: 22
                          185.177.144.0/24 maxlen: 24
                          2a0a:4f80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:28:cf:5f:f5:f0:e5:1b:19:52:a2:4e:98:d7:7f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bd8d72b1cbfc67c379ad9a92c66fac6c8d3233a
        Validity
            Not Before: Apr 30 11:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5346a92c5a4febdfed5dd2f375afa0acaa253287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7b:c6:ce:e9:02:22:07:cc:5a:af:94:1f:b2:
                    61:1b:2f:2e:05:32:50:38:05:6a:27:c6:62:be:12:
                    77:b9:83:d2:cd:03:fb:b4:68:94:7d:0b:c3:63:8e:
                    bd:3c:58:9c:ce:7c:64:f0:d4:7c:31:69:1c:e7:dc:
                    44:09:f5:c1:cc:60:f5:fd:19:e6:eb:df:dd:19:8f:
                    b9:ef:cd:23:ab:5d:1c:a4:a2:ba:25:c5:e5:a2:87:
                    38:aa:4a:ce:c3:cb:41:fe:06:f1:9a:db:86:0f:c2:
                    47:c4:1c:b5:ee:73:98:a4:d3:88:c0:04:7c:9b:73:
                    a9:7f:45:10:a7:9f:80:7c:3d:3b:88:6f:41:5a:41:
                    38:8a:01:7f:f7:dd:13:1f:b4:b5:34:03:c5:14:a0:
                    05:27:83:1a:bf:a4:52:28:13:dd:75:47:a4:3d:d7:
                    b9:c7:ee:1b:27:04:40:0b:42:1b:86:e7:54:60:bb:
                    bb:2c:88:3c:cb:ea:9d:85:fd:df:10:d5:62:4a:9b:
                    ff:43:52:eb:e6:4f:85:f3:e5:5a:b5:83:56:a1:a9:
                    31:25:e1:d9:a1:97:d0:ac:3f:cb:3d:af:ab:8b:d9:
                    d8:97:95:c7:43:02:fe:07:3a:67:db:90:a8:55:6a:
                    87:95:62:52:99:ee:e7:6b:33:db:da:d0:51:3c:16:
                    28:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:46:A9:2C:5A:4F:EB:DF:ED:5D:D2:F3:75:AF:A0:AC:AA:25:32:87
            X509v3 Authority Key Identifier:
                keyid:5B:D8:D7:2B:1C:BF:C6:7C:37:9A:D9:A9:2C:66:FA:C6:C8:D3:23:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/U0apLFpP69_tXdLzda-grKolMoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.144.0/22
                IPv6:
                  2a0a:4f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:85:e9:e8:b7:ee:fb:50:aa:77:d7:06:9f:71:c7:17:3e:38:
         16:99:df:db:8e:54:15:5d:b3:a7:48:47:4d:15:88:4f:8c:2d:
         42:88:88:58:35:70:eb:72:ab:17:81:1e:60:9f:ad:d1:9b:9d:
         fb:ff:8a:4a:c2:62:df:66:64:8a:0d:fb:64:4f:18:72:e8:ae:
         4f:79:50:12:e9:77:82:fd:88:02:b4:8f:46:09:6e:0f:89:c8:
         94:e7:66:eb:f9:b8:6c:48:1b:7a:48:ff:01:e6:d2:c4:e2:12:
         b9:01:bf:5f:78:f0:b7:60:9d:6e:ce:e9:b6:01:84:12:07:5d:
         f7:97:6f:62:8b:4b:b3:55:e8:1d:b7:d7:01:d8:5e:33:e6:89:
         e6:26:01:85:75:0f:84:12:97:ca:01:b4:e4:34:f0:6c:68:b3:
         06:55:a2:93:31:b0:de:03:96:b5:c9:28:19:4d:c5:19:e1:44:
         2d:c8:4b:a9:2f:85:23:f3:07:75:36:f2:33:f7:e7:2c:e1:12:
         05:19:60:64:7f:2a:3e:6b:33:fe:fd:12:2a:9c:95:c5:99:14:
         f0:f7:30:ff:73:c4:8a:f9:45:9d:cc:d5:aa:26:28:0e:24:1f:
         c4:98:67:95:00:bc:c5:6e:5a:f6:b3:60:29:98:69:90:38:1e:
         a2:11:2e:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3eKM9f9fDlGxlSok6Y139tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDhkNzJiMWNiZmM2N2MzNzlhZDlhOTJjNjZmYWM2Yzhk
MzIzM2EwHhcNMjYwNDMwMTEzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ2YTkyYzVhNGZlYmRmZWQ1ZGQyZjM3NWFmYTBhY2FhMjUzMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HvGzukCIgfMWq+UH7JhGy8uBTJQ
OAVqJ8ZivhJ3uYPSzQP7tGiUfQvDY469PFicznxk8NR8MWkc59xECfXBzGD1/Rnm
69/dGY+5780jq10cpKK6JcXlooc4qkrOw8tB/gbxmtuGD8JHxBy17nOYpNOIwAR8
m3Opf0UQp5+AfD07iG9BWkE4igF/990TH7S1NAPFFKAFJ4Mav6RSKBPddUekPde5
x+4bJwRAC0IbhudUYLu7LIg8y+qdhf3fENViSpv/Q1Lr5k+F8+VatYNWoakxJeHZ
oZfQrD/LPa+ri9nYl5XHQwL+Bzpn25CoVWqHlWJSme7nazPb2tBRPBYoywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFNGqSxaT+vf7V3S83WvoKyqJTKHMB8GA1UdIwQY
MBaAFFvY1yscv8Z8N5rZqSxm+sbI0yM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlqWEt4eV94bnczbXRtcExHYjZ4c2pUSXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kMjk2YTgtYTViMS00YTM0LTgxMjgt
ODkzNTllNzgzMjI0LzEvVTBhcExGcFA2OV90WGRMemRhLWdyS29sTW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kMjk2YTgtYTViMS00YTM0LTgxMjgtODkzNTllNzgzMjI0
LzEvVzlqWEt4eV94bnczbXRtcExHYjZ4c2pUSXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubGQMA0E
AgACMAcDBQAqCk+AMA0GCSqGSIb3DQEBCwUAA4IBAQCihenot+77UKp31wafcccX
PjgWmd/bjlQVXbOnSEdNFYhPjC1CiIhYNXDrcqsXgR5gn63Rm537/4pKwmLfZmSK
DftkTxhy6K5PeVAS6XeC/YgCtI9GCW4PiciU52br+bhsSBt6SP8B5tLE4hK5Ab9f
ePC3YJ1uzum2AYQSB133l29ii0uzVegdt9cB2F4z5onmJgGFdQ+EEpfKAbTkNPBs
aLMGVaKTMbDeA5a1ySgZTcUZ4UQtyEupL4Uj8wd1NvIz9+cs4RIFGWBkfyo+azP+
/RIqnJXFmRTw9zD/c8SK+UWdzNWqJigOJB/EmGeVALzFblr2s2ApmGmQOB6iES4C
-----END CERTIFICATE-----