Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/3MlUdopr6E83tKgyGGmx8TV_EbE.roa
File:                     3MlUdopr6E83tKgyGGmx8TV_EbE.roa (raw, json)
Hash identifier:          LWe3y+g7hOYE1BmFocJEJPvXXI4WmcCEwh4a7CwwJOA=
Subject key identifier:   DC:C9:54:76:8A:6B:E8:4F:37:B4:A8:32:18:69:B1:F1:35:7F:11:B1
Certificate issuer:       /CN=b16c22dd012e2693069864fa9576325c373f164a
Certificate serial:       01993296D86B5949FAB11DCC58B85F80079C
Authority key identifier: B1:6C:22:DD:01:2E:26:93:06:98:64:FA:95:76:32:5C:37:3F:16:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/3MlUdopr6E83tKgyGGmx8TV_EbE.roa
Signing time:             Wed 10 Sep 2025 07:46:10 +0000
ROA not before:           Wed 10 Sep 2025 07:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200858
IP address blocks:        185.78.64.0/22 maxlen: 22
                          185.131.212.0/22 maxlen: 22
                          2a06:de40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:96:d8:6b:59:49:fa:b1:1d:cc:58:b8:5f:80:07:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16c22dd012e2693069864fa9576325c373f164a
        Validity
            Not Before: Sep 10 07:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcc954768a6be84f37b4a8321869b1f1357f11b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:7a:58:9d:2b:e6:b8:e8:f0:ed:00:2e:53:
                    61:5e:99:5c:76:44:2a:96:99:58:62:22:66:94:0b:
                    ef:6a:13:ff:da:cb:bd:71:54:16:9c:07:74:fb:77:
                    24:d7:63:1f:5a:d3:cd:90:77:ce:1c:03:b1:30:92:
                    91:5e:cd:7b:b2:bf:20:e9:eb:e6:4a:3d:66:34:4a:
                    19:47:89:5e:51:fd:90:c2:36:6e:62:ed:ed:77:c9:
                    c2:6e:66:4c:be:73:14:9f:96:95:f8:2c:8e:01:d0:
                    2e:3f:a5:73:47:72:44:12:00:e8:90:c1:73:a6:fa:
                    30:16:38:a0:9a:de:7e:a8:15:01:6c:a1:70:8a:7b:
                    3e:66:a5:66:7b:33:a7:23:cf:4b:b6:dc:4c:dd:33:
                    9a:b6:94:2d:46:a3:34:5d:0f:1a:73:72:1e:f4:a8:
                    69:7b:12:63:15:ac:4f:d5:e0:ea:75:5d:9f:31:d8:
                    13:42:62:5f:c4:23:12:ae:f0:8d:2c:db:eb:36:27:
                    c1:cb:c2:53:dd:49:fc:93:b8:de:a6:74:3d:4c:dd:
                    e3:63:d3:b6:74:52:3c:ef:39:52:08:83:4b:41:3e:
                    a1:8c:d2:80:4b:66:80:56:5d:b1:81:9a:bf:9d:54:
                    22:b0:a9:46:73:6d:11:d4:cc:b2:6e:ec:7c:39:a9:
                    6d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C9:54:76:8A:6B:E8:4F:37:B4:A8:32:18:69:B1:F1:35:7F:11:B1
            X509v3 Authority Key Identifier:
                keyid:B1:6C:22:DD:01:2E:26:93:06:98:64:FA:95:76:32:5C:37:3F:16:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/3MlUdopr6E83tKgyGGmx8TV_EbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.64.0/22
                  185.131.212.0/22
                IPv6:
                  2a06:de40::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:fd:c7:b6:38:db:98:16:0f:dc:3e:7c:d7:86:3a:3e:58:0f:
         ac:58:eb:b6:04:ad:e8:3e:22:26:b0:3b:41:34:91:77:cc:16:
         f2:c8:36:9c:7e:0c:53:65:e8:7b:ab:47:9e:62:3d:8b:89:ca:
         b7:4a:54:81:de:d1:9c:37:73:a2:ee:45:eb:19:91:ac:b8:64:
         d2:bd:71:62:8c:20:a3:b1:11:53:7f:62:56:e3:19:cc:05:87:
         6c:8d:d1:bb:b5:64:d9:61:c1:70:91:51:f5:1c:3c:cc:c8:93:
         6f:0e:cc:db:30:94:80:05:83:a9:f3:7b:18:55:95:95:f8:b5:
         34:ba:d6:2b:9d:30:89:4e:2a:e0:c5:28:33:70:e2:44:b5:63:
         f3:e6:1d:42:41:ae:f6:1a:bf:76:ba:29:64:ca:f8:21:70:40:
         73:37:d9:e2:7b:4b:00:46:1f:d9:a4:51:4e:50:26:c0:60:5a:
         2a:48:a4:62:72:35:45:e4:58:a7:09:57:62:4d:0f:53:63:50:
         de:21:e3:5f:7b:c8:ad:ba:4b:d0:32:f5:97:44:0a:f7:e9:b2:
         2a:37:19:98:c9:d4:03:bc:19:4f:62:74:1a:52:41:b2:33:23:
         ea:e7:57:21:fa:0f:12:af:9e:57:50:86:ac:78:18:b3:c5:b2:
         2c:95:47:c4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkylthrWUn6sR3MWLhfgAecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNmMyMmRkMDEyZTI2OTMwNjk4NjRmYTk1NzYzMjVjMzcz
ZjE2NGEwHhcNMjUwOTEwMDc0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2M5NTQ3NjhhNmJlODRmMzdiNGE4MzIxODY5YjFmMTM1N2YxMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIJ6WJ0r5rjo8O0ALlNhXplcdkQq
lplYYiJmlAvvahP/2su9cVQWnAd0+3ck12MfWtPNkHfOHAOxMJKRXs17sr8g6evm
Sj1mNEoZR4leUf2QwjZuYu3td8nCbmZMvnMUn5aV+CyOAdAuP6VzR3JEEgDokMFz
pvowFjigmt5+qBUBbKFwins+ZqVmezOnI89LttxM3TOatpQtRqM0XQ8ac3Ie9Khp
exJjFaxP1eDqdV2fMdgTQmJfxCMSrvCNLNvrNifBy8JT3Un8k7jepnQ9TN3jY9O2
dFI87zlSCINLQT6hjNKAS2aAVl2xgZq/nVQisKlGc20R1Myybux8OaltwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNzJVHaKa+hPN7SoMhhpsfE1fxGxMB8GA1UdIwQY
MBaAFLFsIt0BLiaTBphk+pV2Mlw3PxZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1d3aTNRRXVKcE1HbUdUNmxYWXlYRGNfRmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wYzc2NmUtZjMzMi00MjNjLThjODYt
ODYzMTQ3ZTQ2NGIxLzEvM01sVWRvcHI2RTgzdEtneUdHbXg4VFZfRWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wYzc2NmUtZjMzMi00MjNjLThjODYtODYzMTQ3ZTQ2NGIx
LzEvc1d3aTNRRXVKcE1HbUdUNmxYWXlYRGNfRmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuU5AAwQC
uYPUMA0EAgACMAcDBQMqBt5AMA0GCSqGSIb3DQEBCwUAA4IBAQDE/ce2ONuYFg/c
PnzXhjo+WA+sWOu2BK3oPiImsDtBNJF3zBbyyDacfgxTZeh7q0eeYj2Licq3SlSB
3tGcN3Oi7kXrGZGsuGTSvXFijCCjsRFTf2JW4xnMBYdsjdG7tWTZYcFwkVH1HDzM
yJNvDszbMJSABYOp83sYVZWV+LU0utYrnTCJTirgxSgzcOJEtWPz5h1CQa72Gr92
uilkyvghcEBzN9nie0sARh/ZpFFOUCbAYFoqSKRicjVF5FinCVdiTQ9TY1DeIeNf
e8itukvQMvWXRAr36bIqNxmYydQDvBlPYnQaUkGyMyPq51ch+g8Sr55XUIaseBiz
xbIslUfE
-----END CERTIFICATE-----