Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/0opcnqgGubzmysjCmgsy1w2Z93A.roa
File:                     0opcnqgGubzmysjCmgsy1w2Z93A.roa (raw, json)
Hash identifier:          /1gFN6Q5hSb3O2AyPzhVJtZmgB0j29PnyY1ChQtSMBw=
Subject key identifier:   D2:8A:5C:9E:A8:06:B9:BC:E6:CA:C8:C2:9A:0B:32:D7:0D:99:F7:70
Certificate issuer:       /CN=2cb178fc335df01543728e29b78e9528ef1f5f6e
Certificate serial:       019DBB14F8B2A434D88C86DD86ED7F25DADA
Authority key identifier: 2C:B1:78:FC:33:5D:F0:15:43:72:8E:29:B7:8E:95:28:EF:1F:5F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/0opcnqgGubzmysjCmgsy1w2Z93A.roa
Signing time:             Thu 23 Apr 2026 16:03:26 +0000
ROA not before:           Thu 23 Apr 2026 16:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215930
IP address blocks:        185.166.92.0/24 maxlen: 24
                          2001:3b80:d000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:14:f8:b2:a4:34:d8:8c:86:dd:86:ed:7f:25:da:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cb178fc335df01543728e29b78e9528ef1f5f6e
        Validity
            Not Before: Apr 23 16:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d28a5c9ea806b9bce6cac8c29a0b32d70d99f770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4b:5b:f0:04:b3:93:3d:47:e9:b9:0e:6e:bf:
                    1b:d1:ff:77:38:29:1b:3f:07:a2:46:a9:d0:3c:b0:
                    9d:6a:d4:0e:f1:3f:8a:a6:0d:0a:44:26:2e:6d:17:
                    b4:ff:d2:0e:6c:e8:b4:67:1d:60:95:fe:69:e2:f8:
                    68:c3:3c:3d:86:ba:18:fe:63:f5:cb:a9:07:a8:34:
                    26:e8:57:89:21:7b:b5:2c:c4:d9:b2:97:e0:b5:9a:
                    ee:ca:d3:e0:cc:90:7f:b8:df:d2:2c:d4:bc:82:8a:
                    7e:e6:dc:cb:52:e9:29:b1:48:b3:5e:de:90:95:d0:
                    fb:e2:5e:35:92:49:b3:d1:de:7e:8b:f9:b0:c1:2c:
                    43:a9:5b:ee:b2:9c:26:d5:9c:7d:62:9b:ad:c7:6b:
                    8f:fa:30:4f:66:5b:7f:dd:c9:13:c6:90:75:56:ed:
                    89:dd:c3:b3:69:c0:c1:37:4b:ff:98:73:13:b4:31:
                    8f:b7:64:ef:21:2b:1e:c7:c4:03:0e:75:19:80:9f:
                    94:ed:2f:01:5e:a1:85:eb:82:af:3b:c6:af:c1:69:
                    6d:c5:11:13:6d:9c:6d:91:02:0b:6d:01:f6:c9:d0:
                    fe:f3:54:d2:ca:95:b3:49:e0:a3:5a:64:bd:c8:20:
                    d7:d0:50:4f:f6:2f:4c:28:7a:51:9c:83:88:2c:c3:
                    6f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8A:5C:9E:A8:06:B9:BC:E6:CA:C8:C2:9A:0B:32:D7:0D:99:F7:70
            X509v3 Authority Key Identifier:
                keyid:2C:B1:78:FC:33:5D:F0:15:43:72:8E:29:B7:8E:95:28:EF:1F:5F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/0opcnqgGubzmysjCmgsy1w2Z93A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.92.0/24
                IPv6:
                  2001:3b80:d000::/36

    Signature Algorithm: sha256WithRSAEncryption
         37:ed:74:df:ee:79:8f:57:46:b5:b5:be:9f:72:49:46:89:43:
         59:a6:b8:cf:bd:dc:48:ad:18:9a:a6:90:97:93:5f:19:f2:9d:
         ad:d9:09:a6:ff:f5:8b:af:54:b7:92:c1:1a:f3:d2:b2:1c:8e:
         45:9e:31:09:65:b3:ad:4c:b1:e9:b4:f3:bb:05:66:6e:db:0e:
         5a:cb:7b:ca:ca:47:f6:70:a7:a8:8b:ba:32:c5:ba:9f:eb:37:
         08:61:2d:77:8b:6a:26:e7:d6:cd:78:08:1c:8c:25:8b:a8:ce:
         e4:64:5c:fc:d1:ec:ed:8d:b0:c9:9d:83:d2:27:f8:c5:b8:af:
         c2:2f:8e:5f:51:6d:1d:88:f3:82:ef:f3:52:ce:5a:11:90:68:
         3f:6c:94:db:bc:10:82:ad:04:39:37:96:59:d8:dc:99:55:0f:
         59:65:45:9e:f5:27:dc:be:97:85:98:01:10:51:69:33:64:ac:
         e9:32:72:81:f8:1c:72:ba:0b:d8:16:ca:53:aa:ce:7c:6b:63:
         9f:47:db:a9:e8:d7:bc:9d:32:3c:e2:4f:6b:ea:16:aa:40:2a:
         45:de:cf:6e:bf:86:b6:0d:03:eb:d4:8a:21:65:f3:d7:f8:82:
         e7:c8:5c:b7:b7:12:e1:c8:95:15:33:bb:fe:aa:cc:a7:4a:42:
         a3:5c:c2:bf
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ27FPiypDTYjIbdhu1/JdraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYjE3OGZjMzM1ZGYwMTU0MzcyOGUyOWI3OGU5NTI4ZWYx
ZjVmNmUwHhcNMjYwNDIzMTYwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhhNWM5ZWE4MDZiOWJjZTZjYWM4YzI5YTBiMzJkNzBkOTlmNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00tb8ASzkz1H6bkObr8b0f93OCkb
PweiRqnQPLCdatQO8T+Kpg0KRCYubRe0/9IObOi0Zx1glf5p4vhowzw9hroY/mP1
y6kHqDQm6FeJIXu1LMTZspfgtZruytPgzJB/uN/SLNS8gop+5tzLUukpsUizXt6Q
ldD74l41kkmz0d5+i/mwwSxDqVvuspwm1Zx9Yputx2uP+jBPZlt/3ckTxpB1Vu2J
3cOzacDBN0v/mHMTtDGPt2TvISsex8QDDnUZgJ+U7S8BXqGF64KvO8avwWltxRET
bZxtkQILbQH2ydD+81TSypWzSeCjWmS9yCDX0FBP9i9MKHpRnIOILMNvowIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNKKXJ6oBrm85srIwpoLMtcNmfdwMB8GA1UdIwQY
MBaAFCyxePwzXfAVQ3KOKbeOlSjvH19uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTExGNF9ETmQ4QlZEY280cHQ0NlZLTzhmWDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lZWEzMzAtZTViZS00ZjIyLWIxMWIt
MGY3OTY0MzIxY2UxLzEvMG9wY25xZ0d1YnpteXNqQ21nc3kxdzJaOTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lZWEzMzAtZTViZS00ZjIyLWIxMWItMGY3OTY0MzIxY2Ux
LzEvTExGNF9ETmQ4QlZEY280cHQ0NlZLTzhmWDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuaZcMA4E
AgACMAgDBgQgATuA0DANBgkqhkiG9w0BAQsFAAOCAQEAN+103+55j1dGtbW+n3JJ
RolDWaa4z73cSK0YmqaQl5NfGfKdrdkJpv/1i69Ut5LBGvPSshyORZ4xCWWzrUyx
6bTzuwVmbtsOWst7yspH9nCnqIu6MsW6n+s3CGEtd4tqJufWzXgIHIwli6jO5GRc
/NHs7Y2wyZ2D0if4xbivwi+OX1FtHYjzgu/zUs5aEZBoP2yU27wQgq0EOTeWWdjc
mVUPWWVFnvUn3L6XhZgBEFFpM2Ss6TJygfgccroL2BbKU6rOfGtjn0fbqejXvJ0y
POJPa+oWqkAqRd7Pbr+Gtg0D69SKIWXz1/iC58hct7cS4ciVFTO7/qrMp0pCo1zC
vw==
-----END CERTIFICATE-----