Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/DYss90R4HIuww1mW6-7xbEjXb4M.roa
File:                     DYss90R4HIuww1mW6-7xbEjXb4M.roa (raw, json)
Hash identifier:          UMw2Vyr1TU50SIq5R3Ka5Y9X/0d1jW9A+sz46TwWuew=
Subject key identifier:   0D:8B:2C:F7:44:78:1C:8B:B0:C3:59:96:EB:EE:F1:6C:48:D7:6F:83
Certificate issuer:       /CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
Certificate serial:       019CD7CBB4AE9013E5D09EEC9FB97CE8DDE0
Authority key identifier: F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/DYss90R4HIuww1mW6-7xbEjXb4M.roa
Signing time:             Tue 10 Mar 2026 12:49:37 +0000
ROA not before:           Tue 10 Mar 2026 12:49:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31673
IP address blocks:        185.185.164.0/22 maxlen: 24
                          2a0b:5a80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:cb:b4:ae:90:13:e5:d0:9e:ec:9f:b9:7c:e8:dd:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
        Validity
            Not Before: Mar 10 12:49:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d8b2cf744781c8bb0c35996ebeef16c48d76f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c0:3b:f1:5e:fd:e7:9c:61:39:64:4c:49:26:
                    93:33:ab:01:f9:5e:55:7a:0f:86:f7:18:a1:e4:ee:
                    f8:9b:b5:29:e6:42:bb:dd:57:44:41:5e:84:e9:e0:
                    f4:93:de:d0:5b:2e:0c:85:7e:1d:e6:4c:d4:60:6d:
                    d8:33:10:d6:0d:96:e5:2b:e3:f9:00:70:ba:ba:74:
                    aa:a5:37:fb:83:e5:d7:be:44:57:5f:98:a4:6e:78:
                    98:35:5e:2e:10:30:e6:27:ef:19:73:ea:37:af:ec:
                    99:2d:c1:31:93:3b:8f:51:29:18:7e:11:d2:b8:70:
                    07:20:77:aa:42:83:d3:2f:8e:7f:7f:7a:6f:c7:e5:
                    c9:32:bb:d9:7f:a2:cf:0f:d7:67:a2:03:18:76:d1:
                    31:ec:c7:c6:d9:26:f5:d8:2d:f9:79:cf:cb:a3:e1:
                    b1:bf:69:85:31:cc:b3:35:e8:38:23:1f:c4:b4:f8:
                    86:a1:d3:e6:12:7e:89:5d:62:23:3d:4d:e8:fa:81:
                    eb:a8:6c:d5:7a:fb:63:ce:41:8f:ae:39:10:4e:aa:
                    73:e0:78:10:c3:60:4d:38:1e:89:ab:93:4f:b6:5f:
                    3d:50:b1:72:08:95:a5:4b:01:6f:4b:3a:9b:5a:d3:
                    c5:cc:c9:77:c0:02:2d:f2:f7:b8:83:40:f0:5a:ab:
                    90:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8B:2C:F7:44:78:1C:8B:B0:C3:59:96:EB:EE:F1:6C:48:D7:6F:83
            X509v3 Authority Key Identifier:
                keyid:F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/DYss90R4HIuww1mW6-7xbEjXb4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.164.0/22
                IPv6:
                  2a0b:5a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:5a:6d:7f:c7:16:48:1d:d3:95:33:9e:f1:b2:6f:b6:a7:07:
         89:cf:a7:e8:3f:af:1a:df:4e:f4:c9:18:1b:eb:a5:db:e8:83:
         3f:69:45:a1:40:13:ed:91:f4:85:12:f1:d9:6e:3f:c6:ef:06:
         df:96:e6:f1:55:9f:ec:3d:8d:e5:22:82:01:e9:a0:e6:e1:9a:
         b4:2c:c8:06:dc:44:46:a4:39:b5:72:9c:bd:f5:c6:65:37:e3:
         2c:75:df:a1:1e:28:ac:74:29:46:fe:f6:03:ac:9c:fb:2b:c9:
         b9:0d:5d:d2:83:26:90:c6:86:e0:e1:87:22:fe:6f:91:fc:cc:
         cc:50:6a:e4:e7:79:eb:d3:4c:90:ca:42:d0:3a:8b:1b:d6:cd:
         ad:80:d3:a7:55:b5:73:5a:a3:81:6a:4d:07:12:1b:b9:35:57:
         8c:f3:9a:9e:6d:ba:03:7e:ef:b7:8c:b9:4d:b2:67:b9:07:45:
         54:f2:ac:f6:9b:67:24:79:b7:df:e0:3d:a7:1e:d1:44:8a:7c:
         15:58:46:82:87:1b:cf:aa:58:be:15:82:e6:91:b4:3a:11:08:
         f0:e4:c0:d8:7e:5e:5e:ea:a7:3f:45:ef:88:96:28:88:41:0d:
         f8:16:60:2f:4f:5e:40:76:40:2a:81:b0:7f:69:53:66:dc:03:
         71:02:07:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzXy7SukBPl0J7sn7l86N3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTFhYjMyNDVmZjg5NWE3MmRkNmZmMDc0M2MzNzdiNmYw
Zjg5YTYwHhcNMjYwMzEwMTI0OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDhiMmNmNzQ0NzgxYzhiYjBjMzU5OTZlYmVlZjE2YzQ4ZDc2ZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8A78V7955xhOWRMSSaTM6sB+V5V
eg+G9xih5O74m7Up5kK73VdEQV6E6eD0k97QWy4MhX4d5kzUYG3YMxDWDZblK+P5
AHC6unSqpTf7g+XXvkRXX5ikbniYNV4uEDDmJ+8Zc+o3r+yZLcExkzuPUSkYfhHS
uHAHIHeqQoPTL45/f3pvx+XJMrvZf6LPD9dnogMYdtEx7MfG2Sb12C35ec/Lo+Gx
v2mFMcyzNeg4Ix/EtPiGodPmEn6JXWIjPU3o+oHrqGzVevtjzkGPrjkQTqpz4HgQ
w2BNOB6Jq5NPtl89ULFyCJWlSwFvSzqbWtPFzMl3wAIt8ve4g0DwWquQFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA2LLPdEeByLsMNZluvu8WxI12+DMB8GA1UdIwQY
MBaAFPaRqzJF/4lact1v8HQ8N3tvD4mmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUt
ZGZlM2M0YzUyODhjLzEvRFlzczkwUjRISXV3dzFtVzYtN3hiRWpYYjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUtZGZlM2M0YzUyODhj
LzEvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubmkMA0E
AgACMAcDBQMqC1qAMA0GCSqGSIb3DQEBCwUAA4IBAQBzWm1/xxZIHdOVM57xsm+2
pweJz6foP68a3070yRgb66Xb6IM/aUWhQBPtkfSFEvHZbj/G7wbflubxVZ/sPY3l
IoIB6aDm4Zq0LMgG3ERGpDm1cpy99cZlN+Msdd+hHiisdClG/vYDrJz7K8m5DV3S
gyaQxobg4Yci/m+R/MzMUGrk53nr00yQykLQOosb1s2tgNOnVbVzWqOBak0HEhu5
NVeM85qebboDfu+3jLlNsme5B0VU8qz2m2ckebff4D2nHtFEinwVWEaChxvPqli+
FYLmkbQ6EQjw5MDYfl5e6qc/Re+IliiIQQ34FmAvT15AdkAqgbB/aVNm3ANxAgfW
-----END CERTIFICATE-----