Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/2aEEFS3prrbS1dalngjss8ZGfSE.roa
File:                     2aEEFS3prrbS1dalngjss8ZGfSE.roa (raw, json)
Hash identifier:          C7TbE8+4+XUsKfnU1RvCd/kxii8rFR7Ig75M/Wtilmg=
Subject key identifier:   D9:A1:04:15:2D:E9:AE:B6:D2:D5:D6:A5:9E:08:EC:B3:C6:46:7D:21
Certificate issuer:       /CN=06e9a1309fbb9ce06bc4e158bc0b352ee4c8844c
Certificate serial:       019DB9975BA4C14122ACAB3DDD27AED20998
Authority key identifier: 06:E9:A1:30:9F:BB:9C:E0:6B:C4:E1:58:BC:0B:35:2E:E4:C8:84:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BumhMJ-7nOBrxOFYvAs1LuTIhEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/2aEEFS3prrbS1dalngjss8ZGfSE.roa
Signing time:             Thu 23 Apr 2026 09:06:37 +0000
ROA not before:           Thu 23 Apr 2026 09:06:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199645
IP address blocks:        185.2.16.0/22 maxlen: 22
                          2a02:c100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/BumhMJ-7nOBrxOFYvAs1LuTIhEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/BumhMJ-7nOBrxOFYvAs1LuTIhEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BumhMJ-7nOBrxOFYvAs1LuTIhEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:97:5b:a4:c1:41:22:ac:ab:3d:dd:27:ae:d2:09:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06e9a1309fbb9ce06bc4e158bc0b352ee4c8844c
        Validity
            Not Before: Apr 23 09:06:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9a104152de9aeb6d2d5d6a59e08ecb3c6467d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f1:d7:5d:fe:ec:56:d8:e4:f4:46:9c:0c:2b:
                    11:67:b9:d7:8d:3d:1a:7c:24:c5:17:6c:92:0b:8d:
                    43:7a:79:00:06:b1:d2:82:2f:6c:aa:39:26:a0:52:
                    a2:79:dc:48:b9:51:03:83:52:d6:4f:63:24:e6:4b:
                    05:55:2a:7b:b0:b5:21:15:d7:a7:7f:a0:96:5e:d5:
                    90:0b:b5:7a:9d:57:ed:48:bb:e0:0e:e2:82:4d:20:
                    70:6f:79:29:92:53:f4:0a:20:83:40:6b:38:3f:9f:
                    1a:22:64:b9:7f:3d:1f:b6:eb:0c:02:1e:29:4b:09:
                    99:65:fe:ed:8c:44:f8:49:67:2c:81:11:77:33:df:
                    bb:25:98:c7:41:0d:9a:df:56:4d:f7:be:b7:20:15:
                    df:15:70:91:f8:43:b3:ec:a0:8a:13:4d:da:2e:98:
                    62:5b:c3:30:3a:42:0d:ef:3c:0b:d9:b3:9c:22:67:
                    62:ee:47:5c:93:a9:2f:a9:69:76:0c:27:d5:a0:9b:
                    ef:39:d0:b6:93:92:30:7f:ce:f5:ac:90:87:e2:d2:
                    67:ab:fe:4f:ec:7f:ff:31:2b:b1:02:e1:5d:7e:78:
                    94:6c:ff:99:ee:65:ee:fc:86:7b:a6:5b:32:ec:f2:
                    44:ef:e9:0c:1b:f8:5b:3f:46:28:41:63:cb:de:e8:
                    2e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A1:04:15:2D:E9:AE:B6:D2:D5:D6:A5:9E:08:EC:B3:C6:46:7D:21
            X509v3 Authority Key Identifier:
                keyid:06:E9:A1:30:9F:BB:9C:E0:6B:C4:E1:58:BC:0B:35:2E:E4:C8:84:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BumhMJ-7nOBrxOFYvAs1LuTIhEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/2aEEFS3prrbS1dalngjss8ZGfSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/49ee5b-2c63-41c8-b253-91fe4bc65382/1/BumhMJ-7nOBrxOFYvAs1LuTIhEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.16.0/22
                IPv6:
                  2a02:c100::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:14:63:b9:d9:37:d1:67:86:c4:df:1d:92:8f:64:50:b9:ea:
         b2:b5:9c:56:b0:fd:cd:f6:16:74:5d:7c:c0:6f:26:18:8d:a2:
         0b:4a:a3:00:b1:d8:7e:c1:e5:f2:2c:5c:ed:2f:6a:ea:5b:1e:
         26:0c:04:18:b0:09:b9:47:cc:4b:85:04:86:c2:aa:52:b1:c0:
         aa:0a:2c:78:f6:0d:a0:1f:c5:5d:a0:77:6a:9c:d7:e3:0e:03:
         79:85:6e:dc:3a:3f:98:1b:66:f3:3f:40:7c:2a:98:0a:c4:97:
         ec:69:93:ad:d6:75:00:dd:64:c6:7c:34:f8:cf:0e:17:79:24:
         2b:d0:b5:76:52:6c:31:62:e9:e3:d1:c3:75:0d:ee:b7:7a:f5:
         a4:80:11:ae:9c:04:d8:18:cb:b6:b9:1f:52:26:a4:33:cf:ed:
         51:03:ce:e6:2d:88:87:d7:3f:87:7a:7a:1a:91:49:5a:71:c4:
         ef:7d:50:77:8a:a2:26:2f:27:e7:e6:2f:1a:70:c2:78:57:f7:
         55:0a:43:c9:bf:83:21:b2:3d:16:38:43:a3:b5:d6:1f:82:43:
         96:0f:a5:75:ff:aa:15:2a:c2:14:7c:69:58:9b:e7:d5:4b:bd:
         5c:bf:00:52:cd:f9:ae:43:ab:0b:91:d2:33:9f:a7:a1:a3:53:
         6e:ff:92:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ25l1ukwUEirKs93Seu0gmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZTlhMTMwOWZiYjljZTA2YmM0ZTE1OGJjMGIzNTJlZTRj
ODg0NGMwHhcNMjYwNDIzMDkwNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWExMDQxNTJkZTlhZWI2ZDJkNWQ2YTU5ZTA4ZWNiM2M2NDY3ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvHXXf7sVtjk9EacDCsRZ7nXjT0a
fCTFF2ySC41DenkABrHSgi9sqjkmoFKiedxIuVEDg1LWT2Mk5ksFVSp7sLUhFden
f6CWXtWQC7V6nVftSLvgDuKCTSBwb3kpklP0CiCDQGs4P58aImS5fz0ftusMAh4p
SwmZZf7tjET4SWcsgRF3M9+7JZjHQQ2a31ZN9763IBXfFXCR+EOz7KCKE03aLphi
W8MwOkIN7zwL2bOcImdi7kdck6kvqWl2DCfVoJvvOdC2k5Iwf871rJCH4tJnq/5P
7H//MSuxAuFdfniUbP+Z7mXu/IZ7plsy7PJE7+kMG/hbP0YoQWPL3ugu2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNmhBBUt6a620tXWpZ4I7LPGRn0hMB8GA1UdIwQY
MBaAFAbpoTCfu5zga8ThWLwLNS7kyIRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnVtaE1KLTduT0JyeE9GWXZBczFMdVRJaEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80OWVlNWItMmM2My00MWM4LWIyNTMt
OTFmZTRiYzY1MzgyLzEvMmFFRUZTM3BycmJTMWRhbG5nanNzOFpHZlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80OWVlNWItMmM2My00MWM4LWIyNTMtOTFmZTRiYzY1Mzgy
LzEvQnVtaE1KLTduT0JyeE9GWXZBczFMdVRJaEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQIQMA0E
AgACMAcDBQMqAsEAMA0GCSqGSIb3DQEBCwUAA4IBAQBKFGO52TfRZ4bE3x2Sj2RQ
ueqytZxWsP3N9hZ0XXzAbyYYjaILSqMAsdh+weXyLFztL2rqWx4mDAQYsAm5R8xL
hQSGwqpSscCqCix49g2gH8VdoHdqnNfjDgN5hW7cOj+YG2bzP0B8KpgKxJfsaZOt
1nUA3WTGfDT4zw4XeSQr0LV2UmwxYunj0cN1De63evWkgBGunATYGMu2uR9SJqQz
z+1RA87mLYiH1z+HenoakUlaccTvfVB3iqImLyfn5i8acMJ4V/dVCkPJv4Mhsj0W
OEOjtdYfgkOWD6V1/6oVKsIUfGlYm+fVS71cvwBSzfmuQ6sLkdIzn6eho1Nu/5L5
-----END CERTIFICATE-----