Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/t-YR2UdrGJYsX4ZnfkqO15T5g9I.roa
File:                     t-YR2UdrGJYsX4ZnfkqO15T5g9I.roa (raw, json)
Hash identifier:          21jzaahsgBvVI66l1ZAF+dhUPihnDJv9H/MfKJOkhNs=
Subject key identifier:   B7:E6:11:D9:47:6B:18:96:2C:5F:86:67:7E:4A:8E:D7:94:F9:83:D2
Certificate issuer:       /CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
Certificate serial:       019DB5043BD1168927F5DC49C358A185C35F
Authority key identifier: DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/t-YR2UdrGJYsX4ZnfkqO15T5g9I.roa
Signing time:             Wed 22 Apr 2026 11:47:26 +0000
ROA not before:           Wed 22 Apr 2026 11:47:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        185.85.40.0/22 maxlen: 24
                          195.226.216.0/24 maxlen: 24
                          2a12:5dc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:04:3b:d1:16:89:27:f5:dc:49:c3:58:a1:85:c3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
        Validity
            Not Before: Apr 22 11:47:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7e611d9476b18962c5f86677e4a8ed794f983d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:13:33:c4:cc:42:24:a1:53:32:5b:b8:e1:fb:
                    dc:66:88:26:12:e3:51:fa:81:f3:46:7e:c9:42:7d:
                    c6:7b:cb:b0:38:71:95:88:30:ed:68:de:50:d8:e1:
                    3d:01:1b:82:aa:40:0b:22:ba:a7:63:26:3a:f9:d9:
                    c7:11:08:96:55:e2:d8:0e:95:87:8f:02:dd:a7:63:
                    0e:17:f2:91:fa:24:b4:be:e4:74:c8:14:86:5f:18:
                    a6:ea:85:a4:20:81:27:7b:9c:45:78:2b:0f:8d:0b:
                    73:26:13:ad:b7:10:41:65:14:b1:e2:e5:83:61:91:
                    5e:d7:8b:4f:4e:df:c5:e9:02:e9:3c:13:f0:b1:b1:
                    91:a3:55:ae:eb:7c:c7:b6:4f:c5:67:7b:d3:76:b4:
                    89:1c:79:60:88:73:5f:eb:a7:67:e5:52:9e:32:6a:
                    de:aa:64:b2:17:9d:15:35:84:eb:18:fc:d0:11:dc:
                    2a:90:f8:44:2b:f0:b6:94:7d:05:3f:39:a4:74:0c:
                    9b:ea:d8:cc:46:ff:87:ad:c7:08:13:02:be:2b:0d:
                    b5:6b:5e:69:41:11:6e:e8:0e:55:ea:14:13:d4:11:
                    89:07:af:f6:a1:54:e8:09:0b:8c:3e:35:aa:24:23:
                    4e:2c:83:53:7d:ae:b9:fc:7b:66:ce:bf:b2:45:65:
                    5c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E6:11:D9:47:6B:18:96:2C:5F:86:67:7E:4A:8E:D7:94:F9:83:D2
            X509v3 Authority Key Identifier:
                keyid:DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/t-YR2UdrGJYsX4ZnfkqO15T5g9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.40.0/22
                  195.226.216.0/24
                IPv6:
                  2a12:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:23:10:82:43:20:8a:11:1d:e7:ee:e6:ca:fd:64:ce:9d:a1:
         16:a8:d0:5b:eb:ae:51:fb:b5:ee:59:29:b5:96:06:47:97:35:
         a2:95:8c:4b:eb:01:4a:20:cd:42:d0:dc:cb:43:25:3a:ea:fb:
         45:78:9c:2d:05:92:a5:9e:46:ed:a2:9e:56:bd:6c:ff:11:b9:
         63:1e:11:e6:c4:45:57:07:0d:c0:57:70:0e:cf:3a:38:72:03:
         54:bf:1e:be:0d:41:fb:05:48:84:f2:45:b8:ee:bc:fa:5f:34:
         38:5c:5b:8d:ea:b9:4d:0a:00:77:50:28:db:1a:05:a7:ff:ca:
         ca:11:69:d6:15:c2:f2:fd:e3:01:c6:b1:0a:2b:ac:c6:45:19:
         e6:89:31:d7:73:68:35:04:6c:57:d0:c8:57:93:6f:6b:56:8d:
         82:78:95:df:54:f8:cb:a1:66:6a:74:e4:e3:94:3a:5c:fa:3f:
         1b:c7:67:ab:7b:c2:6c:b0:03:2a:07:f6:4b:ed:de:84:be:71:
         a2:10:67:d1:bb:fe:ab:18:95:3c:56:96:7d:de:13:51:16:48:
         67:51:bf:32:57:01:dc:17:95:b6:bb:88:0b:ea:54:9d:42:59:
         4a:e6:b4:79:f6:e7:bc:16:e0:97:06:54:c7:87:af:99:c5:5e:
         fc:9b:b2:68
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ21BDvRFokn9dxJw1ihhcNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMmVjMjJhNjZiNWIyNDk4NjM5NWZlZWQ3ZmI1YjkwZTI4
YzliZTQwHhcNMjYwNDIyMTE0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2U2MTFkOTQ3NmIxODk2MmM1Zjg2Njc3ZTRhOGVkNzk0Zjk4M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhMzxMxCJKFTMlu44fvcZogmEuNR
+oHzRn7JQn3Ge8uwOHGViDDtaN5Q2OE9ARuCqkALIrqnYyY6+dnHEQiWVeLYDpWH
jwLdp2MOF/KR+iS0vuR0yBSGXxim6oWkIIEne5xFeCsPjQtzJhOttxBBZRSx4uWD
YZFe14tPTt/F6QLpPBPwsbGRo1Wu63zHtk/FZ3vTdrSJHHlgiHNf66dn5VKeMmre
qmSyF50VNYTrGPzQEdwqkPhEK/C2lH0FPzmkdAyb6tjMRv+HrccIEwK+Kw21a15p
QRFu6A5V6hQT1BGJB6/2oVToCQuMPjWqJCNOLINTfa65/Htmzr+yRWVcEwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLfmEdlHaxiWLF+GZ35KjteU+YPSMB8GA1UdIwQY
MBaAFNsuwipmtbJJhjlf7tf7W5DijJvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQt
Y2U3OGQ0YzA2NDJmLzEvdC1ZUjJVZHJHSllzWDRabmZrcU8xNVQ1ZzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQtY2U3OGQ0YzA2NDJm
LzEvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVUoAwQA
w+LYMA0EAgACMAcDBQMqEl3AMA0GCSqGSIb3DQEBCwUAA4IBAQATIxCCQyCKER3n
7ubK/WTOnaEWqNBb665R+7XuWSm1lgZHlzWilYxL6wFKIM1C0NzLQyU66vtFeJwt
BZKlnkbtop5WvWz/EbljHhHmxEVXBw3AV3AOzzo4cgNUvx6+DUH7BUiE8kW47rz6
XzQ4XFuN6rlNCgB3UCjbGgWn/8rKEWnWFcLy/eMBxrEKK6zGRRnmiTHXc2g1BGxX
0MhXk29rVo2CeJXfVPjLoWZqdOTjlDpc+j8bx2ere8JssAMqB/ZL7d6EvnGiEGfR
u/6rGJU8VpZ93hNRFkhnUb8yVwHcF5W2u4gL6lSdQllK5rR59ue8FuCXBlTHh6+Z
xV78m7Jo
-----END CERTIFICATE-----