Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/uOrZo6gF2WVlF4nc6xlIIShI6cM.roa
File:                     uOrZo6gF2WVlF4nc6xlIIShI6cM.roa (raw, json)
Hash identifier:          4dFwviDJ3qVWkRoE0eY86El9WripywfdZeQ8NNS5Yl8=
Subject key identifier:   B8:EA:D9:A3:A8:05:D9:65:65:17:89:DC:EB:19:48:21:28:48:E9:C3
Certificate issuer:       /CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
Certificate serial:       019DB503516472022FE91A12AA84AD8DB0D3
Authority key identifier: DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/uOrZo6gF2WVlF4nc6xlIIShI6cM.roa
Signing time:             Wed 22 Apr 2026 11:46:26 +0000
ROA not before:           Wed 22 Apr 2026 11:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203196
IP address blocks:        185.85.40.0/22 maxlen: 24
                          195.226.216.0/24 maxlen: 24
                          2a12:5dc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:03:51:64:72:02:2f:e9:1a:12:aa:84:ad:8d:b0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
        Validity
            Not Before: Apr 22 11:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8ead9a3a805d965651789dceb1948212848e9c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:ea:a1:31:bb:90:94:35:a1:6e:7d:1a:7a:
                    55:29:ed:56:d0:51:ac:bb:69:a1:7b:46:64:93:a1:
                    70:2d:22:f3:f5:01:80:9c:12:18:40:7a:01:13:cc:
                    ed:24:16:8d:d5:70:dd:54:e9:59:56:01:03:ac:58:
                    8b:d7:66:52:25:6d:53:8e:10:2c:92:a9:46:4c:c8:
                    c1:e2:e9:76:6f:94:8f:50:8f:5a:14:63:43:26:5f:
                    e7:81:c8:8f:88:dc:c1:29:91:34:6e:9d:5e:96:42:
                    6d:50:4b:cd:9e:59:8e:91:9f:db:b6:95:cd:82:bc:
                    ce:18:bd:71:d4:76:a9:3d:d9:88:36:01:ff:62:84:
                    27:c8:bd:be:1b:c8:fe:ac:9c:db:7c:ef:1e:ec:31:
                    28:93:77:cf:04:b9:3f:ff:a1:fa:d1:92:ec:84:08:
                    18:19:52:8c:26:01:19:4e:a4:a8:9e:e4:69:76:33:
                    a6:e0:03:ed:c1:57:bf:df:b7:03:3c:d2:4a:b5:79:
                    d4:ba:3b:ac:a9:06:84:66:b6:fc:be:e9:50:38:15:
                    31:c2:21:01:67:bb:47:d3:c6:9f:36:e5:d1:74:39:
                    73:50:4b:a7:bf:93:ce:81:42:ae:76:30:58:23:f7:
                    7d:4f:d4:b5:f6:80:02:56:49:14:e0:f4:b6:47:70:
                    a0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:EA:D9:A3:A8:05:D9:65:65:17:89:DC:EB:19:48:21:28:48:E9:C3
            X509v3 Authority Key Identifier:
                keyid:DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/uOrZo6gF2WVlF4nc6xlIIShI6cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.40.0/22
                  195.226.216.0/24
                IPv6:
                  2a12:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:6a:37:92:fb:d8:d8:be:67:09:d0:30:a0:49:f5:58:38:97:
         1b:f2:23:8e:29:f5:78:02:95:0e:e2:66:de:44:f7:be:51:36:
         07:a6:dd:54:f7:ce:f6:55:0a:98:54:bc:7c:c2:3e:ac:49:4c:
         cb:81:79:14:6f:51:2d:cd:6b:f7:55:af:70:92:95:c8:a7:3f:
         74:a9:4d:50:ee:bb:61:e5:6b:bd:38:63:fc:a0:09:7a:82:f8:
         0a:fa:37:e9:9e:54:c0:08:c5:8b:73:a9:9b:7d:5b:18:fe:43:
         2b:a6:86:99:94:63:04:88:24:ef:cb:d8:d1:b7:e0:f3:1e:3d:
         5f:b4:84:3f:10:83:d4:08:a5:9f:d2:5b:89:f3:ad:b5:ca:70:
         4b:e1:d9:ba:6c:1d:cf:08:b1:c2:6a:5d:fd:46:7f:21:6a:7f:
         e5:5c:f0:8b:41:5a:1f:8a:92:e2:8a:85:b8:69:f1:94:66:4f:
         a9:03:dd:ea:a2:8f:b2:00:16:2a:ab:8e:00:b9:9f:64:ca:6f:
         4f:b5:d0:f8:0a:b5:bd:e3:a2:3a:73:00:a4:ec:26:c1:00:87:
         21:fe:23:19:a1:4b:b8:e4:06:aa:18:66:33:ff:06:20:1c:64:
         a3:2d:9d:a3:46:91:0b:fd:43:86:3a:09:66:6d:28:1d:8a:d5:
         d0:70:45:6d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ21A1FkcgIv6RoSqoStjbDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMmVjMjJhNjZiNWIyNDk4NjM5NWZlZWQ3ZmI1YjkwZTI4
YzliZTQwHhcNMjYwNDIyMTE0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGVhZDlhM2E4MDVkOTY1NjUxNzg5ZGNlYjE5NDgyMTI4NDhlOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mnqoTG7kJQ1oW59GnpVKe1W0FGs
u2mhe0Zkk6FwLSLz9QGAnBIYQHoBE8ztJBaN1XDdVOlZVgEDrFiL12ZSJW1TjhAs
kqlGTMjB4ul2b5SPUI9aFGNDJl/ngciPiNzBKZE0bp1elkJtUEvNnlmOkZ/btpXN
grzOGL1x1HapPdmINgH/YoQnyL2+G8j+rJzbfO8e7DEok3fPBLk//6H60ZLshAgY
GVKMJgEZTqSonuRpdjOm4APtwVe/37cDPNJKtXnUujusqQaEZrb8vulQOBUxwiEB
Z7tH08afNuXRdDlzUEunv5POgUKudjBYI/d9T9S19oACVkkU4PS2R3CgGwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLjq2aOoBdllZReJ3OsZSCEoSOnDMB8GA1UdIwQY
MBaAFNsuwipmtbJJhjlf7tf7W5DijJvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQt
Y2U3OGQ0YzA2NDJmLzEvdU9yWm82Z0YyV1ZsRjRuYzZ4bElJU2hJNmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQtY2U3OGQ0YzA2NDJm
LzEvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVUoAwQA
w+LYMA0EAgACMAcDBQMqEl3AMA0GCSqGSIb3DQEBCwUAA4IBAQCRajeS+9jYvmcJ
0DCgSfVYOJcb8iOOKfV4ApUO4mbeRPe+UTYHpt1U9872VQqYVLx8wj6sSUzLgXkU
b1EtzWv3Va9wkpXIpz90qU1Q7rth5Wu9OGP8oAl6gvgK+jfpnlTACMWLc6mbfVsY
/kMrpoaZlGMEiCTvy9jRt+DzHj1ftIQ/EIPUCKWf0luJ8621ynBL4dm6bB3PCLHC
al39Rn8han/lXPCLQVofipLiioW4afGUZk+pA93qoo+yABYqq44AuZ9kym9PtdD4
CrW946I6cwCk7CbBAIch/iMZoUu45AaqGGYz/wYgHGSjLZ2jRpEL/UOGOglmbSgd
itXQcEVt
-----END CERTIFICATE-----