Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/2YAgI74gbNqNd4cR2a1xK7IpNo0.roa
File:                     2YAgI74gbNqNd4cR2a1xK7IpNo0.roa (raw, json)
Hash identifier:          UfaVQLtUsjyfgahDcdhJ4KwcH3jtGHAp5uCPoj3a35Q=
Subject key identifier:   D9:80:20:23:BE:20:6C:DA:8D:77:87:11:D9:AD:71:2B:B2:29:36:8D
Certificate issuer:       /CN=099d3946413dd11161b46c7df6ad362a9938d5d4
Certificate serial:       019DAB61CE075B8809511D57FCE7F1A88742
Authority key identifier: 09:9D:39:46:41:3D:D1:11:61:B4:6C:7D:F6:AD:36:2A:99:38:D5:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/2YAgI74gbNqNd4cR2a1xK7IpNo0.roa
Signing time:             Mon 20 Apr 2026 14:53:26 +0000
ROA not before:           Mon 20 Apr 2026 14:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208777
IP address blocks:        45.84.84.0/22 maxlen: 22
                          157.22.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:61:ce:07:5b:88:09:51:1d:57:fc:e7:f1:a8:87:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099d3946413dd11161b46c7df6ad362a9938d5d4
        Validity
            Not Before: Apr 20 14:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9802023be206cda8d778711d9ad712bb229368d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:61:2c:fc:86:70:2d:aa:90:c7:24:f5:fd:b3:
                    f8:6e:97:23:30:c7:c8:45:a1:51:e8:cb:c3:0a:fc:
                    9f:0e:24:15:60:c5:d7:bb:8e:54:3e:95:f0:98:5d:
                    19:37:32:13:41:5e:94:86:c2:6b:21:dd:a9:1d:62:
                    2f:d9:aa:52:1c:2f:9c:67:0c:72:b3:3a:32:ee:43:
                    0f:8a:c3:ca:5e:41:a2:90:df:e3:da:5d:02:2a:84:
                    31:6d:f2:ef:27:c3:fa:97:80:87:81:2f:43:f1:1f:
                    a6:37:52:d3:3d:7a:50:90:1d:d5:f7:dc:15:b4:f9:
                    c2:16:e4:ea:5a:26:44:47:d2:33:78:85:d4:29:e6:
                    cb:c6:0f:d1:4a:f3:ed:0f:b5:0f:60:f7:f8:02:02:
                    a6:65:21:05:d1:34:af:79:89:b6:9f:9f:94:47:63:
                    23:78:58:29:ff:f1:f6:41:71:e9:dd:9d:77:67:cc:
                    d8:7a:08:25:dc:d0:3f:ef:03:a3:14:91:92:88:12:
                    9b:cf:ca:5b:63:c9:53:1e:f7:55:33:47:0b:e2:4d:
                    c0:fe:75:1b:ee:05:57:82:1e:f4:b8:5f:28:0b:b5:
                    fb:ae:8e:05:9e:cb:5a:64:8e:d3:74:f7:8c:73:73:
                    84:bc:ee:3b:67:68:76:d2:7f:2d:66:15:cd:a8:a3:
                    95:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:80:20:23:BE:20:6C:DA:8D:77:87:11:D9:AD:71:2B:B2:29:36:8D
            X509v3 Authority Key Identifier:
                keyid:09:9D:39:46:41:3D:D1:11:61:B4:6C:7D:F6:AD:36:2A:99:38:D5:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZ05RkE90RFhtGx99q02Kpk41dQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/2YAgI74gbNqNd4cR2a1xK7IpNo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/856443-b8fb-478e-87c9-cf52aa9d6ccc/1/CZ05RkE90RFhtGx99q02Kpk41dQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.84.0/22
                  157.22.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:4c:fb:6b:1c:ce:5d:15:fa:e6:ce:d2:61:ec:d5:44:d1:bd:
         70:0f:bc:66:4e:97:55:9d:d3:9d:8b:29:62:8e:2a:cf:c8:ee:
         5a:b8:ef:8e:29:4d:8d:d8:cd:d6:4e:5f:c2:9b:26:1f:c2:e2:
         ad:5a:34:80:b6:1d:0d:a2:68:16:cf:cd:28:34:39:01:57:b9:
         73:0b:e8:bd:a0:3e:99:06:1e:8d:71:71:11:38:32:55:db:1c:
         0d:f7:31:e2:42:0a:db:ca:65:e9:12:e8:68:fd:fb:82:0e:b0:
         b3:c4:af:47:55:36:a5:6b:3c:72:06:91:f9:99:45:a2:a6:dd:
         3a:a7:65:5e:63:95:4f:87:5c:ab:60:b0:50:71:a8:a9:09:78:
         e5:f3:5e:87:a6:19:6d:ae:5b:6e:d5:83:c6:1e:d0:0b:9b:67:
         6c:35:7f:38:be:d3:d3:4d:b2:52:39:df:a5:e5:74:b9:bb:dd:
         56:02:88:f2:e3:cb:73:8e:76:97:22:7a:7d:96:bd:3f:1d:38:
         5e:c2:e7:86:8d:b3:33:0a:be:2f:25:ef:35:24:bb:5c:f9:de:
         e5:9e:af:b3:14:73:bb:9d:e2:e5:a1:bd:af:1e:7e:2f:59:df:
         a0:cd:e9:4c:34:25:ba:28:39:25:4d:08:aa:57:b2:95:f8:57:
         49:35:48:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2rYc4HW4gJUR1X/OfxqIdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWQzOTQ2NDEzZGQxMTE2MWI0NmM3ZGY2YWQzNjJhOTkz
OGQ1ZDQwHhcNMjYwNDIwMTQ1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTgwMjAyM2JlMjA2Y2RhOGQ3Nzg3MTFkOWFkNzEyYmIyMjkzNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mEs/IZwLaqQxyT1/bP4bpcjMMfI
RaFR6MvDCvyfDiQVYMXXu45UPpXwmF0ZNzITQV6UhsJrId2pHWIv2apSHC+cZwxy
szoy7kMPisPKXkGikN/j2l0CKoQxbfLvJ8P6l4CHgS9D8R+mN1LTPXpQkB3V99wV
tPnCFuTqWiZER9IzeIXUKebLxg/RSvPtD7UPYPf4AgKmZSEF0TSveYm2n5+UR2Mj
eFgp//H2QXHp3Z13Z8zYeggl3NA/7wOjFJGSiBKbz8pbY8lTHvdVM0cL4k3A/nUb
7gVXgh70uF8oC7X7ro4FnstaZI7TdPeMc3OEvO47Z2h20n8tZhXNqKOVkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNmAICO+IGzajXeHEdmtcSuyKTaNMB8GA1UdIwQY
MBaAFAmdOUZBPdERYbRsffatNiqZONXUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1owNVJrRTkwUkZodEd4OTlxMDJLcGs0MWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84NTY0NDMtYjhmYi00NzhlLTg3Yzkt
Y2Y1MmFhOWQ2Y2NjLzEvMllBZ0k3NGdiTnFOZDRjUjJhMXhLN0lwTm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84NTY0NDMtYjhmYi00NzhlLTg3YzktY2Y1MmFhOWQ2Y2Nj
LzEvQ1owNVJrRTkwUkZodEd4OTlxMDJLcGs0MWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVRUAwQB
nRaeMA0GCSqGSIb3DQEBCwUAA4IBAQCVTPtrHM5dFfrmztJh7NVE0b1wD7xmTpdV
ndOdiylijirPyO5auO+OKU2N2M3WTl/CmyYfwuKtWjSAth0NomgWz80oNDkBV7lz
C+i9oD6ZBh6NcXERODJV2xwN9zHiQgrbymXpEuho/fuCDrCzxK9HVTalazxyBpH5
mUWipt06p2VeY5VPh1yrYLBQcaipCXjl816Hphltrltu1YPGHtALm2dsNX84vtPT
TbJSOd+l5XS5u91WAojy48tzjnaXInp9lr0/HThewueGjbMzCr4vJe81JLtc+d7l
nq+zFHO7neLlob2vHn4vWd+gzelMNCW6KDklTQiqV7KV+FdJNUia
-----END CERTIFICATE-----