Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/1BYbQVIuZci3v2SJ1lPBRcKopC0.roa
File:                     1BYbQVIuZci3v2SJ1lPBRcKopC0.roa (raw, json)
Hash identifier:          4k0iveKSc7qYV/Hrii5KFzItmAd9JCdByjYJZZltOTg=
Subject key identifier:   D4:16:1B:41:52:2E:65:C8:B7:BF:64:89:D6:53:C1:45:C2:A8:A4:2D
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       019D2A6D94CB96D1D69146DC088F70C36804
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/1BYbQVIuZci3v2SJ1lPBRcKopC0.roa
Signing time:             Thu 26 Mar 2026 13:55:17 +0000
ROA not before:           Thu 26 Mar 2026 13:55:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33659
IP address blocks:        91.200.136.0/22 maxlen: 22
                          185.188.192.0/22 maxlen: 22
                          195.211.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:6d:94:cb:96:d1:d6:91:46:dc:08:8f:70:c3:68:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Mar 26 13:55:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4161b41522e65c8b7bf6489d653c145c2a8a42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:06:3d:74:5c:2c:22:d9:ff:57:30:12:09:9c:
                    db:c4:a4:c1:54:f1:08:3c:43:ad:9f:a1:a4:96:c0:
                    87:4f:55:b5:05:7e:5f:0a:83:d3:1d:97:db:2e:37:
                    65:06:d3:10:28:fc:af:a4:cc:3a:7c:43:5f:af:c0:
                    f4:aa:3a:16:11:fc:e4:ef:d8:b9:d1:74:6f:fd:90:
                    71:23:26:92:65:51:0f:b8:fe:21:6c:f7:bd:ea:67:
                    5f:32:fb:6c:00:6c:de:29:07:45:dc:9a:01:53:9f:
                    05:92:ea:df:bf:01:93:f5:e4:81:bc:ea:b8:0b:8c:
                    28:7a:39:04:16:17:d4:a1:1d:58:ea:5e:19:a0:42:
                    44:2b:69:7b:46:89:11:c5:c0:e7:81:cb:bc:f0:90:
                    7e:97:05:18:bc:6c:2f:be:05:5a:5d:96:78:d4:e6:
                    4f:19:0c:ff:d9:17:60:2c:7b:b4:d1:87:1d:93:75:
                    64:cc:c7:d8:ce:58:8d:48:72:78:bb:af:34:37:01:
                    7c:e4:b8:e2:95:85:dc:03:89:c3:9b:a0:96:84:24:
                    1e:69:a0:52:2c:b9:46:0e:f6:80:82:67:1f:de:1b:
                    5f:73:73:b5:69:a0:84:fb:8a:e5:b7:68:58:aa:40:
                    e3:4c:c3:3e:04:5d:45:13:c7:51:16:4f:f7:bc:b1:
                    c3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:16:1B:41:52:2E:65:C8:B7:BF:64:89:D6:53:C1:45:C2:A8:A4:2D
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/1BYbQVIuZci3v2SJ1lPBRcKopC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.136.0/22
                  185.188.192.0/22
                  195.211.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:23:6c:40:e4:dc:f6:70:e8:eb:a6:a5:bc:ae:99:97:f8:e2:
         38:b9:26:05:ae:72:56:3d:ae:38:70:f0:6e:2b:0c:ec:4a:20:
         ed:1c:64:55:01:0c:6c:7f:12:bc:56:72:33:ed:45:4b:53:b9:
         38:44:1b:65:d0:a9:1c:05:b3:38:7d:0d:42:ca:f6:5e:d6:9c:
         38:62:97:e5:4c:f6:9b:53:9f:e9:9f:6f:95:dc:47:9f:5b:4e:
         9a:d7:3a:8b:f0:a1:84:33:16:c8:a4:78:c2:cc:84:ed:2a:6a:
         f8:d0:ef:90:5d:ff:db:24:6f:7c:c1:c5:97:77:8d:2e:9b:72:
         5f:2c:dd:4e:dd:19:c9:d4:ac:01:5e:39:39:cf:37:78:76:bc:
         79:49:af:a5:34:da:53:bb:9b:66:0b:b9:1f:38:3c:5d:20:44:
         35:2d:d1:d8:22:d7:88:7d:a5:cd:2a:9f:5b:5d:db:aa:ed:e4:
         72:a0:98:93:53:47:ef:cc:ca:0f:ae:c7:85:57:83:f2:6e:a1:
         de:c2:43:7c:5c:70:a0:c4:8c:88:e6:85:05:45:60:b6:7b:16:
         b6:db:8a:d9:25:ba:f4:a9:c7:e3:3b:0e:93:d1:9b:9e:aa:19:
         f5:46:8b:c6:5f:dd:7a:a2:cf:bc:8b:1c:ed:f1:4f:47:c7:cc:
         c5:f1:cc:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0qbZTLltHWkUbcCI9ww2gEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjYwMzI2MTM1NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDE2MWI0MTUyMmU2NWM4YjdiZjY0ODlkNjUzYzE0NWMyYThhNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwY9dFwsItn/VzASCZzbxKTBVPEI
PEOtn6GklsCHT1W1BX5fCoPTHZfbLjdlBtMQKPyvpMw6fENfr8D0qjoWEfzk79i5
0XRv/ZBxIyaSZVEPuP4hbPe96mdfMvtsAGzeKQdF3JoBU58FkurfvwGT9eSBvOq4
C4woejkEFhfUoR1Y6l4ZoEJEK2l7RokRxcDngcu88JB+lwUYvGwvvgVaXZZ41OZP
GQz/2RdgLHu00Ycdk3VkzMfYzliNSHJ4u680NwF85LjilYXcA4nDm6CWhCQeaaBS
LLlGDvaAgmcf3htfc3O1aaCE+4rlt2hYqkDjTMM+BF1FE8dRFk/3vLHDBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNQWG0FSLmXIt79kidZTwUXCqKQtMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvMUJZYlFWSXVaY2kzdjJTSjFsUEJSY0tvcEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8iIAwQC
ubzAAwQCw9N0MA0GCSqGSIb3DQEBCwUAA4IBAQC2I2xA5Nz2cOjrpqW8rpmX+OI4
uSYFrnJWPa44cPBuKwzsSiDtHGRVAQxsfxK8VnIz7UVLU7k4RBtl0KkcBbM4fQ1C
yvZe1pw4YpflTPabU5/pn2+V3EefW06a1zqL8KGEMxbIpHjCzITtKmr40O+QXf/b
JG98wcWXd40um3JfLN1O3RnJ1KwBXjk5zzd4drx5Sa+lNNpTu5tmC7kfODxdIEQ1
LdHYIteIfaXNKp9bXduq7eRyoJiTU0fvzMoPrseFV4PybqHewkN8XHCgxIyI5oUF
RWC2exa224rZJbr0qcfjOw6T0Zueqhn1RovGX916os+8ixzt8U9Hx8zF8cw3
-----END CERTIFICATE-----