Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/NidyPRYUDsQcexHsJToZqXrMBV8.roa
File:                     NidyPRYUDsQcexHsJToZqXrMBV8.roa (raw, json)
Hash identifier:          p65GZR4XN5l1qftmH4TTF0KOAaUQ1Yo/rxmu16Joj74=
Subject key identifier:   36:27:72:3D:16:14:0E:C4:1C:7B:11:EC:25:3A:19:A9:7A:CC:05:5F
Certificate issuer:       /CN=cbe970980d565cc74adb294aa68c7b06f5132890
Certificate serial:       019B7E3754E4DFF90D88BF8DA191BBBF0437
Authority key identifier: CB:E9:70:98:0D:56:5C:C7:4A:DB:29:4A:A6:8C:7B:06:F5:13:28:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y-lwmA1WXMdK2ylKpox7BvUTKJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/NidyPRYUDsQcexHsJToZqXrMBV8.roa
Signing time:             Fri 02 Jan 2026 10:18:34 +0000
ROA not before:           Fri 02 Jan 2026 10:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203195
IP address blocks:        185.141.80.0/22 maxlen: 22
                          2a03:a8a0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/y-lwmA1WXMdK2ylKpox7BvUTKJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/y-lwmA1WXMdK2ylKpox7BvUTKJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y-lwmA1WXMdK2ylKpox7BvUTKJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:54:e4:df:f9:0d:88:bf:8d:a1:91:bb:bf:04:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbe970980d565cc74adb294aa68c7b06f5132890
        Validity
            Not Before: Jan  2 10:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3627723d16140ec41c7b11ec253a19a97acc055f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:14:ca:5e:29:d8:93:10:8a:14:8f:26:ca:2c:
                    83:fa:9c:89:82:b6:3a:bb:ec:dd:34:be:81:be:c0:
                    b8:0f:62:63:99:0e:f6:a8:2a:2c:28:6b:3c:ab:49:
                    23:40:ba:f1:b1:e6:28:0d:1a:17:d8:bf:1a:8d:ab:
                    ea:82:67:6a:6d:47:38:7d:34:26:0a:57:c9:a2:c8:
                    c0:f0:05:7f:d1:8d:d4:77:3c:57:37:3c:ec:07:ed:
                    8f:ea:7f:82:c0:9c:2e:48:33:1c:12:c6:35:42:55:
                    fa:0f:56:ef:00:4d:b4:70:5e:6c:5a:c7:4e:53:43:
                    45:0e:b5:91:6e:9d:eb:47:7c:b7:c5:bc:14:44:13:
                    6b:41:77:7b:47:f0:45:e1:4c:35:04:85:79:15:6e:
                    a9:8e:9e:e3:fb:75:26:5e:0c:4b:a7:33:00:12:a5:
                    a5:cb:c3:85:c1:de:f8:f1:fb:a7:da:fc:b7:19:fa:
                    3f:00:97:1f:88:b6:7b:81:e8:0f:5b:63:db:d2:fa:
                    06:b0:9b:a3:af:4d:96:e5:84:30:43:ff:6d:4f:7e:
                    35:85:ef:98:79:27:74:5d:a2:6e:1f:f1:20:eb:0b:
                    49:29:cc:58:6a:c0:98:d7:c4:ad:6d:8b:8b:d7:bc:
                    a6:fc:28:4b:ae:87:e5:9e:65:23:2e:6b:b0:6f:7b:
                    a7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:27:72:3D:16:14:0E:C4:1C:7B:11:EC:25:3A:19:A9:7A:CC:05:5F
            X509v3 Authority Key Identifier:
                keyid:CB:E9:70:98:0D:56:5C:C7:4A:DB:29:4A:A6:8C:7B:06:F5:13:28:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y-lwmA1WXMdK2ylKpox7BvUTKJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/NidyPRYUDsQcexHsJToZqXrMBV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3dcf7b-1703-459f-ac0b-756a08a4adda/1/y-lwmA1WXMdK2ylKpox7BvUTKJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.80.0/22
                IPv6:
                  2a03:a8a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:75:e1:28:22:f6:c9:a4:9e:70:31:67:e2:1f:e1:06:09:12:
         d1:7b:4f:71:42:d8:e9:dc:87:43:e9:02:05:80:cc:cc:ba:89:
         c5:74:ee:05:7c:1f:9a:25:f5:f1:58:a5:38:ff:9d:9e:2e:5f:
         59:63:72:d0:8b:f4:1a:2d:23:d3:c1:33:af:47:13:10:ba:4f:
         07:6b:00:69:b7:a7:f9:90:d0:29:58:8b:80:1a:53:58:23:d0:
         60:c6:32:65:f0:26:f5:35:7f:0a:41:ce:2b:43:e1:8a:5a:f4:
         d2:ed:c0:85:fb:68:ab:77:d3:86:20:b0:91:3f:f6:32:49:34:
         d2:3f:49:29:55:17:24:ea:42:df:5f:f7:84:55:56:13:48:5a:
         f4:3c:3f:4b:9d:fe:60:b6:8f:b7:82:57:35:0a:fe:c3:76:1a:
         ca:58:95:08:3c:7e:57:63:42:91:51:35:ae:fd:81:af:9f:d7:
         34:b8:ac:05:27:cf:8a:4f:6f:72:ac:6e:9a:38:5c:70:d7:85:
         ef:e3:86:04:bd:d7:75:f0:4b:90:cb:0a:68:4c:d5:c8:f5:1a:
         c9:2d:d1:05:ad:7e:87:cb:54:1c:e9:f0:e7:88:b7:ca:9d:ab:
         b8:74:46:79:5a:fb:3d:fa:10:ee:cf:20:06:fe:c2:cb:ce:02:
         78:e2:5c:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt+N1Tk3/kNiL+NoZG7vwQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZTk3MDk4MGQ1NjVjYzc0YWRiMjk0YWE2OGM3YjA2ZjUx
MzI4OTAwHhcNMjYwMTAyMTAxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI3NzIzZDE2MTQwZWM0MWM3YjExZWMyNTNhMTlhOTdhY2MwNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBTKXinYkxCKFI8myiyD+pyJgrY6
u+zdNL6BvsC4D2JjmQ72qCosKGs8q0kjQLrxseYoDRoX2L8ajavqgmdqbUc4fTQm
ClfJosjA8AV/0Y3UdzxXNzzsB+2P6n+CwJwuSDMcEsY1QlX6D1bvAE20cF5sWsdO
U0NFDrWRbp3rR3y3xbwURBNrQXd7R/BF4Uw1BIV5FW6pjp7j+3UmXgxLpzMAEqWl
y8OFwd748fun2vy3Gfo/AJcfiLZ7gegPW2Pb0voGsJujr02W5YQwQ/9tT341he+Y
eSd0XaJuH/Eg6wtJKcxYasCY18StbYuL17ym/ChLroflnmUjLmuwb3unZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDYncj0WFA7EHHsR7CU6Gal6zAVfMB8GA1UdIwQY
MBaAFMvpcJgNVlzHStspSqaMewb1EyiQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveS1sd21BMVdYTWRLMnlsS3BveDdCdlVUS0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8zZGNmN2ItMTcwMy00NTlmLWFjMGIt
NzU2YTA4YTRhZGRhLzEvTmlkeVBSWVVEc1FjZXhIc0pUb1pxWHJNQlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8zZGNmN2ItMTcwMy00NTlmLWFjMGItNzU2YTA4YTRhZGRh
LzEveS1sd21BMVdYTWRLMnlsS3BveDdCdlVUS0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY1QMA0E
AgACMAcDBQMqA6igMA0GCSqGSIb3DQEBCwUAA4IBAQAPdeEoIvbJpJ5wMWfiH+EG
CRLRe09xQtjp3IdD6QIFgMzMuonFdO4FfB+aJfXxWKU4/52eLl9ZY3LQi/QaLSPT
wTOvRxMQuk8HawBpt6f5kNApWIuAGlNYI9BgxjJl8Cb1NX8KQc4rQ+GKWvTS7cCF
+2ird9OGILCRP/YySTTSP0kpVRck6kLfX/eEVVYTSFr0PD9Lnf5gto+3glc1Cv7D
dhrKWJUIPH5XY0KRUTWu/YGvn9c0uKwFJ8+KT29yrG6aOFxw14Xv44YEvdd18EuQ
ywpoTNXI9RrJLdEFrX6Hy1Qc6fDniLfKnau4dEZ5Wvs9+hDuzyAG/sLLzgJ44lye
-----END CERTIFICATE-----