Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Ci7T1oVNHc8tbnfw-kXncqBB7cQ.roa
File:                     Ci7T1oVNHc8tbnfw-kXncqBB7cQ.roa (raw, json)
Hash identifier:          Yv125oxquEywJASaTcgTVq9eUxE+9scmAg56tEvF/Ww=
Subject key identifier:   0A:2E:D3:D6:85:4D:1D:CF:2D:6E:77:F0:FA:45:E7:72:A0:41:ED:C4
Certificate issuer:       /CN=3a1d8225b27122794bc82e91b967bb25dbe4508e
Certificate serial:       019B7834F55EA8B6CEEB0A760D5E5C79C2B9
Authority key identifier: 3A:1D:82:25:B2:71:22:79:4B:C8:2E:91:B9:67:BB:25:DB:E4:50:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Ci7T1oVNHc8tbnfw-kXncqBB7cQ.roa
Signing time:             Thu 01 Jan 2026 06:18:15 +0000
ROA not before:           Thu 01 Jan 2026 06:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208263
IP address blocks:        185.146.100.0/22 maxlen: 22
                          2a03:ab60::/32 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:f5:5e:a8:b6:ce:eb:0a:76:0d:5e:5c:79:c2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1d8225b27122794bc82e91b967bb25dbe4508e
        Validity
            Not Before: Jan  1 06:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a2ed3d6854d1dcf2d6e77f0fa45e772a041edc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:37:ad:31:e2:10:6d:bd:29:ce:72:86:40:da:
                    15:e1:f5:cc:42:c3:2c:c4:3e:f8:9f:e2:4b:ac:4a:
                    67:53:69:4d:8f:d7:2a:fc:21:c4:b8:e3:4a:cd:c6:
                    1e:66:b2:d1:e1:a7:13:fa:1b:3a:22:3a:cd:84:e1:
                    26:ea:19:4b:64:01:11:9a:53:f9:f6:58:5c:78:df:
                    1c:19:8e:61:3e:47:74:b9:40:b9:7d:01:97:d9:30:
                    a7:25:3c:54:12:0e:b0:a7:a4:a8:ee:fe:21:62:9b:
                    7d:f3:d8:aa:84:01:9e:0f:fa:ec:75:f2:53:5c:1e:
                    3a:02:8b:32:75:6f:10:e6:cc:37:50:e5:d7:8e:d3:
                    ff:ee:aa:68:e6:52:d4:12:4f:fb:df:df:16:c7:63:
                    3c:0c:47:d8:8e:6f:57:1e:46:8d:77:52:12:23:86:
                    56:b6:5a:75:ce:c6:b9:98:c8:d2:56:05:8d:b9:20:
                    ac:c4:ac:e6:0d:fc:9a:56:73:0a:e9:b0:f0:d4:72:
                    a5:37:41:5a:d2:24:05:b6:2f:b2:ee:17:c8:58:e2:
                    99:86:2b:49:58:ad:8b:17:f3:95:0e:9d:f2:23:1d:
                    99:35:58:23:9b:08:82:ef:d4:14:96:d2:11:19:dc:
                    20:a8:67:4c:2b:55:9f:ae:5a:a9:49:d7:30:b6:b5:
                    c6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:2E:D3:D6:85:4D:1D:CF:2D:6E:77:F0:FA:45:E7:72:A0:41:ED:C4
            X509v3 Authority Key Identifier:
                keyid:3A:1D:82:25:B2:71:22:79:4B:C8:2E:91:B9:67:BB:25:DB:E4:50:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Ci7T1oVNHc8tbnfw-kXncqBB7cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.100.0/22
                IPv6:
                  2a03:ab60::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:21:9b:65:dc:cb:88:63:20:4c:35:75:40:2a:e4:60:23:4f:
         28:b8:2b:c1:f3:d6:d7:5f:18:a9:76:2e:f4:35:28:79:c1:7c:
         5d:a5:5d:d8:b5:fb:ea:3e:d9:99:bf:64:cc:cd:3d:53:13:ad:
         fd:16:ec:11:89:33:dd:3c:4a:d5:ef:c0:0c:a0:a7:99:f0:05:
         a1:2d:62:d5:e8:2a:51:04:e5:f3:6f:e3:78:13:7c:b7:4a:da:
         66:94:36:6c:bf:69:d4:5a:3c:85:73:1a:39:12:4b:65:23:6d:
         2e:62:ff:d0:bc:f4:21:36:9c:de:ca:93:e1:c4:6b:e6:80:11:
         22:85:cd:d6:78:99:1c:99:0a:7b:b1:c0:47:74:e9:b8:fc:5e:
         0c:4c:50:f9:4a:e7:a3:00:09:a6:3a:ce:eb:b4:c8:73:74:69:
         92:4e:c8:57:69:d0:ca:89:13:02:49:56:12:92:0a:c8:02:38:
         6f:88:33:53:3a:0d:6f:0e:ab:dd:35:6c:50:50:f6:1d:87:b3:
         70:ba:eb:af:c4:9d:81:6d:a9:72:f0:6a:35:67:5a:81:36:a5:
         8c:6a:7c:8e:7e:45:92:31:45:fc:0a:17:25:31:d1:bc:af:75:
         fc:0d:44:d9:69:83:92:0e:5d:69:30:80:39:e6:a9:7b:20:05:
         32:86:bd:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4NPVeqLbO6wp2DV5cecK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWQ4MjI1YjI3MTIyNzk0YmM4MmU5MWI5NjdiYjI1ZGJl
NDUwOGUwHhcNMjYwMTAxMDYxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTJlZDNkNjg1NGQxZGNmMmQ2ZTc3ZjBmYTQ1ZTc3MmEwNDFlZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDetMeIQbb0pznKGQNoV4fXMQsMs
xD74n+JLrEpnU2lNj9cq/CHEuONKzcYeZrLR4acT+hs6IjrNhOEm6hlLZAERmlP5
9lhceN8cGY5hPkd0uUC5fQGX2TCnJTxUEg6wp6So7v4hYpt989iqhAGeD/rsdfJT
XB46AosydW8Q5sw3UOXXjtP/7qpo5lLUEk/7398Wx2M8DEfYjm9XHkaNd1ISI4ZW
tlp1zsa5mMjSVgWNuSCsxKzmDfyaVnMK6bDw1HKlN0Fa0iQFti+y7hfIWOKZhitJ
WK2LF/OVDp3yIx2ZNVgjmwiC79QUltIRGdwgqGdMK1WfrlqpSdcwtrXGmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAou09aFTR3PLW538PpF53KgQe3EMB8GA1UdIwQY
MBaAFDodgiWycSJ5S8gukblnuyXb5FCOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2gyQ0piSnhJbmxMeUM2UnVXZTdKZHZrVUk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81OWQ0ZWUtNDYxMy00NjQ5LWFkMmMt
NzQ5ZTJiY2E3M2NlLzEvQ2k3VDFvVk5IYzh0Ym5mdy1rWG5jcUJCN2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81OWQ0ZWUtNDYxMy00NjQ5LWFkMmMtNzQ5ZTJiY2E3M2Nl
LzEvT2gyQ0piSnhJbmxMeUM2UnVXZTdKZHZrVUk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZJkMA0E
AgACMAcDBQAqA6tgMA0GCSqGSIb3DQEBCwUAA4IBAQCbIZtl3MuIYyBMNXVAKuRg
I08ouCvB89bXXxipdi70NSh5wXxdpV3YtfvqPtmZv2TMzT1TE639FuwRiTPdPErV
78AMoKeZ8AWhLWLV6CpRBOXzb+N4E3y3StpmlDZsv2nUWjyFcxo5EktlI20uYv/Q
vPQhNpzeypPhxGvmgBEihc3WeJkcmQp7scBHdOm4/F4MTFD5SuejAAmmOs7rtMhz
dGmSTshXadDKiRMCSVYSkgrIAjhviDNTOg1vDqvdNWxQUPYdh7NwuuuvxJ2Bbaly
8Go1Z1qBNqWManyOfkWSMUX8ChclMdG8r3X8DUTZaYOSDl1pMIA55ql7IAUyhr1k
-----END CERTIFICATE-----