Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/2MIYePrvuVOPunZ0cCU587P-UNo.roa
File:                     2MIYePrvuVOPunZ0cCU587P-UNo.roa (raw, json)
Hash identifier:          87FdzdFETynQoJd/9d3TWFG9LHhJseAqTkXpKmEANyg=
Subject key identifier:   D8:C2:18:78:FA:EF:B9:53:8F:BA:76:74:70:25:39:F3:B3:FE:50:DA
Certificate issuer:       /CN=76fe3055e87290000e3287f7ab5883802a5aa6da
Certificate serial:       019B7AC87208A81586151DCAA4B340EF933D
Authority key identifier: 76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/2MIYePrvuVOPunZ0cCU587P-UNo.roa
Signing time:             Thu 01 Jan 2026 18:18:35 +0000
ROA not before:           Thu 01 Jan 2026 18:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206651
IP address blocks:        185.179.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:72:08:a8:15:86:15:1d:ca:a4:b3:40:ef:93:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76fe3055e87290000e3287f7ab5883802a5aa6da
        Validity
            Not Before: Jan  1 18:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8c21878faefb9538fba7674702539f3b3fe50da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:32:e1:f0:30:72:bd:fe:30:68:60:ea:71:dd:
                    92:5c:0b:a6:dd:5b:a5:8f:0b:b9:44:53:36:71:ab:
                    4d:82:4e:3c:a2:ec:41:f3:8e:30:82:74:cb:e4:78:
                    8f:84:9d:77:e8:e5:d9:45:6d:a8:fd:21:44:58:5c:
                    ec:9e:0a:b9:a5:90:b1:e1:b7:0e:67:c5:7f:8b:b4:
                    36:9e:46:3e:0a:8e:60:bd:e9:4a:bc:fe:99:9c:e9:
                    8b:ca:fb:89:b2:bf:a2:0b:93:bb:b0:1a:a4:82:ce:
                    1c:77:54:f7:d7:36:fe:9d:8d:c6:4e:c0:7c:ea:fb:
                    47:76:b1:a9:cf:af:7b:d9:60:f4:36:f7:44:c7:31:
                    fd:37:95:61:0a:9d:6e:7d:52:1f:ca:d5:87:43:99:
                    df:26:b2:55:c6:72:74:f3:dd:d6:1d:9d:2e:83:24:
                    cb:25:4b:2d:87:e7:60:50:63:29:d4:ab:90:bd:5a:
                    92:33:bf:a5:d2:94:be:18:39:b9:1c:51:3c:82:b5:
                    52:56:e3:19:16:e7:d4:55:16:a7:68:e4:34:db:85:
                    3e:bb:bf:1a:ea:ec:6c:87:70:f6:50:b0:fe:db:35:
                    f2:cb:e9:58:fe:01:8f:ac:b5:6a:44:e7:c7:2a:34:
                    03:19:bf:9e:bc:c8:4d:07:66:e5:c1:e4:95:f2:51:
                    04:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C2:18:78:FA:EF:B9:53:8F:BA:76:74:70:25:39:F3:B3:FE:50:DA
            X509v3 Authority Key Identifier:
                keyid:76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/2MIYePrvuVOPunZ0cCU587P-UNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:ad:5f:6d:4e:f9:c0:06:df:f3:1b:53:0e:94:dc:00:65:56:
         b8:da:57:ac:db:b2:6e:f7:f5:fe:ac:62:24:36:bc:90:7f:d2:
         de:63:db:c0:c8:53:4a:ab:da:bb:c8:93:c6:0f:cf:3f:72:c8:
         b0:bb:9b:3c:9b:e2:2b:09:78:18:dd:6a:33:ca:14:c4:0f:39:
         2a:a9:b9:0e:64:48:9c:df:7c:ac:9a:5e:5d:f0:47:b7:d0:55:
         74:23:7d:c4:42:71:02:c1:d1:38:76:3e:f8:40:fa:62:ce:32:
         bb:1b:72:1b:f1:88:38:0f:b6:c7:94:f3:31:b0:5c:01:25:e5:
         1c:fc:e9:5d:a4:ea:ed:8e:2d:0f:90:bc:0d:62:f4:49:89:9b:
         92:42:08:31:5a:11:58:69:ec:ba:d6:6d:74:3c:db:cd:d7:1a:
         c6:2d:10:ca:18:15:63:a1:22:cf:3c:0e:eb:05:ce:af:d2:ba:
         42:89:f8:ed:24:e2:a4:1d:77:25:42:df:fd:99:32:fd:a6:d5:
         3d:db:d1:87:ce:be:84:a3:a3:0c:a8:cf:13:1c:54:ea:b0:8c:
         27:c8:3d:d0:e0:e7:0f:f1:40:9c:b5:70:0d:9b:7d:c2:29:05:
         27:f3:f4:82:ea:ff:ab:d0:1b:60:77:18:c6:88:f3:a5:e3:4e:
         ea:df:cc:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yHIIqBWGFR3KpLNA75M9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZmUzMDU1ZTg3MjkwMDAwZTMyODdmN2FiNTg4MzgwMmE1
YWE2ZGEwHhcNMjYwMTAxMTgxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGMyMTg3OGZhZWZiOTUzOGZiYTc2NzQ3MDI1MzlmM2IzZmU1MGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jLh8DByvf4waGDqcd2SXAum3Vul
jwu5RFM2catNgk48ouxB844wgnTL5HiPhJ136OXZRW2o/SFEWFzsngq5pZCx4bcO
Z8V/i7Q2nkY+Co5gvelKvP6ZnOmLyvuJsr+iC5O7sBqkgs4cd1T31zb+nY3GTsB8
6vtHdrGpz6972WD0NvdExzH9N5VhCp1ufVIfytWHQ5nfJrJVxnJ0893WHZ0ugyTL
JUsth+dgUGMp1KuQvVqSM7+l0pS+GDm5HFE8grVSVuMZFufUVRanaOQ024U+u78a
6uxsh3D2ULD+2zXyy+lY/gGPrLVqROfHKjQDGb+evMhNB2blweSV8lEEBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjCGHj677lTj7p2dHAlOfOz/lDaMB8GA1UdIwQY
MBaAFHb+MFXocpAADjKH96tYg4AqWqbaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYt
ODRiNTE3NmEyYTRjLzEvMk1JWWVQcnZ1Vk9QdW5aMGNDVTU4N1AtVU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYtODRiNTE3NmEyYTRj
LzEvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubOEMA0G
CSqGSIb3DQEBCwUAA4IBAQCXrV9tTvnABt/zG1MOlNwAZVa42les27Ju9/X+rGIk
NryQf9LeY9vAyFNKq9q7yJPGD88/csiwu5s8m+IrCXgY3WozyhTEDzkqqbkOZEic
33ysml5d8Ee30FV0I33EQnECwdE4dj74QPpizjK7G3Ib8Yg4D7bHlPMxsFwBJeUc
/OldpOrtji0PkLwNYvRJiZuSQggxWhFYaey61m10PNvN1xrGLRDKGBVjoSLPPA7r
Bc6v0rpCifjtJOKkHXclQt/9mTL9ptU929GHzr6Eo6MMqM8THFTqsIwnyD3Q4OcP
8UCctXANm33CKQUn8/SC6v+r0BtgdxjGiPOl407q38y4
-----END CERTIFICATE-----