Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/IXapM66e7MdcAVdK5ZgSYj804cY.roa
File:                     IXapM66e7MdcAVdK5ZgSYj804cY.roa (raw, json)
Hash identifier:          Zge2mwt6CQnb9dk3bDCs3Oo7c63bsf/jL0cP3knXpFI=
Subject key identifier:   21:76:A9:33:AE:9E:EC:C7:5C:01:57:4A:E5:98:12:62:3F:34:E1:C6
Certificate issuer:       /CN=a366f35bac61a0abf71d18d6b1063d5c933a24ab
Certificate serial:       019B79ECA60C97BCB0578A9909E5A68D611A
Authority key identifier: A3:66:F3:5B:AC:61:A0:AB:F7:1D:18:D6:B1:06:3D:5C:93:3A:24:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/IXapM66e7MdcAVdK5ZgSYj804cY.roa
Signing time:             Thu 01 Jan 2026 14:18:30 +0000
ROA not before:           Thu 01 Jan 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201535
IP address blocks:        185.71.164.0/22 maxlen: 22
                          2a05:34c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:a6:0c:97:bc:b0:57:8a:99:09:e5:a6:8d:61:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a366f35bac61a0abf71d18d6b1063d5c933a24ab
        Validity
            Not Before: Jan  1 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2176a933ae9eecc75c01574ae59812623f34e1c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:eb:ee:4c:69:94:33:8e:19:4b:72:b2:22:0e:
                    34:e4:a4:63:23:e7:4d:60:79:7a:33:0c:4b:0c:db:
                    4b:dc:27:63:dd:81:d3:ad:e9:41:99:71:b1:20:1f:
                    cf:52:2e:f3:f8:00:2e:94:5a:37:41:c6:f5:73:de:
                    a1:a7:f1:69:e7:c9:4e:d1:40:d8:da:86:0f:19:00:
                    fd:30:fe:a8:5c:09:06:82:7d:e7:73:17:56:c6:eb:
                    6a:ca:9f:61:77:94:f8:ea:14:5e:a7:19:e4:00:5c:
                    cf:49:26:21:b7:db:c9:eb:f4:c5:ff:9c:39:56:39:
                    9a:76:ee:a6:07:d0:ff:08:32:d9:26:5b:55:1b:5c:
                    86:84:5b:6c:d2:8b:72:53:7c:f6:9c:5d:1b:c5:af:
                    dc:8c:13:93:1c:0a:92:eb:f9:44:92:d8:63:45:cf:
                    f2:b6:26:eb:62:ed:23:54:24:70:ca:9b:ad:d2:1a:
                    bd:8c:a1:2b:15:6b:9f:1f:44:0a:c7:36:e6:f9:d4:
                    a5:ac:83:d4:09:d6:7e:2d:d5:d1:05:d6:41:50:1e:
                    5c:7c:8e:42:2f:1f:29:b7:4f:56:88:16:d3:6b:55:
                    7f:d3:c9:f7:c2:1a:63:8f:84:54:fb:27:5e:f8:9b:
                    b2:15:ab:a0:9c:8f:c1:50:cc:ed:c6:a1:fa:01:ab:
                    43:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:76:A9:33:AE:9E:EC:C7:5C:01:57:4A:E5:98:12:62:3F:34:E1:C6
            X509v3 Authority Key Identifier:
                keyid:A3:66:F3:5B:AC:61:A0:AB:F7:1D:18:D6:B1:06:3D:5C:93:3A:24:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/IXapM66e7MdcAVdK5ZgSYj804cY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.164.0/22
                IPv6:
                  2a05:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:ed:22:da:69:61:8e:52:81:53:dc:f3:ca:b9:59:7c:07:06:
         73:b5:e6:7a:ea:64:12:c9:0e:ed:7c:cb:5e:57:b4:0c:1a:21:
         80:1f:c0:ad:fd:96:18:1f:5f:18:05:77:b1:32:5a:a4:1d:bd:
         9d:eb:41:dc:8c:b7:50:dc:41:44:bc:8e:24:32:d1:6c:42:22:
         2d:9c:a1:71:62:4c:fa:d9:23:23:b5:bb:5f:8a:c4:c9:42:de:
         0b:d5:6b:40:14:d6:7d:00:00:42:e4:80:61:0a:72:38:03:85:
         3a:65:22:80:2f:5a:b2:ab:bb:03:ad:d9:db:1d:74:96:08:8d:
         d8:32:a3:57:50:53:aa:0e:c9:e8:ce:02:3a:db:d8:6e:8a:91:
         0c:7d:81:a6:b7:74:b1:c9:b2:54:09:18:93:ca:42:bc:f8:72:
         cd:72:68:6d:81:dc:81:e3:a1:21:a1:ed:ec:7f:a8:94:4b:54:
         78:78:cd:da:24:3d:bb:2a:2d:e7:9d:e0:ee:25:1b:77:03:21:
         29:b4:77:9b:3a:51:b1:af:99:95:e6:8f:c1:98:ec:7f:dd:5f:
         ff:c4:df:91:37:7f:96:d3:ba:38:d3:bd:8a:91:77:74:1f:da:
         7e:ce:3b:b5:58:82:5c:9a:41:8d:22:16:1c:4b:68:7a:8f:48:
         7f:21:e7:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt57KYMl7ywV4qZCeWmjWEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjZmMzViYWM2MWEwYWJmNzFkMThkNmIxMDYzZDVjOTMz
YTI0YWIwHhcNMjYwMTAxMTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTc2YTkzM2FlOWVlY2M3NWMwMTU3NGFlNTk4MTI2MjNmMzRlMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArevuTGmUM44ZS3KyIg405KRjI+dN
YHl6MwxLDNtL3Cdj3YHTrelBmXGxIB/PUi7z+AAulFo3Qcb1c96hp/Fp58lO0UDY
2oYPGQD9MP6oXAkGgn3ncxdWxutqyp9hd5T46hRepxnkAFzPSSYht9vJ6/TF/5w5
Vjmadu6mB9D/CDLZJltVG1yGhFts0otyU3z2nF0bxa/cjBOTHAqS6/lEkthjRc/y
tibrYu0jVCRwyput0hq9jKErFWufH0QKxzbm+dSlrIPUCdZ+LdXRBdZBUB5cfI5C
Lx8pt09WiBbTa1V/08n3whpjj4RU+yde+JuyFaugnI/BUMztxqH6AatDqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCF2qTOunuzHXAFXSuWYEmI/NOHGMB8GA1UdIwQY
MBaAFKNm81usYaCr9x0Y1rEGPVyTOiSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJielc2eGhvS3YzSFJqV3NRWTlYSk02SktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC80Y2Y4MTQtNzliNS00Nzg2LWFjNTEt
MzE5MDc5NWU4NjNiLzEvSVhhcE02NmU3TWRjQVZkSzVaZ1NZajgwNGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC80Y2Y4MTQtNzliNS00Nzg2LWFjNTEtMzE5MDc5NWU4NjNi
LzEvbzJielc2eGhvS3YzSFJqV3NRWTlYSk02SktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUekMA0E
AgACMAcDBQMqBTTAMA0GCSqGSIb3DQEBCwUAA4IBAQB37SLaaWGOUoFT3PPKuVl8
BwZzteZ66mQSyQ7tfMteV7QMGiGAH8Ct/ZYYH18YBXexMlqkHb2d60HcjLdQ3EFE
vI4kMtFsQiItnKFxYkz62SMjtbtfisTJQt4L1WtAFNZ9AABC5IBhCnI4A4U6ZSKA
L1qyq7sDrdnbHXSWCI3YMqNXUFOqDsnozgI629huipEMfYGmt3SxybJUCRiTykK8
+HLNcmhtgdyB46Ehoe3sf6iUS1R4eM3aJD27Ki3nneDuJRt3AyEptHebOlGxr5mV
5o/BmOx/3V//xN+RN3+W07o4072KkXd0H9p+zju1WIJcmkGNIhYcS2h6j0h/IefR
-----END CERTIFICATE-----