Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/IvfRGdnfN7_UPGAiz9QzeIqr6I8.roa
File:                     IvfRGdnfN7_UPGAiz9QzeIqr6I8.roa (raw, json)
Hash identifier:          ht/PdnItSCVuCn0LFXjdxW5Jjp/nTLMvvbH6aoSlok0=
Subject key identifier:   22:F7:D1:19:D9:DF:37:BF:D4:3C:60:22:CF:D4:33:78:8A:AB:E8:8F
Certificate issuer:       /CN=4ced4c7867429ee02f5cdc1afbeaa5ba71336008
Certificate serial:       019D9B311E7FB4C41248B429C60EAE8FB1A7
Authority key identifier: 4C:ED:4C:78:67:42:9E:E0:2F:5C:DC:1A:FB:EA:A5:BA:71:33:60:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TO1MeGdCnuAvXNwa--qlunEzYAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/IvfRGdnfN7_UPGAiz9QzeIqr6I8.roa
Signing time:             Fri 17 Apr 2026 11:26:20 +0000
ROA not before:           Fri 17 Apr 2026 11:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31736
IP address blocks:        185.64.116.0/22 maxlen: 22
                          2a03:1360::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/TO1MeGdCnuAvXNwa--qlunEzYAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/TO1MeGdCnuAvXNwa--qlunEzYAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TO1MeGdCnuAvXNwa--qlunEzYAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:31:1e:7f:b4:c4:12:48:b4:29:c6:0e:ae:8f:b1:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ced4c7867429ee02f5cdc1afbeaa5ba71336008
        Validity
            Not Before: Apr 17 11:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22f7d119d9df37bfd43c6022cfd433788aabe88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ef:28:3e:44:de:6e:d4:f3:fa:0e:b5:74:e0:
                    17:53:b7:04:b9:43:c7:db:59:f9:ce:62:19:50:9a:
                    99:cc:6e:62:26:89:8f:79:15:cd:63:20:54:f2:60:
                    37:8b:f2:ca:da:9f:6d:d3:25:bc:6e:9c:71:30:c9:
                    26:84:0b:ef:15:1f:c7:7a:6b:e5:a7:96:b4:97:8f:
                    d9:4b:1e:28:13:1b:fa:80:ca:c5:e1:38:c4:98:ee:
                    ff:8b:6f:6b:18:f8:b3:90:c8:14:09:73:27:e7:71:
                    63:1f:70:e1:d6:d2:88:4e:ad:24:ba:ce:9b:c7:c8:
                    36:79:9f:4f:f6:4b:65:c7:f0:de:59:cd:52:92:e3:
                    28:c3:2f:8c:47:fb:1a:00:26:88:1f:41:27:0f:5d:
                    b0:21:ef:a1:fb:6a:25:56:b8:33:46:f2:5f:8c:0c:
                    d6:0c:01:96:76:ee:3b:3e:6d:18:43:88:f1:db:ef:
                    61:bc:2f:77:5d:76:9a:12:90:3d:94:9a:13:d8:bf:
                    94:ad:54:5a:7a:21:3a:f1:0d:84:c0:0c:63:45:dc:
                    4b:68:8d:05:be:aa:a2:2e:bb:d9:93:df:02:21:d2:
                    ae:82:b7:2b:b2:f7:b3:5b:8b:5b:1c:3f:c3:6d:c0:
                    2f:04:bc:ac:c3:9c:83:25:8e:48:73:ed:85:33:e5:
                    c1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F7:D1:19:D9:DF:37:BF:D4:3C:60:22:CF:D4:33:78:8A:AB:E8:8F
            X509v3 Authority Key Identifier:
                keyid:4C:ED:4C:78:67:42:9E:E0:2F:5C:DC:1A:FB:EA:A5:BA:71:33:60:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TO1MeGdCnuAvXNwa--qlunEzYAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/IvfRGdnfN7_UPGAiz9QzeIqr6I8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/76d6f1-7ffb-4301-9310-160cde88ed3f/1/TO1MeGdCnuAvXNwa--qlunEzYAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.116.0/22
                IPv6:
                  2a03:1360::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:af:bb:d8:5c:5a:44:f7:a2:1a:1a:38:34:99:6e:6d:0f:98:
         65:7a:52:81:18:b5:4b:5e:7b:33:24:69:88:d6:32:96:c1:d3:
         af:50:89:a3:60:1a:b3:8f:04:81:8a:d2:02:19:7e:5e:45:59:
         6a:5e:e1:e4:95:b9:f1:e4:6e:90:ea:f4:e1:b4:06:66:9d:c6:
         02:49:f9:85:c0:1d:c4:d1:4c:d5:5f:e4:74:cf:60:eb:91:d3:
         44:80:e0:19:78:c2:df:cb:5b:96:5c:7e:5e:ae:72:4f:48:9b:
         28:92:57:6e:31:f8:37:e0:4c:51:fd:51:90:a8:63:5e:a4:de:
         72:dc:bf:d6:b9:de:44:63:a1:85:2e:7e:f3:d9:d5:9e:0e:c6:
         76:f1:46:1f:e3:98:fd:9c:1e:a6:fd:64:5f:b2:59:54:d2:fe:
         83:5c:9e:0f:12:6b:d3:b1:8c:e6:1f:73:9f:68:ab:ad:bc:49:
         e1:49:3d:11:5c:ed:14:43:4f:2d:94:f3:32:3b:09:78:61:0e:
         ba:14:dc:1c:ad:08:bc:07:5a:ee:47:57:56:49:7d:07:60:98:
         60:d2:1a:30:47:6e:38:e6:91:68:85:8e:ac:96:c3:04:c3:35:
         0d:53:61:db:b1:0a:1a:64:6e:45:ca:f6:2d:fc:b1:55:4d:fb:
         c0:f5:23:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2bMR5/tMQSSLQpxg6uj7GnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZWQ0Yzc4Njc0MjllZTAyZjVjZGMxYWZiZWFhNWJhNzEz
MzYwMDgwHhcNMjYwNDE3MTEyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY3ZDExOWQ5ZGYzN2JmZDQzYzYwMjJjZmQ0MzM3ODhhYWJlODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+8oPkTebtTz+g61dOAXU7cEuUPH
21n5zmIZUJqZzG5iJomPeRXNYyBU8mA3i/LK2p9t0yW8bpxxMMkmhAvvFR/Hemvl
p5a0l4/ZSx4oExv6gMrF4TjEmO7/i29rGPizkMgUCXMn53FjH3Dh1tKITq0kus6b
x8g2eZ9P9ktlx/DeWc1SkuMowy+MR/saACaIH0EnD12wIe+h+2olVrgzRvJfjAzW
DAGWdu47Pm0YQ4jx2+9hvC93XXaaEpA9lJoT2L+UrVRaeiE68Q2EwAxjRdxLaI0F
vqqiLrvZk98CIdKugrcrsvezW4tbHD/DbcAvBLysw5yDJY5Ic+2FM+XBLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCL30RnZ3ze/1DxgIs/UM3iKq+iPMB8GA1UdIwQY
MBaAFEztTHhnQp7gL1zcGvvqpbpxM2AIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE8xTWVHZENudUF2WE53YS0tcWx1bkV6WUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83NmQ2ZjEtN2ZmYi00MzAxLTkzMTAt
MTYwY2RlODhlZDNmLzEvSXZmUkdkbmZON19VUEdBaXo5UXplSXFyNkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83NmQ2ZjEtN2ZmYi00MzAxLTkzMTAtMTYwY2RlODhlZDNm
LzEvVE8xTWVHZENudUF2WE53YS0tcWx1bkV6WUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUB0MA0E
AgACMAcDBQAqAxNgMA0GCSqGSIb3DQEBCwUAA4IBAQC5r7vYXFpE96IaGjg0mW5t
D5hlelKBGLVLXnszJGmI1jKWwdOvUImjYBqzjwSBitICGX5eRVlqXuHklbnx5G6Q
6vThtAZmncYCSfmFwB3E0UzVX+R0z2DrkdNEgOAZeMLfy1uWXH5ernJPSJsokldu
Mfg34ExR/VGQqGNepN5y3L/Wud5EY6GFLn7z2dWeDsZ28UYf45j9nB6m/WRfsllU
0v6DXJ4PEmvTsYzmH3OfaKutvEnhST0RXO0UQ08tlPMyOwl4YQ66FNwcrQi8B1ru
R1dWSX0HYJhg0howR2445pFohY6slsMEwzUNU2HbsQoaZG5FyvYt/LFVTfvA9SOG
-----END CERTIFICATE-----