Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/L2VyPx5ZvpU5RN459OVpFdGEzTI.roa
File:                     L2VyPx5ZvpU5RN459OVpFdGEzTI.roa (raw, json)
Hash identifier:          q4E7mZNnPKZTyFhGeFOu6dBopK+4PcrNRvByumhCm4I=
Subject key identifier:   2F:65:72:3F:1E:59:BE:95:39:44:DE:39:F4:E5:69:15:D1:84:CD:32
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       019B797EAD7BDD5B67D3139DB87A08D48592
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/L2VyPx5ZvpU5RN459OVpFdGEzTI.roa
Signing time:             Thu 01 Jan 2026 12:18:23 +0000
ROA not before:           Thu 01 Jan 2026 12:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61287
IP address blocks:        185.12.128.0/22 maxlen: 22
                          185.12.128.0/23 maxlen: 23
                          185.12.130.0/23 maxlen: 23
                          2a03:8d40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:ad:7b:dd:5b:67:d3:13:9d:b8:7a:08:d4:85:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 12:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f65723f1e59be953944de39f4e56915d184cd32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d6:00:23:d9:c9:23:1b:8b:97:4c:55:e0:5f:
                    f0:3f:0d:a4:18:db:5a:1d:77:1b:2a:7c:b4:bf:8e:
                    52:a6:c5:aa:72:40:5b:6e:50:9c:e3:36:3f:c0:c1:
                    98:c8:6b:a8:ad:45:9d:c6:15:0a:e6:f0:45:c0:12:
                    de:d9:c1:80:f1:4f:22:ba:4c:56:b5:4f:7e:c0:ba:
                    f0:b1:6b:30:c2:15:57:ec:16:9a:48:d7:bb:56:bb:
                    27:d2:b3:88:d7:64:00:31:a6:08:4a:08:8b:ea:4f:
                    6d:6f:8b:0a:71:a4:ec:c6:7a:89:59:60:bc:71:e1:
                    9b:87:f3:1e:82:87:23:3c:3a:d7:a6:a3:62:59:56:
                    2f:6c:9b:27:74:62:e0:1c:08:06:6a:4c:01:9a:cb:
                    87:a6:c5:be:cb:69:5e:e9:8e:b5:92:7b:7a:ea:c0:
                    0a:8f:1e:91:77:0b:6e:32:88:a3:d3:d1:6d:57:59:
                    6b:0f:fa:fb:d7:61:4d:ae:f1:0a:eb:70:de:3f:a1:
                    fd:f3:09:c4:57:04:17:cc:da:9b:1f:d7:99:70:bf:
                    83:62:7e:92:4e:23:14:5d:72:29:cf:b0:8f:bc:04:
                    73:34:95:c3:12:6b:44:43:a9:c0:41:a6:9a:27:6d:
                    70:02:01:ce:51:8f:9e:55:81:50:d2:50:db:25:c3:
                    71:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:65:72:3F:1E:59:BE:95:39:44:DE:39:F4:E5:69:15:D1:84:CD:32
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/L2VyPx5ZvpU5RN459OVpFdGEzTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.128.0/22
                IPv6:
                  2a03:8d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:06:69:97:3f:3f:03:c0:90:13:e0:64:ef:27:d9:a2:3d:da:
         4b:cc:9e:6c:c7:e1:10:8e:83:c6:9c:10:98:2e:5c:69:a5:22:
         57:85:0f:6b:a5:a5:de:5b:9d:a7:6a:e6:26:c2:0e:be:8c:43:
         12:44:b4:60:54:77:98:8a:59:73:62:6e:30:9b:58:82:d0:c9:
         40:6e:c3:db:e4:58:a9:05:bb:e7:8c:fe:e0:fa:e9:f4:c3:7c:
         1f:ca:12:a2:26:96:65:c3:4b:52:0c:07:98:2a:2f:55:7a:e4:
         78:f4:cf:c5:04:ac:74:d0:de:cb:8c:dc:36:71:32:ae:24:ef:
         c8:e0:c2:91:a4:13:01:87:2e:ec:33:d7:1d:bc:bb:f9:f6:f6:
         10:c1:ca:53:f8:53:94:2c:c6:aa:af:4b:15:68:31:59:f9:d0:
         fb:70:2d:d1:ef:92:13:03:36:ef:5a:2b:e8:e3:24:b1:1a:66:
         e7:5c:8b:39:d0:ab:3c:9f:c2:39:a6:6e:04:7f:16:e4:99:76:
         39:b2:79:e8:55:90:0f:f0:3c:98:07:ce:f4:a2:67:53:2f:b1:
         8a:a9:b4:75:d5:a7:2d:2f:00:9b:08:a9:9c:f2:bb:e4:2b:de:
         d8:df:dd:b6:27:29:08:80:9e:4e:8f:92:56:65:f6:42:c6:05:
         96:b4:37:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fq173Vtn0xOduHoI1IWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjYwMTAxMTIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY1NzIzZjFlNTliZTk1Mzk0NGRlMzlmNGU1NjkxNWQxODRjZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtYAI9nJIxuLl0xV4F/wPw2kGNta
HXcbKny0v45SpsWqckBbblCc4zY/wMGYyGuorUWdxhUK5vBFwBLe2cGA8U8iukxW
tU9+wLrwsWswwhVX7BaaSNe7Vrsn0rOI12QAMaYISgiL6k9tb4sKcaTsxnqJWWC8
ceGbh/MegocjPDrXpqNiWVYvbJsndGLgHAgGakwBmsuHpsW+y2le6Y61knt66sAK
jx6RdwtuMoij09FtV1lrD/r712FNrvEK63DeP6H98wnEVwQXzNqbH9eZcL+DYn6S
TiMUXXIpz7CPvARzNJXDEmtEQ6nAQaaaJ21wAgHOUY+eVYFQ0lDbJcNxVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC9lcj8eWb6VOUTeOfTlaRXRhM0yMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEvTDJWeVB4NVp2cFU1Uk40NTlPVnBGZEdFelRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQyAMA0E
AgACMAcDBQAqA41AMA0GCSqGSIb3DQEBCwUAA4IBAQAMBmmXPz8DwJAT4GTvJ9mi
PdpLzJ5sx+EQjoPGnBCYLlxppSJXhQ9rpaXeW52nauYmwg6+jEMSRLRgVHeYillz
Ym4wm1iC0MlAbsPb5FipBbvnjP7g+un0w3wfyhKiJpZlw0tSDAeYKi9VeuR49M/F
BKx00N7LjNw2cTKuJO/I4MKRpBMBhy7sM9cdvLv59vYQwcpT+FOULMaqr0sVaDFZ
+dD7cC3R75ITAzbvWivo4ySxGmbnXIs50Ks8n8I5pm4EfxbkmXY5snnoVZAP8DyY
B870omdTL7GKqbR11actLwCbCKmc8rvkK97Y3922JykIgJ5Oj5JWZfZCxgWWtDfJ
-----END CERTIFICATE-----