Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/nQKy6e2LccKKfVdgMJiI4DoR9BU.roa
File:                     nQKy6e2LccKKfVdgMJiI4DoR9BU.roa (raw, json)
Hash identifier:          DkQsbrxnTq1yHz8jrN75m8LOYNoDRbUgrzZnY6/SqN0=
Subject key identifier:   9D:02:B2:E9:ED:8B:71:C2:8A:7D:57:60:30:98:88:E0:3A:11:F4:15
Certificate issuer:       /CN=e2b445b00a8600b8334c1d3aadf1ef71914e68c9
Certificate serial:       019B797F39752E8647C95C13D7061C716901
Authority key identifier: E2:B4:45:B0:0A:86:00:B8:33:4C:1D:3A:AD:F1:EF:71:91:4E:68:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rRFsAqGALgzTB06rfHvcZFOaMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/nQKy6e2LccKKfVdgMJiI4DoR9BU.roa
Signing time:             Thu 01 Jan 2026 12:18:59 +0000
ROA not before:           Thu 01 Jan 2026 12:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204813
IP address blocks:        185.105.120.0/22 maxlen: 22
                          185.107.248.0/22 maxlen: 22
                          185.225.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/4rRFsAqGALgzTB06rfHvcZFOaMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/4rRFsAqGALgzTB06rfHvcZFOaMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rRFsAqGALgzTB06rfHvcZFOaMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:39:75:2e:86:47:c9:5c:13:d7:06:1c:71:69:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b445b00a8600b8334c1d3aadf1ef71914e68c9
        Validity
            Not Before: Jan  1 12:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d02b2e9ed8b71c28a7d5760309888e03a11f415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:85:be:62:46:f2:44:d7:33:b1:ae:35:41:06:
                    14:af:64:3b:7a:ce:e6:53:d1:bf:68:5d:b9:d9:9a:
                    16:6f:0a:98:77:1d:69:c8:1b:1d:a1:ba:da:38:83:
                    4f:ea:4e:0a:df:79:cd:f7:f0:ce:d0:69:39:e0:f8:
                    7c:05:df:ab:7b:f8:0b:1e:3f:d8:44:a3:f2:31:3a:
                    46:c0:a4:49:43:94:cf:ab:ee:d6:8c:36:cc:58:5a:
                    f4:e2:70:33:8c:85:ff:b8:56:bd:71:60:6c:c0:10:
                    76:7a:bb:b2:f9:c9:0c:58:17:b8:a5:3e:95:99:70:
                    f5:07:63:e1:f9:be:2f:d6:52:f0:27:71:55:1e:79:
                    e5:d2:39:c1:17:1b:b2:2f:3e:10:94:a5:af:82:af:
                    ae:87:2b:e6:a5:ee:4c:b6:30:7a:97:91:e2:2a:d0:
                    a4:9b:53:9a:5e:a5:a2:8e:3c:e0:17:e0:07:e2:30:
                    23:07:b4:02:52:13:cc:b6:f0:64:2a:e7:5d:3b:80:
                    55:e9:45:fc:e6:12:84:cf:de:e1:3a:ff:d7:57:43:
                    6f:48:9d:4a:a1:67:f0:f3:37:91:60:4e:16:cf:9d:
                    66:b0:ae:8d:16:5f:10:eb:0e:b9:87:f8:4d:bf:64:
                    bc:da:a9:44:eb:46:d3:66:7d:6e:4f:fe:b5:02:81:
                    c6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:02:B2:E9:ED:8B:71:C2:8A:7D:57:60:30:98:88:E0:3A:11:F4:15
            X509v3 Authority Key Identifier:
                keyid:E2:B4:45:B0:0A:86:00:B8:33:4C:1D:3A:AD:F1:EF:71:91:4E:68:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rRFsAqGALgzTB06rfHvcZFOaMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/nQKy6e2LccKKfVdgMJiI4DoR9BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a91afe-9651-4de3-ad88-d8393e185732/1/4rRFsAqGALgzTB06rfHvcZFOaMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.120.0/22
                  185.107.248.0/22
                  185.225.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:5e:5b:86:16:bb:44:9c:a4:4e:00:48:c7:f8:d6:54:3d:45:
         f6:96:71:db:61:b8:22:e3:d3:7a:60:4d:7d:fe:d0:f8:68:e7:
         a3:ee:95:1d:15:6d:4d:64:c7:a6:68:6a:da:39:20:1d:4f:c1:
         77:98:61:b9:ca:65:28:cf:11:b7:fa:96:a9:2c:e5:92:06:16:
         7a:71:ed:40:56:5a:cc:d3:2d:aa:9b:38:21:56:ac:4e:e1:79:
         e0:a2:9f:e5:2f:07:ce:46:07:08:15:7d:1c:03:9e:c7:8b:36:
         48:a3:c0:eb:d9:71:fe:0a:84:4d:85:b8:d0:e3:d6:9a:89:9b:
         45:ff:fe:79:80:5d:58:9f:c1:e9:d5:e2:ee:8f:b7:2c:86:e7:
         9c:82:90:c5:66:90:ef:90:af:78:78:5a:ae:c2:b8:97:fa:4c:
         0b:e9:7a:7d:44:ec:f8:90:cd:1c:39:6c:d9:8b:82:73:2d:25:
         3c:ee:d9:f8:cb:ba:d3:f8:9e:2c:37:09:b5:ca:ec:ba:fd:e3:
         af:22:b3:76:fc:ab:7d:84:6a:00:c0:2d:b5:83:7f:53:76:67:
         8a:0f:78:ad:8b:8a:33:32:10:6f:22:a0:a0:19:ff:8d:86:d2:
         78:79:f2:54:1f:30:3a:59:53:3e:ec:69:d6:4f:ac:f1:91:e5:
         af:b2:6c:f3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt5fzl1LoZHyVwT1wYccWkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjQ0NWIwMGE4NjAwYjgzMzRjMWQzYWFkZjFlZjcxOTE0
ZTY4YzkwHhcNMjYwMTAxMTIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDAyYjJlOWVkOGI3MWMyOGE3ZDU3NjAzMDk4ODhlMDNhMTFmNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44W+YkbyRNczsa41QQYUr2Q7es7m
U9G/aF252ZoWbwqYdx1pyBsdobraOINP6k4K33nN9/DO0Gk54Ph8Bd+re/gLHj/Y
RKPyMTpGwKRJQ5TPq+7WjDbMWFr04nAzjIX/uFa9cWBswBB2eruy+ckMWBe4pT6V
mXD1B2Ph+b4v1lLwJ3FVHnnl0jnBFxuyLz4QlKWvgq+uhyvmpe5MtjB6l5HiKtCk
m1OaXqWijjzgF+AH4jAjB7QCUhPMtvBkKuddO4BV6UX85hKEz97hOv/XV0NvSJ1K
oWfw8zeRYE4Wz51msK6NFl8Q6w65h/hNv2S82qlE60bTZn1uT/61AoHG8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ0Csunti3HCin1XYDCYiOA6EfQVMB8GA1UdIwQY
MBaAFOK0RbAKhgC4M0wdOq3x73GRTmjJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJSRnNBcUdBTGd6VEIwNnJmSHZjWkZPYU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9hOTFhZmUtOTY1MS00ZGUzLWFkODgt
ZDgzOTNlMTg1NzMyLzEvblFLeTZlMkxjY0tLZlZkZ01KaUk0RG9SOUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9hOTFhZmUtOTY1MS00ZGUzLWFkODgtZDgzOTNlMTg1NzMy
LzEvNHJSRnNBcUdBTGd6VEIwNnJmSHZjWkZPYU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWl4AwQC
uWv4AwQCueG0MA0GCSqGSIb3DQEBCwUAA4IBAQCVXluGFrtEnKROAEjH+NZUPUX2
lnHbYbgi49N6YE19/tD4aOej7pUdFW1NZMemaGraOSAdT8F3mGG5ymUozxG3+pap
LOWSBhZ6ce1AVlrM0y2qmzghVqxO4Xngop/lLwfORgcIFX0cA57HizZIo8Dr2XH+
CoRNhbjQ49aaiZtF//55gF1Yn8Hp1eLuj7cshuecgpDFZpDvkK94eFquwriX+kwL
6Xp9ROz4kM0cOWzZi4JzLSU87tn4y7rT+J4sNwm1yuy6/eOvIrN2/Kt9hGoAwC21
g39TdmeKD3iti4ozMhBvIqCgGf+NhtJ4efJUHzA6WVM+7GnWT6zxkeWvsmzz
-----END CERTIFICATE-----