Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/Bopny7bI2jlfU67WynG1VqqZeys.roa
File:                     Bopny7bI2jlfU67WynG1VqqZeys.roa (raw, json)
Hash identifier:          VYcCPfl7fJTQ6gIXXd+kulaQjydxkXZtJ5KExsSYNb8=
Subject key identifier:   06:8A:67:CB:B6:C8:DA:39:5F:53:AE:D6:CA:71:B5:56:AA:99:7B:2B
Certificate issuer:       /CN=53799560453dcf4af31f9b2a40cd238b8457c5de
Certificate serial:       019B7DCAC8A91E34705F70842F89C28B6A57
Authority key identifier: 53:79:95:60:45:3D:CF:4A:F3:1F:9B:2A:40:CD:23:8B:84:57:C5:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3mVYEU9z0rzH5sqQM0ji4RXxd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/Bopny7bI2jlfU67WynG1VqqZeys.roa
Signing time:             Fri 02 Jan 2026 08:20:00 +0000
ROA not before:           Fri 02 Jan 2026 08:20:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205176
IP address blocks:        185.227.116.0/22 maxlen: 22
                          185.227.116.0/24 maxlen: 24
                          2a0c:aa00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/U3mVYEU9z0rzH5sqQM0ji4RXxd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/U3mVYEU9z0rzH5sqQM0ji4RXxd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3mVYEU9z0rzH5sqQM0ji4RXxd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:c8:a9:1e:34:70:5f:70:84:2f:89:c2:8b:6a:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53799560453dcf4af31f9b2a40cd238b8457c5de
        Validity
            Not Before: Jan  2 08:20:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=068a67cbb6c8da395f53aed6ca71b556aa997b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:94:84:00:3c:29:34:78:b5:30:88:8e:e3:d7:
                    f2:5f:e6:27:be:cb:48:40:ea:f4:0b:76:e4:3c:9a:
                    64:37:f6:90:8d:e0:bd:64:b1:66:d5:81:e3:e6:7a:
                    c3:02:10:98:98:72:7e:11:84:23:1f:28:bc:8f:17:
                    12:e1:9e:5c:df:50:e8:6f:08:94:51:8f:42:21:86:
                    35:06:dd:5a:9d:02:5a:21:f4:7e:74:d7:f7:08:ca:
                    97:c5:f3:db:9c:b9:c6:87:de:56:a4:b8:1a:5a:9e:
                    63:08:13:a5:cb:45:0a:21:2d:58:e5:c3:a9:58:97:
                    7c:3b:fd:b6:ed:33:81:ce:fa:51:8b:9e:92:2c:cb:
                    06:95:56:93:3f:6f:79:66:82:43:0d:3b:f6:e2:de:
                    54:3d:14:c1:24:58:0e:81:ab:e3:ed:53:e8:70:de:
                    3e:fc:0c:ef:6a:ea:77:a2:29:11:14:78:43:42:f5:
                    07:1e:2f:83:b8:04:8f:0d:57:1d:e6:ca:3b:b2:bd:
                    e0:85:aa:04:91:8d:c5:7f:90:09:2e:23:6d:7f:d1:
                    e9:37:03:1c:55:51:6f:1a:1d:86:38:da:36:6f:d1:
                    fd:13:7e:90:8d:7d:7e:31:0f:de:44:a6:44:39:7d:
                    5d:a3:77:66:97:ea:23:cd:c0:2f:4d:ea:35:85:3e:
                    97:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8A:67:CB:B6:C8:DA:39:5F:53:AE:D6:CA:71:B5:56:AA:99:7B:2B
            X509v3 Authority Key Identifier:
                keyid:53:79:95:60:45:3D:CF:4A:F3:1F:9B:2A:40:CD:23:8B:84:57:C5:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3mVYEU9z0rzH5sqQM0ji4RXxd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/Bopny7bI2jlfU67WynG1VqqZeys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d8771a-e753-406c-a1d8-39ab77b833ea/1/U3mVYEU9z0rzH5sqQM0ji4RXxd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.116.0/22
                IPv6:
                  2a0c:aa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:e3:f4:14:6c:d9:c0:35:c9:6d:e4:04:2c:0c:ca:2a:cc:fa:
         f5:e0:f5:e3:93:63:e9:61:69:cf:6b:63:13:b7:84:a1:16:59:
         6c:d6:39:ca:58:4b:41:e7:8b:40:f3:23:11:17:a3:3e:f8:6a:
         7c:8c:96:e0:5d:36:d8:15:c8:a0:c1:34:91:b9:07:2d:a0:9b:
         f1:bf:4d:8d:00:80:a4:9d:1c:bb:9c:87:fe:c6:41:c6:8a:46:
         b3:81:a3:74:1a:99:18:b8:15:8c:b9:a9:69:f6:c6:f2:50:14:
         27:60:70:d3:8f:4a:56:9d:64:d8:85:e7:a5:b5:a8:fd:6b:d6:
         aa:77:a0:16:43:39:c7:e5:d4:53:ac:97:4b:12:b4:09:34:7d:
         82:25:04:52:2a:7f:70:94:7c:2e:7c:43:26:96:13:fc:c3:28:
         71:02:b2:ea:ea:b1:d0:4d:76:10:5d:5e:6f:cd:4d:42:f5:62:
         4f:26:28:94:dd:34:61:4b:22:7c:bd:bb:c9:7c:e3:81:38:c7:
         b1:7e:c5:dc:1b:b8:48:c8:df:09:8f:d0:d4:27:57:5d:45:b3:
         31:f5:36:0b:b4:34:49:c4:36:01:0d:30:bc:79:77:09:12:a7:
         5a:59:d2:e3:d7:46:d3:6e:40:0d:82:89:d2:cc:68:99:7a:c9:
         2b:de:73:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9ysipHjRwX3CEL4nCi2pXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzk5NTYwNDUzZGNmNGFmMzFmOWIyYTQwY2QyMzhiODQ1
N2M1ZGUwHhcNMjYwMTAyMDgyMDAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjhhNjdjYmI2YzhkYTM5NWY1M2FlZDZjYTcxYjU1NmFhOTk3YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pSEADwpNHi1MIiO49fyX+YnvstI
QOr0C3bkPJpkN/aQjeC9ZLFm1YHj5nrDAhCYmHJ+EYQjHyi8jxcS4Z5c31DobwiU
UY9CIYY1Bt1anQJaIfR+dNf3CMqXxfPbnLnGh95WpLgaWp5jCBOly0UKIS1Y5cOp
WJd8O/227TOBzvpRi56SLMsGlVaTP295ZoJDDTv24t5UPRTBJFgOgavj7VPocN4+
/Azvaup3oikRFHhDQvUHHi+DuASPDVcd5so7sr3ghaoEkY3Ff5AJLiNtf9HpNwMc
VVFvGh2GONo2b9H9E36QjX1+MQ/eRKZEOX1do3dml+ojzcAvTeo1hT6X4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAaKZ8u2yNo5X1Ou1spxtVaqmXsrMB8GA1UdIwQY
MBaAFFN5lWBFPc9K8x+bKkDNI4uEV8XeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNtVllFVTl6MHJ6SDVzcVFNMGppNFJYeGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kODc3MWEtZTc1My00MDZjLWExZDgt
MzlhYjc3YjgzM2VhLzEvQm9wbnk3YkkyamxmVTY3V3luRzFWcXFaZXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kODc3MWEtZTc1My00MDZjLWExZDgtMzlhYjc3YjgzM2Vh
LzEvVTNtVllFVTl6MHJ6SDVzcVFNMGppNFJYeGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueN0MA0E
AgACMAcDBQMqDKoAMA0GCSqGSIb3DQEBCwUAA4IBAQA+4/QUbNnANclt5AQsDMoq
zPr14PXjk2PpYWnPa2MTt4ShFlls1jnKWEtB54tA8yMRF6M++Gp8jJbgXTbYFcig
wTSRuQctoJvxv02NAICknRy7nIf+xkHGikazgaN0GpkYuBWMualp9sbyUBQnYHDT
j0pWnWTYheeltaj9a9aqd6AWQznH5dRTrJdLErQJNH2CJQRSKn9wlHwufEMmlhP8
wyhxArLq6rHQTXYQXV5vzU1C9WJPJiiU3TRhSyJ8vbvJfOOBOMexfsXcG7hIyN8J
j9DUJ1ddRbMx9TYLtDRJxDYBDTC8eXcJEqdaWdLj10bTbkANgonSzGiZeskr3nNt
-----END CERTIFICATE-----