Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/Igv0iKibrdAXGjgsd8hPRxgEjCg.roa
File:                     Igv0iKibrdAXGjgsd8hPRxgEjCg.roa (raw, json)
Hash identifier:          9mosYeawKJ3SeEs3+N+XOX8qvV/b7ZB2EjQAeZlJCHc=
Subject key identifier:   22:0B:F4:88:A8:9B:AD:D0:17:1A:38:2C:77:C8:4F:47:18:04:8C:28
Certificate issuer:       /CN=b252dda27226a275e3e79b374c8f263cd2d8ecd1
Certificate serial:       019B7A5ACE7807DEC1F34F43EC0D64C60DA0
Authority key identifier: B2:52:DD:A2:72:26:A2:75:E3:E7:9B:37:4C:8F:26:3C:D2:D8:EC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/Igv0iKibrdAXGjgsd8hPRxgEjCg.roa
Signing time:             Thu 01 Jan 2026 16:18:49 +0000
ROA not before:           Thu 01 Jan 2026 16:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34196
IP address blocks:        185.156.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ce:78:07:de:c1:f3:4f:43:ec:0d:64:c6:0d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b252dda27226a275e3e79b374c8f263cd2d8ecd1
        Validity
            Not Before: Jan  1 16:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=220bf488a89badd0171a382c77c84f4718048c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a5:76:d1:14:bf:4b:8c:e6:c7:a0:2e:0f:4e:
                    3d:56:85:ac:1a:07:1b:68:58:2a:35:b5:78:4c:06:
                    60:f0:a8:1c:20:a7:58:bc:7f:36:17:6d:eb:07:5c:
                    e6:4b:ed:68:39:3b:eb:6d:0c:b3:07:8a:5c:98:1d:
                    67:3f:28:6c:11:46:ec:88:2d:1c:97:e3:87:15:00:
                    cd:23:cf:7c:3b:7e:2e:ff:8c:de:6a:fe:ab:7d:84:
                    88:60:fb:3b:81:8f:aa:a2:bf:de:27:8f:0e:8f:2a:
                    4b:ee:0b:30:bb:51:9a:16:be:fb:b2:8d:9a:99:2f:
                    4e:f0:32:d9:80:da:57:15:32:e2:77:58:64:a2:ee:
                    2c:62:5f:c2:61:23:3b:27:3b:00:d7:79:67:83:2c:
                    0a:68:93:15:06:a8:7d:ec:8d:c4:ba:6f:22:84:6a:
                    3e:0d:28:b2:0f:b3:bd:75:ad:df:9e:12:20:92:a7:
                    a0:cb:b8:89:8b:da:78:d5:bc:c0:51:d6:41:61:73:
                    0a:80:d3:c3:1b:5e:d6:c1:bb:f0:c1:1d:5d:c7:1e:
                    8c:39:7e:48:d3:fc:76:01:23:62:00:d5:1f:f1:d0:
                    c8:cd:50:8a:5a:1b:53:7d:9f:1e:10:f4:61:c4:5c:
                    ea:3c:a5:e0:e2:b3:23:71:77:24:62:a1:11:4e:d7:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:0B:F4:88:A8:9B:AD:D0:17:1A:38:2C:77:C8:4F:47:18:04:8C:28
            X509v3 Authority Key Identifier:
                keyid:B2:52:DD:A2:72:26:A2:75:E3:E7:9B:37:4C:8F:26:3C:D2:D8:EC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/Igv0iKibrdAXGjgsd8hPRxgEjCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:4e:c1:01:1b:7f:f4:e1:c5:af:dc:d1:5b:37:9b:35:af:72:
         95:69:69:24:f0:95:40:df:d5:cc:9e:05:7f:17:16:67:79:a0:
         2f:ec:9a:7b:92:56:02:65:f1:00:9e:5c:c0:4b:89:45:12:3a:
         08:f0:96:2e:59:c0:54:6c:08:83:83:3d:88:13:b6:e2:23:ce:
         da:a0:1f:22:8a:db:f3:62:a6:aa:07:12:22:ba:e8:7e:79:0a:
         37:a5:f9:5f:ec:bc:b2:4d:b1:eb:45:d3:27:85:fb:90:5d:35:
         d8:6b:2f:cf:9f:a3:1a:60:dc:41:c1:72:83:6a:d1:eb:bc:6d:
         4e:07:f3:f0:44:ba:ee:16:b3:20:61:58:e1:cb:45:6c:69:95:
         57:8d:b9:2a:1e:62:10:d4:1d:58:17:ef:a3:f7:93:15:c1:d3:
         38:cb:9e:6e:50:ed:8a:36:4e:5c:af:a0:f4:26:76:0d:8f:9a:
         4c:89:b5:14:e4:84:6f:7c:6a:d8:61:24:c6:05:84:65:59:f2:
         f9:72:3b:1d:2e:85:5b:6a:e0:4c:4b:91:1d:19:7b:dc:6f:8f:
         04:81:1c:3e:2a:dd:92:7a:f5:93:a2:5d:8e:d6:d6:54:c9:2e:
         5e:e4:8e:7c:f8:70:4d:25:2e:7e:61:fe:bf:98:59:a2:50:e9:
         72:55:83:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Ws54B97B809D7A1kxg2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNTJkZGEyNzIyNmEyNzVlM2U3OWIzNzRjOGYyNjNjZDJk
OGVjZDEwHhcNMjYwMTAxMTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjBiZjQ4OGE4OWJhZGQwMTcxYTM4MmM3N2M4NGY0NzE4MDQ4YzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaV20RS/S4zmx6AuD049VoWsGgcb
aFgqNbV4TAZg8KgcIKdYvH82F23rB1zmS+1oOTvrbQyzB4pcmB1nPyhsEUbsiC0c
l+OHFQDNI898O34u/4zeav6rfYSIYPs7gY+qor/eJ48OjypL7gswu1GaFr77so2a
mS9O8DLZgNpXFTLid1hkou4sYl/CYSM7JzsA13lngywKaJMVBqh97I3Eum8ihGo+
DSiyD7O9da3fnhIgkqegy7iJi9p41bzAUdZBYXMKgNPDG17WwbvwwR1dxx6MOX5I
0/x2ASNiANUf8dDIzVCKWhtTfZ8eEPRhxFzqPKXg4rMjcXckYqERTtdW2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIL9Iiom63QFxo4LHfIT0cYBIwoMB8GA1UdIwQY
MBaAFLJS3aJyJqJ14+ebN0yPJjzS2OzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2xMZG9uSW1vblhqNTVzM1RJOG1QTkxZN05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMDVhMmUtYzI4MS00ZGFiLTgzNzMt
YTE3Nzk5MDRiMWM1LzEvSWd2MGlLaWJyZEFYR2pnc2Q4aFBSeGdFakNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMDVhMmUtYzI4MS00ZGFiLTgzNzMtYTE3Nzk5MDRiMWM1
LzEvc2xMZG9uSW1vblhqNTVzM1RJOG1QTkxZN05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZyoMA0G
CSqGSIb3DQEBCwUAA4IBAQBZTsEBG3/04cWv3NFbN5s1r3KVaWkk8JVA39XMngV/
FxZneaAv7Jp7klYCZfEAnlzAS4lFEjoI8JYuWcBUbAiDgz2IE7biI87aoB8iitvz
YqaqBxIiuuh+eQo3pflf7LyyTbHrRdMnhfuQXTXYay/Pn6MaYNxBwXKDatHrvG1O
B/PwRLruFrMgYVjhy0VsaZVXjbkqHmIQ1B1YF++j95MVwdM4y55uUO2KNk5cr6D0
JnYNj5pMibUU5IRvfGrYYSTGBYRlWfL5cjsdLoVbauBMS5EdGXvcb48EgRw+Kt2S
evWTol2O1tZUyS5e5I58+HBNJS5+Yf6/mFmiUOlyVYPi
-----END CERTIFICATE-----