Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/InHyWEjEiyh7nEE2TIiuq0-_-Cc.roa
File:                     InHyWEjEiyh7nEE2TIiuq0-_-Cc.roa (raw, json)
Hash identifier:          X+4z9Y0iJ1TRnqAnnq28KCv6J+YQ5AkdpPJ2iZvV3CI=
Subject key identifier:   22:71:F2:58:48:C4:8B:28:7B:9C:41:36:4C:88:AE:AB:4F:BF:F8:27
Certificate issuer:       /CN=1c99cebe0cf09903903d19c1ca0ae62421764859
Certificate serial:       019B791013D71F960E37E8CC0BAB3E260B62
Authority key identifier: 1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/InHyWEjEiyh7nEE2TIiuq0-_-Cc.roa
Signing time:             Thu 01 Jan 2026 10:17:35 +0000
ROA not before:           Thu 01 Jan 2026 10:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16186
IP address blocks:        89.105.48.0/20 maxlen: 20
                          185.116.4.0/22 maxlen: 22
                          2001:820::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:13:d7:1f:96:0e:37:e8:cc:0b:ab:3e:26:0b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c99cebe0cf09903903d19c1ca0ae62421764859
        Validity
            Not Before: Jan  1 10:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2271f25848c48b287b9c41364c88aeab4fbff827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0c:22:ad:2b:e2:7f:c0:95:fd:93:2c:44:81:
                    d6:83:b6:a9:2c:98:2b:2e:6b:4a:aa:fd:0e:5a:c8:
                    7d:59:7e:dd:96:08:78:13:57:e7:12:92:d9:76:70:
                    d9:e6:55:3e:00:9b:68:fe:90:70:65:fc:d6:e4:8f:
                    b3:b1:75:73:37:ed:c3:5a:74:8a:af:dd:59:08:ee:
                    e4:bf:fe:22:93:32:f2:12:50:96:d1:75:b9:c5:2e:
                    a3:ac:a3:6e:d0:2e:3f:e5:3c:da:d5:0b:2a:db:c3:
                    70:52:e4:56:d8:f9:5c:4c:64:0f:fa:0b:10:6e:6a:
                    c3:56:f1:d9:a5:73:bc:7d:1a:39:cd:71:e4:d5:2c:
                    a5:9f:46:91:de:ed:f2:38:89:27:bd:34:32:df:ac:
                    43:23:04:c2:ac:95:63:77:f7:8d:0f:dc:17:46:38:
                    0f:17:89:17:5c:fc:6e:27:9e:53:03:3e:5f:cf:c8:
                    3a:92:0d:a8:a0:b2:1e:56:6d:5a:4b:c8:c9:eb:90:
                    3e:b7:ad:34:fa:3c:12:a9:31:15:df:9b:32:01:de:
                    2a:81:ae:2c:cf:5a:e0:5f:7b:87:09:c4:2a:45:26:
                    87:73:27:de:eb:a6:9a:aa:46:f5:fb:ba:63:6c:ab:
                    aa:82:58:27:53:af:47:0f:c1:95:63:2c:e3:f9:d0:
                    41:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:71:F2:58:48:C4:8B:28:7B:9C:41:36:4C:88:AE:AB:4F:BF:F8:27
            X509v3 Authority Key Identifier:
                keyid:1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/InHyWEjEiyh7nEE2TIiuq0-_-Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.48.0/20
                  185.116.4.0/22
                IPv6:
                  2001:820::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:5c:20:de:d2:ce:98:c5:28:e2:2b:77:7c:c1:db:2f:ec:cf:
         a5:3d:d6:cb:ea:90:48:ac:a7:56:d3:e2:1d:1c:a7:3f:61:a6:
         0b:ca:39:10:0a:e6:b8:5d:23:8e:36:4a:de:ae:ca:a4:8b:77:
         9d:c1:b8:d7:91:5f:88:c9:0a:90:67:5e:b1:0c:eb:a0:69:1b:
         fb:fa:70:b2:e2:b4:1d:37:79:00:5a:fc:82:47:84:a0:78:62:
         f9:76:5b:7d:ee:1b:87:81:b1:8a:d5:fe:0b:7a:76:0e:c0:e4:
         bd:8d:57:37:fb:1c:fb:86:7c:42:d0:16:b4:27:10:28:f2:a7:
         b7:c0:61:4c:60:97:6f:b9:5b:6b:bb:6d:a2:96:95:90:ca:73:
         58:99:a2:68:bf:2e:c6:89:43:a2:e2:bd:9e:bc:7c:dd:79:cc:
         81:fa:df:3e:0e:d3:01:6c:83:e9:9d:f3:f0:e7:93:06:80:7e:
         f0:99:f1:eb:47:9f:12:50:8f:62:7b:20:5e:8c:6e:92:4d:06:
         be:32:11:72:b2:df:36:12:74:c4:f9:d9:86:d1:9a:bc:83:1c:
         2e:2e:38:08:47:eb:b7:c9:a6:18:63:b2:e4:9e:4f:32:7a:e5:
         24:e9:2b:f4:fb:76:8e:40:6a:04:af:a4:3c:15:81:64:f7:e4:
         89:74:e5:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt5EBPXH5YON+jMC6s+JgtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTljZWJlMGNmMDk5MDM5MDNkMTljMWNhMGFlNjI0MjE3
NjQ4NTkwHhcNMjYwMTAxMTAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjcxZjI1ODQ4YzQ4YjI4N2I5YzQxMzY0Yzg4YWVhYjRmYmZmODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQwirSvif8CV/ZMsRIHWg7apLJgr
LmtKqv0OWsh9WX7dlgh4E1fnEpLZdnDZ5lU+AJto/pBwZfzW5I+zsXVzN+3DWnSK
r91ZCO7kv/4ikzLyElCW0XW5xS6jrKNu0C4/5Tza1Qsq28NwUuRW2PlcTGQP+gsQ
bmrDVvHZpXO8fRo5zXHk1Syln0aR3u3yOIknvTQy36xDIwTCrJVjd/eND9wXRjgP
F4kXXPxuJ55TAz5fz8g6kg2ooLIeVm1aS8jJ65A+t600+jwSqTEV35syAd4qga4s
z1rgX3uHCcQqRSaHcyfe66aaqkb1+7pjbKuqglgnU69HD8GVYyzj+dBBxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCJx8lhIxIsoe5xBNkyIrqtPv/gnMB8GA1UdIwQY
MBaAFByZzr4M8JkDkD0ZwcoK5iQhdkhZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2Ut
OGMyNWI1ZmIyNzZmLzEvSW5IeVdFakVpeWg3bkVFMlRJaXVxMC1fLUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2UtOGMyNWI1ZmIyNzZm
LzEvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEWWkwAwQC
uXQEMA0EAgACMAcDBQAgAQggMA0GCSqGSIb3DQEBCwUAA4IBAQBAXCDe0s6YxSji
K3d8wdsv7M+lPdbL6pBIrKdW0+IdHKc/YaYLyjkQCua4XSOONkrersqki3edwbjX
kV+IyQqQZ16xDOugaRv7+nCy4rQdN3kAWvyCR4SgeGL5dlt97huHgbGK1f4LenYO
wOS9jVc3+xz7hnxC0Ba0JxAo8qe3wGFMYJdvuVtru22ilpWQynNYmaJovy7GiUOi
4r2evHzdecyB+t8+DtMBbIPpnfPw55MGgH7wmfHrR58SUI9ieyBejG6STQa+MhFy
st82EnTE+dmG0Zq8gxwuLjgIR+u3yaYYY7Lknk8yeuUk6Sv0+3aOQGoEr6Q8FYFk
9+SJdOVc
-----END CERTIFICATE-----