Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/puIyv7NHFmCYG4FzBMGCiSPBMAI.roa
File:                     puIyv7NHFmCYG4FzBMGCiSPBMAI.roa (raw, json)
Hash identifier:          i1Aa75xsqKrbXHK4auY98NNg+6xdfgvwz966P5kACS4=
Subject key identifier:   A6:E2:32:BF:B3:47:16:60:98:1B:81:73:04:C1:82:89:23:C1:30:02
Certificate issuer:       /CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
Certificate serial:       019B79101DC025B3F68A0B7908F69820BACF
Authority key identifier: AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/puIyv7NHFmCYG4FzBMGCiSPBMAI.roa
Signing time:             Thu 01 Jan 2026 10:17:37 +0000
ROA not before:           Thu 01 Jan 2026 10:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199298
IP address blocks:        185.21.220.0/22 maxlen: 22
                          2a00:5c20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:1d:c0:25:b3:f6:8a:0b:79:08:f6:98:20:ba:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
        Validity
            Not Before: Jan  1 10:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6e232bfb3471660981b817304c1828923c13002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a9:5c:1d:dc:56:60:03:0e:79:cd:03:54:f2:
                    88:87:45:53:6a:49:a0:8f:90:82:5d:be:01:68:c6:
                    2e:11:23:84:d4:33:d3:ac:7e:1a:11:33:fe:3e:d2:
                    c1:35:c3:8d:b3:fd:0a:e6:06:73:f4:d5:93:a9:18:
                    24:75:02:4b:97:57:98:4b:08:bf:bd:d7:f2:23:ff:
                    81:f2:97:80:8c:65:c0:16:14:ed:fd:af:a9:76:d1:
                    f0:40:6d:80:57:0a:47:5c:8b:32:9b:93:4b:40:5a:
                    29:dd:34:c5:0a:a9:59:3c:a7:45:86:81:11:84:47:
                    b6:3b:e5:d1:74:a7:89:f4:14:38:1f:6d:74:4b:41:
                    3d:96:01:5b:21:f1:c1:49:03:08:49:59:83:23:fc:
                    5e:76:d4:c9:a9:b0:85:65:66:24:7b:da:2f:83:5a:
                    a9:94:85:69:bc:8f:6e:aa:cd:d0:9b:b6:24:c1:f5:
                    b5:1f:c1:a8:a7:a3:75:05:2a:f7:61:ff:23:e4:0b:
                    90:23:f7:cc:52:b5:dd:ef:4d:27:6c:48:f7:d8:ac:
                    8f:03:72:e0:de:5a:e9:20:50:f0:9e:6e:23:03:3c:
                    86:cd:e4:8a:ee:c9:8b:48:b8:7a:80:26:7c:fd:59:
                    0d:07:50:f5:a5:d9:39:b3:69:af:89:c2:d8:56:67:
                    df:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E2:32:BF:B3:47:16:60:98:1B:81:73:04:C1:82:89:23:C1:30:02
            X509v3 Authority Key Identifier:
                keyid:AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/puIyv7NHFmCYG4FzBMGCiSPBMAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.220.0/22
                IPv6:
                  2a00:5c20::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:dc:11:ec:6c:86:a8:a3:c4:ba:4b:d0:b1:44:04:17:0a:29:
         f4:16:b2:15:8e:72:a6:1e:a7:a1:ba:23:f1:4d:25:d5:fc:04:
         2b:8c:9c:94:9f:84:d2:31:d5:83:a2:4b:31:95:d6:1f:2b:a1:
         e3:a0:f6:dc:e4:3d:d6:28:15:2d:e3:b9:08:18:28:68:3b:a8:
         68:2e:db:6b:8e:b8:4c:d7:b0:0c:fa:17:7a:38:18:6d:d1:b1:
         af:25:88:a0:21:d3:f2:d8:19:5a:3b:a6:bf:f0:7c:77:9c:8d:
         cb:e4:b3:39:97:5c:80:a8:22:d9:9d:bd:6f:fb:5b:1e:91:c8:
         9c:92:de:5e:17:60:b0:c5:2a:a6:eb:97:0a:dd:eb:4c:f6:15:
         0e:84:31:aa:f2:98:d2:b8:2c:b5:b6:7c:d7:26:0a:bc:a9:f9:
         13:70:3f:49:9f:30:f1:91:21:d6:de:f2:62:89:5a:f3:4d:d4:
         e0:31:3b:a1:d5:05:92:d8:9d:4d:68:c1:49:6f:f0:67:63:87:
         47:31:48:15:42:13:e0:7f:06:80:e9:a3:60:69:ab:02:ca:fc:
         0c:dd:53:94:ac:4a:0d:a3:85:c4:65:f4:d1:85:d5:1e:77:b2:
         02:6b:45:5c:b3:0f:5d:9f:ae:7f:83:9e:87:3a:78:dc:88:f6:
         19:3f:17:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5EB3AJbP2igt5CPaYILrPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmY2MxZDMwZWRlZWFiNTRiNTgxMmE5OTBhOTQzZTNlOGZl
ODM5MWQwHhcNMjYwMTAxMTAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmUyMzJiZmIzNDcxNjYwOTgxYjgxNzMwNGMxODI4OTIzYzEzMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6lcHdxWYAMOec0DVPKIh0VTakmg
j5CCXb4BaMYuESOE1DPTrH4aETP+PtLBNcONs/0K5gZz9NWTqRgkdQJLl1eYSwi/
vdfyI/+B8peAjGXAFhTt/a+pdtHwQG2AVwpHXIsym5NLQFop3TTFCqlZPKdFhoER
hEe2O+XRdKeJ9BQ4H210S0E9lgFbIfHBSQMISVmDI/xedtTJqbCFZWYke9ovg1qp
lIVpvI9uqs3Qm7YkwfW1H8Gop6N1BSr3Yf8j5AuQI/fMUrXd700nbEj32KyPA3Lg
3lrpIFDwnm4jAzyGzeSK7smLSLh6gCZ8/VkNB1D1pdk5s2mvicLYVmffhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKbiMr+zRxZgmBuBcwTBgokjwTACMB8GA1UdIwQY
MBaAFK/MHTDt7qtUtYEqmQqUPj6P6DkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjct
YTIyMGZlNmEyYTI1LzEvcHVJeXY3TkhGbUNZRzRGekJNR0NpU1BCTUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjctYTIyMGZlNmEyYTI1
LzEvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRXcMA0E
AgACMAcDBQAqAFwgMA0GCSqGSIb3DQEBCwUAA4IBAQAB3BHsbIaoo8S6S9CxRAQX
Cin0FrIVjnKmHqehuiPxTSXV/AQrjJyUn4TSMdWDoksxldYfK6HjoPbc5D3WKBUt
47kIGChoO6hoLttrjrhM17AM+hd6OBht0bGvJYigIdPy2BlaO6a/8Hx3nI3L5LM5
l1yAqCLZnb1v+1sekcickt5eF2CwxSqm65cK3etM9hUOhDGq8pjSuCy1tnzXJgq8
qfkTcD9JnzDxkSHW3vJiiVrzTdTgMTuh1QWS2J1NaMFJb/BnY4dHMUgVQhPgfwaA
6aNgaasCyvwM3VOUrEoNo4XEZfTRhdUed7ICa0Vcsw9dn65/g56HOnjciPYZPxeI
-----END CERTIFICATE-----