Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/9ufb-YMgSk7h2QizE8n86JdEfWM.roa
File:                     9ufb-YMgSk7h2QizE8n86JdEfWM.roa (raw, json)
Hash identifier:          BX1YdFPar86ayTV0Ftj90LWAviFt2qF3rhtqTocI99o=
Subject key identifier:   F6:E7:DB:F9:83:20:4A:4E:E1:D9:08:B3:13:C9:FC:E8:97:44:7D:63
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019E224D13F9F9D38D148A9CC7419AA7059C
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/9ufb-YMgSk7h2QizE8n86JdEfWM.roa
Signing time:             Wed 13 May 2026 17:05:37 +0000
ROA not before:           Wed 13 May 2026 17:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        85.239.154.0/24 maxlen: 24
                          178.239.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:4d:13:f9:f9:d3:8d:14:8a:9c:c7:41:9a:a7:05:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May 13 17:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6e7dbf983204a4ee1d908b313c9fce897447d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:08:64:a2:1e:d2:a5:6f:6a:3c:8f:2e:28:22:
                    87:90:96:5e:9c:59:db:1f:97:0d:d4:e3:ae:a7:89:
                    af:24:8a:3b:36:b7:26:ef:b7:38:c2:77:cd:79:2d:
                    48:74:b8:bf:1f:fb:60:04:dc:50:43:95:55:0c:d5:
                    a2:b1:2e:ce:12:26:9b:51:56:16:85:ff:cf:ab:b5:
                    a0:7f:57:a5:41:19:eb:27:cd:86:b2:57:5f:4b:95:
                    a0:b9:e4:b5:23:33:52:f1:5d:b1:82:9d:1c:ef:55:
                    00:55:36:27:dd:7c:69:cc:28:ce:fc:e5:a1:6d:15:
                    bd:21:c2:89:ef:27:2f:9e:3d:f7:cc:35:58:90:0f:
                    4a:d4:58:bd:93:15:ab:b7:61:3d:18:e3:c6:cb:c5:
                    44:b3:1b:4c:dd:d5:86:66:2f:2e:3e:2c:a6:d0:80:
                    d2:98:5f:a6:5b:79:79:af:42:b6:6f:4e:09:58:0e:
                    fe:20:a5:d8:92:a1:bf:fb:a6:51:82:48:9c:b1:86:
                    1f:89:d4:49:54:78:1f:e7:80:55:16:95:df:a6:37:
                    a3:72:15:15:d8:70:91:63:b5:33:31:10:99:70:df:
                    7b:07:f1:ac:f6:2d:75:29:89:7f:f9:38:0f:f8:37:
                    aa:2a:13:6d:f3:3a:3a:b1:0d:7b:77:b7:c9:9d:32:
                    b0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E7:DB:F9:83:20:4A:4E:E1:D9:08:B3:13:C9:FC:E8:97:44:7D:63
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/9ufb-YMgSk7h2QizE8n86JdEfWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.154.0/24
                  178.239.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ca:7c:83:f1:14:7b:24:9d:32:5f:5e:a8:96:38:84:50:28:
         aa:02:26:f9:6e:63:aa:47:1e:bd:95:51:26:86:59:07:43:c4:
         26:fb:10:c0:47:79:4e:cc:09:85:1e:90:04:89:65:d5:c8:fc:
         ac:78:7a:d6:96:28:0c:96:71:dd:35:52:19:cc:46:c3:73:10:
         8f:79:75:a5:3e:6b:35:18:1a:52:78:20:43:5d:d1:2d:1d:30:
         8a:17:2d:f9:30:c6:77:73:46:13:3c:93:84:eb:f2:f3:f8:b0:
         47:30:bc:6d:3f:9b:c2:2f:9b:bb:26:11:1a:18:60:45:ad:ad:
         a5:cd:11:51:b0:b1:18:01:1d:1b:a6:4d:ef:61:cd:18:72:77:
         e4:9d:4b:04:40:50:2f:1f:1c:69:8f:f0:ce:77:d0:5a:f3:0b:
         13:bb:84:8c:c2:a0:43:61:4d:75:a2:dd:b4:02:54:6e:5b:21:
         47:84:54:33:be:a3:72:16:11:11:e0:5c:16:e6:4d:5a:59:59:
         ec:9f:a7:4d:44:4c:55:d7:3b:f7:3e:ce:1a:7b:83:45:57:87:
         67:75:56:d2:2a:39:7e:50:ba:61:ad:d7:a9:b9:19:e3:e7:48:
         31:0e:79:20:10:d4:a2:84:41:79:89:85:52:53:c0:34:31:7d:
         e2:bb:50:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4iTRP5+dONFIqcx0GapwWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNTEzMTcwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU3ZGJmOTgzMjA0YTRlZTFkOTA4YjMxM2M5ZmNlODk3NDQ3ZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwhkoh7SpW9qPI8uKCKHkJZenFnb
H5cN1OOup4mvJIo7Nrcm77c4wnfNeS1IdLi/H/tgBNxQQ5VVDNWisS7OEiabUVYW
hf/Pq7Wgf1elQRnrJ82GsldfS5WgueS1IzNS8V2xgp0c71UAVTYn3XxpzCjO/OWh
bRW9IcKJ7ycvnj33zDVYkA9K1Fi9kxWrt2E9GOPGy8VEsxtM3dWGZi8uPiym0IDS
mF+mW3l5r0K2b04JWA7+IKXYkqG/+6ZRgkicsYYfidRJVHgf54BVFpXfpjejchUV
2HCRY7UzMRCZcN97B/Gs9i11KYl/+TgP+DeqKhNt8zo6sQ17d7fJnTKwAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbn2/mDIEpO4dkIsxPJ/OiXRH1jMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvOXVmYi1ZTWdTazdoMlFpekU4bjg2SmRFZldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVe+aAwQA
su96MA0GCSqGSIb3DQEBCwUAA4IBAQCLynyD8RR7JJ0yX16oljiEUCiqAib5bmOq
Rx69lVEmhlkHQ8Qm+xDAR3lOzAmFHpAEiWXVyPyseHrWligMlnHdNVIZzEbDcxCP
eXWlPms1GBpSeCBDXdEtHTCKFy35MMZ3c0YTPJOE6/Lz+LBHMLxtP5vCL5u7JhEa
GGBFra2lzRFRsLEYAR0bpk3vYc0YcnfknUsEQFAvHxxpj/DOd9Ba8wsTu4SMwqBD
YU11ot20AlRuWyFHhFQzvqNyFhER4FwW5k1aWVnsn6dNRExV1zv3Ps4ae4NFV4dn
dVbSKjl+ULphrdepuRnj50gxDnkgENSihEF5iYVSU8A0MX3iu1DV
-----END CERTIFICATE-----