Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/_tzStQypjSsTd5J5hFzGNfegMAw.roa
File:                     _tzStQypjSsTd5J5hFzGNfegMAw.roa (raw, json)
Hash identifier:          cVhf/9qGJtAWRxPefGE+MkLnZXCIUjakYo8t4TtVyiI=
Subject key identifier:   FE:DC:D2:B5:0C:A9:8D:2B:13:77:92:79:84:5C:C6:35:F7:A0:30:0C
Certificate issuer:       /CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Certificate serial:       019E3F35EEAC9509DACFC53E141BE1E29710
Authority key identifier: BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/_tzStQypjSsTd5J5hFzGNfegMAw.roa
Signing time:             Tue 19 May 2026 07:49:19 +0000
ROA not before:           Tue 19 May 2026 07:49:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.34.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:35:ee:ac:95:09:da:cf:c5:3e:14:1b:e1:e2:97:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
        Validity
            Not Before: May 19 07:49:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fedcd2b50ca98d2b13779279845cc635f7a0300c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2c:03:24:2a:cf:71:ce:f6:09:2c:f1:29:4f:
                    cb:59:4b:69:ad:fd:70:d6:21:60:d8:c5:81:8e:de:
                    3e:71:30:ac:79:a0:ce:35:bd:74:e1:b0:b5:4c:cc:
                    91:6e:12:41:52:3f:05:4e:f3:3d:d7:65:87:dd:78:
                    5b:1e:ca:2c:b9:46:fc:3c:dc:b6:8d:e7:c7:94:07:
                    69:da:d1:05:bf:d9:28:31:85:b7:b9:f7:33:ad:ce:
                    01:0e:7c:2c:5f:e9:dd:03:a9:40:f7:a3:d5:43:62:
                    f2:51:2c:f1:54:21:22:c6:b9:67:2b:59:10:00:fa:
                    dd:36:a2:c9:31:21:dc:5c:3d:81:6e:2a:ed:32:7b:
                    41:8d:cf:85:a1:f5:cc:75:7a:86:94:b3:7d:12:3b:
                    2a:92:27:ea:80:d1:42:f1:0b:8a:76:9f:c3:69:27:
                    94:80:a1:26:c9:86:8d:a8:38:a7:db:d6:1d:a0:84:
                    15:4b:5f:ec:1e:71:26:68:d3:4d:b6:89:3a:19:67:
                    7e:ae:50:76:6c:66:14:c0:6c:c5:11:9a:d6:80:18:
                    24:ab:82:f1:42:26:e1:71:c5:a1:6c:c4:54:dd:09:
                    df:87:fc:b5:10:5e:04:c7:d1:e3:3a:68:58:ea:a4:
                    88:71:78:a2:6a:04:47:d1:3d:6c:aa:cb:c8:2c:84:
                    62:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DC:D2:B5:0C:A9:8D:2B:13:77:92:79:84:5C:C6:35:F7:A0:30:0C
            X509v3 Authority Key Identifier:
                keyid:BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/_tzStQypjSsTd5J5hFzGNfegMAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:6b:d3:41:d6:44:e1:4b:8a:6d:fc:b3:f5:2b:d1:99:0e:f9:
         c4:e4:81:c7:82:95:6c:72:c5:fb:32:d6:42:dd:b7:c7:1b:3c:
         f2:00:b7:d3:86:19:ec:7a:6e:7d:8f:44:78:7d:49:e7:d3:7d:
         45:72:1f:d6:49:43:c9:95:13:92:7e:23:ef:42:c4:2d:d2:49:
         9d:17:63:16:fa:be:27:54:2a:a0:78:e7:7c:c7:92:06:83:71:
         a3:b7:e8:c3:e7:46:16:b7:f8:83:52:97:31:0f:ac:16:7c:50:
         52:8c:d0:83:29:6f:78:f4:27:c5:d9:88:c8:13:5e:31:9f:15:
         85:c1:7a:32:36:cc:d0:d3:b3:c5:af:48:43:13:b6:40:2b:e3:
         93:be:30:14:70:11:54:46:9f:8b:58:8f:1a:5b:22:0a:9f:ad:
         4e:e7:2d:cb:91:6a:1c:36:82:56:1f:d6:ad:99:c5:9c:99:01:
         ef:05:ca:5f:9c:96:98:dd:74:fd:0d:0f:e6:93:98:8a:ff:c0:
         a5:0f:94:5a:1a:f2:35:95:51:a5:d2:0e:be:a4:77:40:78:2e:
         06:e4:92:a6:b5:dc:fc:44:70:dc:5c:3b:d7:41:e4:cf:f0:d0:
         ee:50:7e:78:a6:17:39:6b:43:cb:0c:af:3c:c5:dd:b9:c1:61:
         7a:68:e7:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/Ne6slQnaz8U+FBvh4pcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODg4NDlhMmViNWU5ZGQ1NzFhOGU3NDNiZWQ3Yjk1MTNk
N2ExMjEwHhcNMjYwNTE5MDc0OTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWRjZDJiNTBjYTk4ZDJiMTM3NzkyNzk4NDVjYzYzNWY3YTAzMDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CwDJCrPcc72CSzxKU/LWUtprf1w
1iFg2MWBjt4+cTCseaDONb104bC1TMyRbhJBUj8FTvM912WH3XhbHsosuUb8PNy2
jefHlAdp2tEFv9koMYW3ufczrc4BDnwsX+ndA6lA96PVQ2LyUSzxVCEixrlnK1kQ
APrdNqLJMSHcXD2BbirtMntBjc+FofXMdXqGlLN9EjsqkifqgNFC8QuKdp/DaSeU
gKEmyYaNqDin29YdoIQVS1/sHnEmaNNNtok6GWd+rlB2bGYUwGzFEZrWgBgkq4Lx
QibhccWhbMRU3Qnfh/y1EF4Ex9HjOmhY6qSIcXiiagRH0T1sqsvILIRiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7c0rUMqY0rE3eSeYRcxjX3oDAMMB8GA1UdIwQY
MBaAFL+IhJoutendVxqOdDvte5UT16EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYt
MjM3MzliNWZkODRjLzEvX3R6U3RReXBqU3NUZDVKNWhGekdOZmVnTUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYtMjM3MzliNWZkODRj
LzEvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSJVMA0G
CSqGSIb3DQEBCwUAA4IBAQA/a9NB1kThS4pt/LP1K9GZDvnE5IHHgpVscsX7MtZC
3bfHGzzyALfThhnsem59j0R4fUnn031Fch/WSUPJlROSfiPvQsQt0kmdF2MW+r4n
VCqgeOd8x5IGg3Gjt+jD50YWt/iDUpcxD6wWfFBSjNCDKW949CfF2YjIE14xnxWF
wXoyNszQ07PFr0hDE7ZAK+OTvjAUcBFURp+LWI8aWyIKn61O5y3LkWocNoJWH9at
mcWcmQHvBcpfnJaY3XT9DQ/mk5iK/8ClD5RaGvI1lVGl0g6+pHdAeC4G5JKmtdz8
RHDcXDvXQeTP8NDuUH54phc5a0PLDK88xd25wWF6aOcZ
-----END CERTIFICATE-----