Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/85WCcONItIMRuSMaOxRM44ohzIg.roa
File:                     85WCcONItIMRuSMaOxRM44ohzIg.roa (raw, json)
Hash identifier:          /TIQDAXeA50QelIx61Q5b/Z25D6OyfrLynQ4VaudkRU=
Subject key identifier:   F3:95:82:70:E3:48:B4:83:11:B9:23:1A:3B:14:4C:E3:8A:21:CC:88
Certificate issuer:       /CN=8e8e977abefa2a1f995e89c947fefd4636b7961c
Certificate serial:       019CD7B1AB74CC35F34987179742A03D526D
Authority key identifier: 8E:8E:97:7A:BE:FA:2A:1F:99:5E:89:C9:47:FE:FD:46:36:B7:96:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jo6Xer76Kh-ZXonJR_79Rja3lhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/85WCcONItIMRuSMaOxRM44ohzIg.roa
Signing time:             Tue 10 Mar 2026 12:21:10 +0000
ROA not before:           Tue 10 Mar 2026 12:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34762
IP address blocks:        62.193.192.0/20 maxlen: 24
                          185.138.42.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/jo6Xer76Kh-ZXonJR_79Rja3lhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/jo6Xer76Kh-ZXonJR_79Rja3lhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jo6Xer76Kh-ZXonJR_79Rja3lhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:b1:ab:74:cc:35:f3:49:87:17:97:42:a0:3d:52:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e8e977abefa2a1f995e89c947fefd4636b7961c
        Validity
            Not Before: Mar 10 12:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3958270e348b48311b9231a3b144ce38a21cc88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8a:d8:93:25:6d:08:71:5a:6b:fd:24:10:7b:
                    ac:3b:a7:23:7c:2d:0d:67:e2:71:c0:33:08:e2:bb:
                    28:42:98:7c:99:f4:bd:2b:3a:66:01:d0:43:0c:13:
                    78:fe:06:ac:c4:07:b4:c2:25:df:15:ab:e8:81:43:
                    7c:11:15:49:e2:59:c0:00:83:a7:cf:d1:09:71:1f:
                    ee:a8:19:6c:60:5d:e4:5b:44:b5:29:8c:48:ab:2d:
                    90:a7:a2:8a:98:11:b8:93:6c:46:f0:a2:42:40:c7:
                    40:e8:2a:23:ef:7d:3a:e1:5b:fa:93:11:56:39:60:
                    b1:04:9a:c6:94:e8:f3:12:a5:6d:e9:2a:94:5a:ba:
                    e1:06:aa:48:76:a2:5c:f4:d1:69:f9:1e:86:9f:2a:
                    b9:9b:d4:0e:a9:9c:b9:c3:89:80:ba:00:e1:a8:71:
                    b1:11:a7:55:76:3d:02:d3:96:43:ef:3f:7e:b1:3d:
                    10:3c:e2:06:e8:54:db:89:2d:c7:b6:35:ed:37:8f:
                    cb:91:02:b9:8e:22:ed:64:e8:d9:bd:5e:c5:d2:ed:
                    4c:47:ea:b7:89:ea:1a:4b:03:8d:2a:97:c3:0e:1f:
                    a3:fc:05:ec:7d:51:98:6d:14:44:38:1b:12:5a:13:
                    e4:60:d7:1b:59:f7:2a:b2:e5:fa:65:1a:4c:4f:7f:
                    1c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:95:82:70:E3:48:B4:83:11:B9:23:1A:3B:14:4C:E3:8A:21:CC:88
            X509v3 Authority Key Identifier:
                keyid:8E:8E:97:7A:BE:FA:2A:1F:99:5E:89:C9:47:FE:FD:46:36:B7:96:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jo6Xer76Kh-ZXonJR_79Rja3lhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/85WCcONItIMRuSMaOxRM44ohzIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f3d572-3dc7-4b46-9269-3c30a0ad13f6/1/jo6Xer76Kh-ZXonJR_79Rja3lhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.193.192.0/20
                  185.138.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:25:1e:e2:57:f8:81:dd:c9:65:d6:9e:11:bf:b9:14:21:67:
         e6:f2:94:97:d6:a6:32:94:e4:da:9e:2a:c2:c5:c1:4d:18:ad:
         79:4d:89:c8:12:e0:6b:70:b6:28:45:75:10:b5:70:df:1d:84:
         c4:c0:a1:9a:b7:5b:51:5e:b1:8c:df:d2:68:cf:b7:5d:78:23:
         5f:7a:27:f7:76:6f:7f:b3:7d:07:66:e0:24:0d:98:fa:57:e4:
         f4:f4:70:a0:37:3e:22:3a:68:4a:6b:fa:a9:52:0d:7e:ec:26:
         0b:52:b7:ad:a9:dd:64:81:a2:12:26:9e:52:90:ed:6f:0e:55:
         0a:8e:3f:47:52:38:a7:a6:48:68:ab:d6:6d:25:5f:4a:15:a6:
         13:73:85:2e:d8:bb:c3:8b:b7:1b:fe:f0:0b:c6:80:e9:22:e9:
         f5:50:00:2f:e1:cc:6c:ed:75:b9:3d:75:5c:7f:7e:e6:00:4d:
         17:99:bc:57:08:7f:82:2d:80:0b:f4:84:45:62:ba:15:0a:31:
         c4:2e:b9:28:f0:44:34:c0:e3:fc:41:92:bf:19:8f:8e:80:09:
         ab:6f:9b:8f:b7:a2:7c:59:e0:8b:b3:d9:73:25:15:1c:72:c8:
         59:55:7e:d0:7b:47:6a:0e:99:b5:cf:1a:f7:50:e4:f2:8b:ea:
         1b:d1:c9:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzXsat0zDXzSYcXl0KgPVJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOGU5NzdhYmVmYTJhMWY5OTVlODljOTQ3ZmVmZDQ2MzZi
Nzk2MWMwHhcNMjYwMzEwMTIyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk1ODI3MGUzNDhiNDgzMTFiOTIzMWEzYjE0NGNlMzhhMjFjYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IrYkyVtCHFaa/0kEHusO6cjfC0N
Z+JxwDMI4rsoQph8mfS9KzpmAdBDDBN4/gasxAe0wiXfFavogUN8ERVJ4lnAAIOn
z9EJcR/uqBlsYF3kW0S1KYxIqy2Qp6KKmBG4k2xG8KJCQMdA6Coj73064Vv6kxFW
OWCxBJrGlOjzEqVt6SqUWrrhBqpIdqJc9NFp+R6Gnyq5m9QOqZy5w4mAugDhqHGx
EadVdj0C05ZD7z9+sT0QPOIG6FTbiS3HtjXtN4/LkQK5jiLtZOjZvV7F0u1MR+q3
ieoaSwONKpfDDh+j/AXsfVGYbRREOBsSWhPkYNcbWfcqsuX6ZRpMT38cvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPOVgnDjSLSDEbkjGjsUTOOKIcyIMB8GA1UdIwQY
MBaAFI6Ol3q++iofmV6JyUf+/UY2t5YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam82WGVyNzZLaC1aWG9uSlJfNzlSamEzbGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mM2Q1NzItM2RjNy00YjQ2LTkyNjkt
M2MzMGEwYWQxM2Y2LzEvODVXQ2NPTkl0SU1SdVNNYU94Uk00NG9oeklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mM2Q1NzItM2RjNy00YjQ2LTkyNjktM2MzMGEwYWQxM2Y2
LzEvam82WGVyNzZLaC1aWG9uSlJfNzlSamEzbGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEPsHAAwQB
uYoqMA0GCSqGSIb3DQEBCwUAA4IBAQC2JR7iV/iB3cll1p4Rv7kUIWfm8pSX1qYy
lOTanirCxcFNGK15TYnIEuBrcLYoRXUQtXDfHYTEwKGat1tRXrGM39Joz7ddeCNf
eif3dm9/s30HZuAkDZj6V+T09HCgNz4iOmhKa/qpUg1+7CYLUretqd1kgaISJp5S
kO1vDlUKjj9HUjinpkhoq9ZtJV9KFaYTc4Uu2LvDi7cb/vALxoDpIun1UAAv4cxs
7XW5PXVcf37mAE0XmbxXCH+CLYAL9IRFYroVCjHELrko8EQ0wOP8QZK/GY+OgAmr
b5uPt6J8WeCLs9lzJRUccshZVX7Qe0dqDpm1zxr3UOTyi+ob0clv
-----END CERTIFICATE-----