Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6MeYCpezUhG1hoirjq72TRbzo1k.roa
File:                     6MeYCpezUhG1hoirjq72TRbzo1k.roa (raw, json)
Hash identifier:          COJmA8XktletsIpTwiRuyrJcU1/3AJlwinaFRYyDVuM=
Subject key identifier:   E8:C7:98:0A:97:B3:52:11:B5:86:88:AB:8E:AE:F6:4D:16:F3:A3:59
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019CB8260B734F6B11CB758C2E8151C22CCF
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6MeYCpezUhG1hoirjq72TRbzo1k.roa
Signing time:             Wed 04 Mar 2026 09:20:26 +0000
ROA not before:           Wed 04 Mar 2026 09:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200679
IP address blocks:        85.143.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:26:0b:73:4f:6b:11:cb:75:8c:2e:81:51:c2:2c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Mar  4 09:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8c7980a97b35211b58688ab8eaef64d16f3a359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5b:5f:36:61:c9:2b:c1:86:f0:05:0f:0f:dc:
                    bc:4f:12:15:90:ee:6c:46:71:5e:14:2a:d6:90:b1:
                    85:ab:17:fb:20:82:af:2e:11:1c:ae:97:e6:39:22:
                    bc:7f:c9:c0:69:84:94:68:15:51:6b:eb:52:a3:63:
                    a8:4e:ba:f4:57:d4:a2:21:d4:a3:7c:5e:d1:88:8e:
                    56:13:a0:d2:d6:3d:d9:7e:63:74:16:1a:e9:6a:9d:
                    f3:cc:84:ae:7f:f9:d8:d8:eb:f9:2e:f4:8f:7e:04:
                    4d:bf:25:7d:9a:47:c6:bd:b0:bf:60:e5:55:7c:c4:
                    e1:2f:ce:40:4b:40:f5:36:fb:11:f6:6d:83:22:6c:
                    68:2a:01:7e:c7:5f:1d:7f:34:c7:77:9d:cb:f8:91:
                    5f:2e:cd:6b:b6:56:33:3f:32:f5:d8:a9:5a:c4:b8:
                    72:f7:20:90:7d:89:99:ca:a7:e8:fa:59:b8:1e:e9:
                    6e:da:81:32:ba:2e:9b:82:b5:64:86:04:93:f3:21:
                    23:5a:6a:5d:c4:22:b1:b1:88:9b:53:8e:9b:54:42:
                    a5:b2:fe:34:85:76:7f:e2:8a:74:57:6c:e7:bc:3b:
                    df:96:61:e2:82:60:16:7d:bd:40:02:9b:1d:6f:64:
                    e6:27:d4:ab:9c:fc:81:ed:7e:6f:67:5d:20:96:04:
                    2e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C7:98:0A:97:B3:52:11:B5:86:88:AB:8E:AE:F6:4D:16:F3:A3:59
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6MeYCpezUhG1hoirjq72TRbzo1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a1:02:ee:36:63:b8:25:97:91:c0:1b:86:1b:a4:a8:9a:02:
         38:e3:49:09:39:b8:0f:c0:54:43:48:bd:07:4b:b0:ee:a6:b7:
         33:53:b0:65:d7:42:14:d9:8b:66:45:8a:4e:29:1b:db:6e:a7:
         90:01:13:18:5f:d1:2f:6f:f7:48:78:96:1d:e5:76:87:73:88:
         bc:2a:6d:90:ab:3d:97:c4:eb:14:4e:d2:c7:76:48:96:d7:ab:
         8c:9c:3f:b0:23:5b:26:03:a8:9b:76:52:91:16:5a:f3:eb:9b:
         ac:5d:d1:c9:ae:95:88:7d:85:43:36:db:aa:58:97:72:49:a0:
         8a:42:9c:ba:8a:7d:3d:c4:3d:11:bd:e5:1c:fa:18:b3:b0:34:
         ed:d9:5d:0f:b7:1d:43:65:81:60:eb:25:f7:ed:0d:5f:50:76:
         aa:6d:75:fd:29:0d:66:22:f8:87:8e:9e:4a:f8:fb:8d:8d:97:
         e7:d3:81:cc:65:30:ce:7a:fd:53:b3:d8:81:1b:99:cf:66:ce:
         cf:b0:15:b1:cf:7e:e7:ba:ff:be:b6:50:57:8f:7d:e7:2b:13:
         61:ac:c1:a5:65:57:02:ee:1b:2a:5f:f1:c4:0f:29:42:11:a5:
         da:23:3b:fb:88:a3:63:f0:98:a5:69:0a:6d:58:c6:8f:67:14:
         ff:e6:ec:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4JgtzT2sRy3WMLoFRwizPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMzA0MDkyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGM3OTgwYTk3YjM1MjExYjU4Njg4YWI4ZWFlZjY0ZDE2ZjNhMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VtfNmHJK8GG8AUPD9y8TxIVkO5s
RnFeFCrWkLGFqxf7IIKvLhEcrpfmOSK8f8nAaYSUaBVRa+tSo2OoTrr0V9SiIdSj
fF7RiI5WE6DS1j3ZfmN0Fhrpap3zzISuf/nY2Ov5LvSPfgRNvyV9mkfGvbC/YOVV
fMThL85AS0D1NvsR9m2DImxoKgF+x18dfzTHd53L+JFfLs1rtlYzPzL12KlaxLhy
9yCQfYmZyqfo+lm4Hulu2oEyui6bgrVkhgST8yEjWmpdxCKxsYibU46bVEKlsv40
hXZ/4op0V2znvDvflmHigmAWfb1AApsdb2TmJ9SrnPyB7X5vZ10glgQucQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjHmAqXs1IRtYaIq46u9k0W86NZMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvNk1lWUNwZXpVaEcxaG9pcmpxNzJUUmJ6bzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY9lMA0G
CSqGSIb3DQEBCwUAA4IBAQBooQLuNmO4JZeRwBuGG6SomgI440kJObgPwFRDSL0H
S7DuprczU7Bl10IU2YtmRYpOKRvbbqeQARMYX9Evb/dIeJYd5XaHc4i8Km2Qqz2X
xOsUTtLHdkiW16uMnD+wI1smA6ibdlKRFlrz65usXdHJrpWIfYVDNtuqWJdySaCK
Qpy6in09xD0RveUc+hizsDTt2V0Ptx1DZYFg6yX37Q1fUHaqbXX9KQ1mIviHjp5K
+PuNjZfn04HMZTDOev1Ts9iBG5nPZs7PsBWxz37nuv++tlBXj33nKxNhrMGlZVcC
7hsqX/HEDylCEaXaIzv7iKNj8JilaQptWMaPZxT/5uy+
-----END CERTIFICATE-----