Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/DF6rM7gJf-FYIBS_SW8_xPEYqTM.roa
File:                     DF6rM7gJf-FYIBS_SW8_xPEYqTM.roa (raw, json)
Hash identifier:          wIPyBbFsfpekUq4U+aHNnwidnoHwOi9lG42JXFnW71g=
Subject key identifier:   0C:5E:AB:33:B8:09:7F:E1:58:20:14:BF:49:6F:3F:C4:F1:18:A9:33
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019C24660242116077FF262C086A792EB777
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/DF6rM7gJf-FYIBS_SW8_xPEYqTM.roa
Signing time:             Tue 03 Feb 2026 16:46:30 +0000
ROA not before:           Tue 03 Feb 2026 16:46:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        45.8.253.0/24 maxlen: 24
                          85.208.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:66:02:42:11:60:77:ff:26:2c:08:6a:79:2e:b7:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Feb  3 16:46:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c5eab33b8097fe1582014bf496f3fc4f118a933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b2:87:e2:9d:79:a2:ca:45:ac:da:1c:f0:45:
                    8e:f1:43:1e:fb:82:7d:30:5e:60:da:c7:8b:5d:85:
                    76:58:ac:8f:af:34:47:45:c3:69:7b:df:c1:44:91:
                    91:20:f6:59:0d:99:44:5a:08:05:c7:b3:8b:5a:96:
                    ff:fb:6d:4e:69:ba:67:90:a1:73:c5:2b:93:33:2e:
                    d9:34:be:17:a3:97:6d:ee:2d:e7:63:83:1e:c4:39:
                    d2:48:44:a4:54:6f:2a:d8:f9:52:e0:a6:cb:74:37:
                    35:12:e4:2d:ad:f6:db:c6:4f:28:3c:01:8c:40:62:
                    4c:34:39:29:51:49:55:58:5c:39:3e:8f:2c:7d:f0:
                    3f:8a:a8:d4:e7:58:20:13:ab:0d:96:da:05:6c:09:
                    66:f2:47:55:13:5f:b0:77:63:ad:1e:78:cc:8e:c3:
                    16:a2:39:b2:f7:b0:da:d8:3f:d8:c1:38:b2:fa:83:
                    fa:8d:5a:fc:4f:26:e2:94:19:f9:ed:93:3e:79:9f:
                    64:f7:29:66:59:bb:89:79:d5:8c:55:c2:4f:56:fa:
                    69:93:59:91:09:62:56:8f:48:60:a1:41:88:a1:64:
                    f8:51:55:e4:fc:85:94:fc:74:df:81:b5:40:00:05:
                    ad:6b:b6:ef:7a:a1:e8:1e:90:81:bf:f1:4d:2f:e3:
                    db:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5E:AB:33:B8:09:7F:E1:58:20:14:BF:49:6F:3F:C4:F1:18:A9:33
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/DF6rM7gJf-FYIBS_SW8_xPEYqTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.253.0/24
                  85.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:3c:a0:af:14:d0:16:ab:85:b2:c5:fa:72:2f:d0:ee:a6:cf:
         47:c2:1f:e2:24:50:9e:a1:4e:3d:b1:e1:b1:dd:8c:43:49:05:
         24:34:f4:8d:72:d0:1d:e3:67:03:11:ed:36:5e:a9:a8:74:2c:
         52:9a:df:21:b7:1c:2a:84:62:8f:c6:d4:9b:b3:04:c6:bc:0f:
         ac:2e:6f:5d:3f:1b:b6:2d:a4:9d:07:75:5d:b3:e3:af:b9:6c:
         63:56:fb:19:db:02:a9:2c:42:ab:ff:08:a0:70:14:0f:d6:bb:
         16:be:28:60:6a:4a:9b:0d:f9:6d:73:ed:96:71:0c:93:0d:03:
         30:0d:aa:d7:ed:40:a0:70:af:88:37:93:3c:9e:9b:06:76:61:
         00:fd:85:34:38:21:a7:1c:8d:ae:6a:70:03:1a:2f:ad:39:07:
         18:9f:6a:77:3a:c7:6e:51:31:ae:c3:9c:99:1d:eb:5a:f6:39:
         d6:86:31:30:ae:66:77:0b:88:89:95:70:45:19:b0:12:53:cc:
         1c:76:be:67:d3:85:06:a3:3a:19:6a:fe:0f:24:fb:e6:17:02:
         8b:b9:db:77:5c:32:37:8b:cd:ea:66:c5:ef:5d:b2:87:f6:28:
         a0:49:1b:57:10:70:1d:82:cf:7c:97:0f:2c:14:a5:e4:ff:ff:
         c4:0b:1e:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwkZgJCEWB3/yYsCGp5Lrd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMjAzMTY0NjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzVlYWIzM2I4MDk3ZmUxNTgyMDE0YmY0OTZmM2ZjNGYxMThhOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7KH4p15ospFrNoc8EWO8UMe+4J9
MF5g2seLXYV2WKyPrzRHRcNpe9/BRJGRIPZZDZlEWggFx7OLWpb/+21OabpnkKFz
xSuTMy7ZNL4Xo5dt7i3nY4MexDnSSESkVG8q2PlS4KbLdDc1EuQtrfbbxk8oPAGM
QGJMNDkpUUlVWFw5Po8sffA/iqjU51ggE6sNltoFbAlm8kdVE1+wd2OtHnjMjsMW
ojmy97Da2D/YwTiy+oP6jVr8TybilBn57ZM+eZ9k9ylmWbuJedWMVcJPVvppk1mR
CWJWj0hgoUGIoWT4UVXk/IWU/HTfgbVAAAWta7bveqHoHpCBv/FNL+PbuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAxeqzO4CX/hWCAUv0lvP8TxGKkzMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvREY2ck03Z0pmLUZZSUJTX1NXOF94UEVZcVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQj9AwQA
VdBpMA0GCSqGSIb3DQEBCwUAA4IBAQDBPKCvFNAWq4WyxfpyL9Dups9Hwh/iJFCe
oU49seGx3YxDSQUkNPSNctAd42cDEe02XqmodCxSmt8htxwqhGKPxtSbswTGvA+s
Lm9dPxu2LaSdB3Vds+OvuWxjVvsZ2wKpLEKr/wigcBQP1rsWvihgakqbDfltc+2W
cQyTDQMwDarX7UCgcK+IN5M8npsGdmEA/YU0OCGnHI2uanADGi+tOQcYn2p3Osdu
UTGuw5yZHeta9jnWhjEwrmZ3C4iJlXBFGbASU8wcdr5n04UGozoZav4PJPvmFwKL
udt3XDI3i83qZsXvXbKH9iigSRtXEHAdgs98lw8sFKXk///ECx63
-----END CERTIFICATE-----