Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/T1iNTvawXlPHuaFWLtz-yI2za0k.roa
File:                     T1iNTvawXlPHuaFWLtz-yI2za0k.roa (raw, json)
Hash identifier:          JwuJx9aFi5IVq4i6KhLAdsTy+1euwLGPP2n8evzja4c=
Subject key identifier:   4F:58:8D:4E:F6:B0:5E:53:C7:B9:A1:56:2E:DC:FE:C8:8D:B3:6B:49
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019D8FB55A29BE674B0E2F25A49551BEF90F
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/T1iNTvawXlPHuaFWLtz-yI2za0k.roa
Signing time:             Wed 15 Apr 2026 05:55:20 +0000
ROA not before:           Wed 15 Apr 2026 05:55:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        85.239.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:b5:5a:29:be:67:4b:0e:2f:25:a4:95:51:be:f9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Apr 15 05:55:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f588d4ef6b05e53c7b9a1562edcfec88db36b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8d:61:63:e1:56:00:94:21:e3:aa:11:6e:d0:
                    f2:be:20:0f:5f:48:5e:f4:ae:e1:dd:33:42:70:ff:
                    88:1c:70:73:5d:2a:39:55:57:67:b5:a7:ad:e2:aa:
                    37:51:1b:62:da:21:29:04:c3:d3:f9:08:e3:e9:27:
                    ab:4c:8c:cf:b5:70:a0:4f:91:b9:b3:b4:8e:96:8a:
                    4c:18:a4:61:48:2c:53:b7:00:55:ba:e8:43:8a:6c:
                    4d:ee:4d:cc:08:f1:57:fd:7b:7f:b5:44:f1:4f:73:
                    6d:91:7a:e4:af:d8:db:75:29:56:30:78:71:eb:db:
                    65:34:e9:ef:16:e8:cb:ac:3a:8f:13:a9:de:27:a0:
                    c6:4e:2c:e3:15:80:4e:f5:30:df:bc:fe:ab:0e:48:
                    1e:aa:dd:fb:06:de:84:ad:8a:b5:fc:a3:a9:f1:f6:
                    e9:20:db:19:9b:8e:39:fc:7d:60:d4:3a:dd:5b:9d:
                    18:44:92:a8:1d:62:e4:09:98:5a:8e:cd:31:d1:eb:
                    c2:61:58:d5:ab:da:b6:ff:12:f7:b9:e9:ed:59:ea:
                    0c:37:b3:aa:85:02:53:3b:47:2d:f3:1b:63:cf:b6:
                    15:e4:c9:1a:20:53:47:68:18:b5:51:63:73:3b:92:
                    71:00:94:e1:cb:ff:8e:d9:af:0f:8d:73:52:44:5d:
                    c0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:58:8D:4E:F6:B0:5E:53:C7:B9:A1:56:2E:DC:FE:C8:8D:B3:6B:49
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/T1iNTvawXlPHuaFWLtz-yI2za0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d5:98:df:69:8b:e2:0f:04:79:e0:9e:68:1e:21:80:af:de:
         81:e3:cf:41:52:8e:94:5e:ff:eb:44:ee:8b:03:a0:35:af:c9:
         ee:cc:3b:60:da:57:bf:ba:14:d2:ec:ab:f2:06:5b:8a:44:92:
         6e:10:5b:bb:c4:74:2d:86:b5:9e:bd:6e:64:a3:1d:18:30:4a:
         7c:b6:2b:18:29:d7:55:88:34:63:41:63:db:42:99:e1:62:0d:
         8e:72:ba:11:b1:44:0c:ba:da:37:3c:af:99:6f:b7:5b:e7:87:
         a8:e1:5a:9d:2b:7b:33:cd:b9:26:31:68:03:b6:98:66:5b:15:
         d0:48:bf:1d:e7:62:86:03:fc:d4:c8:af:bc:8c:5b:76:f8:23:
         88:43:57:77:02:2b:eb:6c:a5:de:21:c8:f8:a5:8e:df:7d:3a:
         10:df:a0:3f:1a:6f:5f:07:80:fa:0b:67:25:f2:91:0b:85:8e:
         7c:02:1c:ab:45:b3:f4:5c:ae:48:91:58:27:1e:cb:f7:2d:98:
         77:59:db:e7:15:a0:37:38:30:6c:b3:14:c8:f7:91:63:c2:8a:
         77:76:e5:73:fd:c6:bf:21:ee:f8:6e:e6:b5:97:0d:4c:2a:52:
         e8:06:1d:bb:cb:22:81:a6:1e:9e:48:a0:c7:3d:cf:80:4d:1c:
         17:a7:fd:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2PtVopvmdLDi8lpJVRvvkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNDE1MDU1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjU4OGQ0ZWY2YjA1ZTUzYzdiOWExNTYyZWRjZmVjODhkYjM2YjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo1hY+FWAJQh46oRbtDyviAPX0he
9K7h3TNCcP+IHHBzXSo5VVdntaet4qo3URti2iEpBMPT+Qjj6SerTIzPtXCgT5G5
s7SOlopMGKRhSCxTtwBVuuhDimxN7k3MCPFX/Xt/tUTxT3NtkXrkr9jbdSlWMHhx
69tlNOnvFujLrDqPE6neJ6DGTizjFYBO9TDfvP6rDkgeqt37Bt6ErYq1/KOp8fbp
INsZm445/H1g1DrdW50YRJKoHWLkCZhajs0x0evCYVjVq9q2/xL3uentWeoMN7Oq
hQJTO0ct8xtjz7YV5MkaIFNHaBi1UWNzO5JxAJThy/+O2a8PjXNSRF3A8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9YjU72sF5Tx7mhVi7c/siNs2tJMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvVDFpTlR2YXdYbFBIdWFGV0x0ei15STJ6YTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+aMA0G
CSqGSIb3DQEBCwUAA4IBAQBI1ZjfaYviDwR54J5oHiGAr96B489BUo6UXv/rRO6L
A6A1r8nuzDtg2le/uhTS7KvyBluKRJJuEFu7xHQthrWevW5kox0YMEp8tisYKddV
iDRjQWPbQpnhYg2OcroRsUQMuto3PK+Zb7db54eo4VqdK3szzbkmMWgDtphmWxXQ
SL8d52KGA/zUyK+8jFt2+COIQ1d3AivrbKXeIcj4pY7ffToQ36A/Gm9fB4D6C2cl
8pELhY58AhyrRbP0XK5IkVgnHsv3LZh3WdvnFaA3ODBssxTI95Fjwop3duVz/ca/
Ie74bua1lw1MKlLoBh27yyKBph6eSKDHPc+ATRwXp/0A
-----END CERTIFICATE-----