Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/i6c0fz52t6bu--A_rRnfITTUlCo.roa
File:                     i6c0fz52t6bu--A_rRnfITTUlCo.roa (raw, json)
Hash identifier:          KAIju8KEB8xo308kFMUSGZu/p5Ia6QPecoz7gKo7AxU=
Subject key identifier:   8B:A7:34:7F:3E:76:B7:A6:EE:FB:E0:3F:AD:19:DF:21:34:D4:94:2A
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019C290A01564A0A6B2B943EB66DCE2B2C1E
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/i6c0fz52t6bu--A_rRnfITTUlCo.roa
Signing time:             Wed 04 Feb 2026 14:24:07 +0000
ROA not before:           Wed 04 Feb 2026 14:24:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209896
IP address blocks:        85.239.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:29:0a:01:56:4a:0a:6b:2b:94:3e:b6:6d:ce:2b:2c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Feb  4 14:24:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ba7347f3e76b7a6eefbe03fad19df2134d4942a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:89:53:bd:2c:63:f6:12:0f:a7:48:33:23:
                    33:c4:c3:6b:98:4a:ac:98:4d:0f:f9:8e:db:ce:bf:
                    03:4e:44:07:30:3e:97:2a:9f:74:b2:89:66:6b:82:
                    55:82:66:a1:45:4f:97:a3:dc:5b:1a:d4:7b:f1:69:
                    c1:86:e0:52:cf:7a:43:23:b7:cb:76:6e:b7:a5:83:
                    03:c5:19:b3:40:c0:bb:d2:89:6a:ba:49:80:03:35:
                    5a:09:ae:45:48:c5:27:45:85:ca:70:eb:05:d3:74:
                    32:ae:69:cb:3f:f7:d4:69:10:ca:21:8e:da:dd:b0:
                    3d:46:f7:c5:97:98:8c:1c:b9:f0:37:c9:3c:1d:f9:
                    20:c0:21:42:0e:06:76:c8:bb:29:e6:98:b3:83:e9:
                    32:4a:f0:37:d2:ec:27:86:e6:97:d7:4c:84:36:90:
                    4c:6e:99:a5:74:c9:fe:20:68:d6:86:0a:32:69:26:
                    f0:42:53:a1:56:6a:7e:e0:52:f0:4d:8f:c9:81:f6:
                    25:e4:5a:7f:e7:b8:cb:5b:d2:0a:8b:a6:b9:b1:70:
                    94:b3:ee:a9:7d:8e:f1:03:ef:8b:30:de:f2:3d:1c:
                    65:c0:8f:c6:65:d3:ef:21:f5:f8:a4:27:40:8e:24:
                    1a:b3:75:8f:5b:bb:cb:17:05:a3:80:3a:8a:14:47:
                    b3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A7:34:7F:3E:76:B7:A6:EE:FB:E0:3F:AD:19:DF:21:34:D4:94:2A
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/i6c0fz52t6bu--A_rRnfITTUlCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:3b:f2:c2:d6:df:8f:ea:36:57:67:eb:93:c2:56:c9:46:fe:
         bb:58:2b:fe:e3:e6:14:e7:0d:01:dc:ff:e4:c5:33:a7:3e:18:
         50:c8:52:3b:ca:cb:99:ee:b3:5b:48:95:1c:ba:c9:65:4b:97:
         31:89:e1:28:0b:18:60:cd:df:77:8c:2c:86:f0:69:c6:82:c7:
         0f:bc:38:76:a1:b6:72:80:b4:bc:c4:5b:19:5d:aa:e9:98:f6:
         31:bd:53:c3:de:87:54:c3:0e:9e:48:c0:ed:e3:c5:42:30:9f:
         ad:10:26:77:eb:87:a1:04:6d:ff:1b:a3:4e:ce:f4:43:14:84:
         35:4f:da:b2:e1:9c:43:fe:be:70:b2:8d:c3:ef:18:d9:5b:a4:
         77:bf:f5:9f:56:61:a4:32:73:10:03:3d:81:30:34:46:b3:9d:
         7b:cb:a4:d3:8f:c0:31:fe:19:cb:51:dd:b6:61:c2:f1:30:05:
         a1:78:71:be:16:68:80:7e:21:60:5c:18:76:5d:d1:ec:86:18:
         d8:db:07:44:85:ef:81:59:11:f9:a1:e6:2d:e3:b6:a6:45:b9:
         26:c7:7c:e9:ea:63:c2:9f:77:6b:71:a7:1e:af:3d:b7:b9:f5:
         1f:be:d4:d6:a3:ed:a8:8d:dd:df:a6:21:82:47:46:af:32:f8:
         e5:6a:db:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwpCgFWSgprK5Q+tm3OKyweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMjA0MTQyNDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE3MzQ3ZjNlNzZiN2E2ZWVmYmUwM2ZhZDE5ZGYyMTM0ZDQ5NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVSJU70sY/YSD6dIMyMzxMNrmEqs
mE0P+Y7bzr8DTkQHMD6XKp90solma4JVgmahRU+Xo9xbGtR78WnBhuBSz3pDI7fL
dm63pYMDxRmzQMC70olqukmAAzVaCa5FSMUnRYXKcOsF03QyrmnLP/fUaRDKIY7a
3bA9RvfFl5iMHLnwN8k8HfkgwCFCDgZ2yLsp5pizg+kySvA30uwnhuaX10yENpBM
bpmldMn+IGjWhgoyaSbwQlOhVmp+4FLwTY/JgfYl5Fp/57jLW9IKi6a5sXCUs+6p
fY7xA++LMN7yPRxlwI/GZdPvIfX4pCdAjiQas3WPW7vLFwWjgDqKFEez0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIunNH8+drem7vvgP60Z3yE01JQqMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvaTZjMGZ6NTJ0NmJ1LS1BX3JSbmZJVFRVbENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+SMA0G
CSqGSIb3DQEBCwUAA4IBAQCFO/LC1t+P6jZXZ+uTwlbJRv67WCv+4+YU5w0B3P/k
xTOnPhhQyFI7ysuZ7rNbSJUcusllS5cxieEoCxhgzd93jCyG8GnGgscPvDh2obZy
gLS8xFsZXarpmPYxvVPD3odUww6eSMDt48VCMJ+tECZ364ehBG3/G6NOzvRDFIQ1
T9qy4ZxD/r5wso3D7xjZW6R3v/WfVmGkMnMQAz2BMDRGs517y6TTj8Ax/hnLUd22
YcLxMAWheHG+FmiAfiFgXBh2XdHshhjY2wdEhe+BWRH5oeYt47amRbkmx3zp6mPC
n3drcacerz23ufUfvtTWo+2ojd3fpiGCR0avMvjlattk
-----END CERTIFICATE-----