Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/8msB_pW-2uX67lJFvxygplmiAYM.roa
File:                     8msB_pW-2uX67lJFvxygplmiAYM.roa (raw, json)
Hash identifier:          MdKHF0c5oREJJjw35mtLasbrxg7HAjIQzXUDf6T975M=
Subject key identifier:   F2:6B:01:FE:95:BE:DA:E5:FA:EE:52:45:BF:1C:A0:A6:59:A2:01:83
Certificate issuer:       /CN=169f4ed6620c8960521fbb81ff72e837dc0038af
Certificate serial:       019B7B363788FE5078D255D149D86FE92DA0
Authority key identifier: 16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/8msB_pW-2uX67lJFvxygplmiAYM.roa
Signing time:             Thu 01 Jan 2026 20:18:29 +0000
ROA not before:           Thu 01 Jan 2026 20:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8695
IP address blocks:        185.1.39.0/24 maxlen: 24
                          2001:7f8:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:37:88:fe:50:78:d2:55:d1:49:d8:6f:e9:2d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169f4ed6620c8960521fbb81ff72e837dc0038af
        Validity
            Not Before: Jan  1 20:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f26b01fe95bedae5faee5245bf1ca0a659a20183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:98:5a:c8:89:0b:ab:dd:54:e8:bb:c5:b9:b6:
                    b6:bf:05:80:c0:3f:16:54:ef:ce:e2:e8:24:37:67:
                    82:52:7e:cb:7c:fc:6e:84:bc:ca:2a:07:9d:d2:53:
                    c1:60:f2:11:16:27:2c:e7:b9:97:48:b7:25:b7:de:
                    27:19:5b:2e:91:7f:db:0d:6d:ff:45:95:2e:18:4f:
                    f0:60:53:a8:2e:4c:3d:6e:d7:a6:30:ae:f9:11:36:
                    b8:e9:11:86:7d:24:c0:ae:61:4b:39:e4:d0:dd:d1:
                    f2:fe:66:a4:ef:47:39:54:c5:3a:ee:48:f7:ea:da:
                    dd:3b:39:39:dc:8c:40:e2:fc:51:25:84:ae:c5:95:
                    fb:ec:fe:14:ef:c4:01:d4:f2:d3:c1:4d:c1:0f:3b:
                    f9:c2:56:21:d7:3d:cc:4a:2b:d2:1f:e8:17:fd:e1:
                    4a:6f:02:83:c4:da:9e:ea:75:cd:ec:b7:be:27:1a:
                    9c:1a:e5:4e:3e:72:db:e5:df:b4:d2:c9:2b:92:f2:
                    1b:90:9f:41:16:46:c7:75:c3:98:6b:4a:0e:f7:21:
                    73:da:c1:71:94:ad:57:ee:3f:73:f6:7d:c3:eb:c2:
                    9a:69:cd:cc:93:60:bb:75:fa:93:8d:15:13:f8:c9:
                    7d:0b:89:38:5b:79:01:cb:8f:54:0a:85:0f:a9:0a:
                    5b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6B:01:FE:95:BE:DA:E5:FA:EE:52:45:BF:1C:A0:A6:59:A2:01:83
            X509v3 Authority Key Identifier:
                keyid:16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/8msB_pW-2uX67lJFvxygplmiAYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.39.0/24
                IPv6:
                  2001:7f8:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:bf:c5:69:5d:b1:52:f6:75:62:e4:3a:3b:87:4e:96:d6:41:
         53:2b:9f:f0:78:d5:3e:69:3c:85:26:ca:9e:2f:0f:d8:7b:d7:
         db:9c:3c:b6:53:47:12:0e:7d:7c:76:78:a7:d7:94:3c:06:d5:
         94:90:7d:22:7e:78:ff:ee:3d:7f:c0:a8:78:cf:c5:a4:42:3b:
         1d:17:90:22:32:41:40:a7:dd:7d:23:13:53:9d:c9:9e:46:da:
         87:35:90:c6:c4:d5:ea:a2:69:46:22:66:62:d9:2d:84:46:39:
         37:85:a3:b6:46:6c:39:71:ec:fd:20:26:71:b7:af:f5:0d:a4:
         bc:00:2f:57:03:ae:28:44:28:ca:5e:8b:2d:e2:e5:a2:c2:20:
         7f:b8:bf:26:27:47:85:5b:35:7c:b7:08:5d:73:c8:53:fb:32:
         e7:1f:8e:3e:63:5c:90:ed:6f:17:be:17:06:ec:47:f7:16:85:
         8a:05:e5:48:e4:df:d9:db:bb:c3:21:57:fe:e0:c0:e0:3a:5d:
         55:20:2c:88:9f:83:bf:98:9c:db:10:0a:6a:c7:5d:70:01:8e:
         cb:bf:61:27:69:82:03:db:e3:6f:f7:02:80:6a:1e:53:02:13:
         3e:0d:62:c2:28:c4:a2:84:0d:03:0a:7b:c1:c8:ef:f2:d8:1c:
         90:f5:59:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt7NjeI/lB40lXRSdhv6S2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWY0ZWQ2NjIwYzg5NjA1MjFmYmI4MWZmNzJlODM3ZGMw
MDM4YWYwHhcNMjYwMTAxMjAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZiMDFmZTk1YmVkYWU1ZmFlZTUyNDViZjFjYTBhNjU5YTIwMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsphayIkLq91U6LvFuba2vwWAwD8W
VO/O4ugkN2eCUn7LfPxuhLzKKged0lPBYPIRFics57mXSLclt94nGVsukX/bDW3/
RZUuGE/wYFOoLkw9btemMK75ETa46RGGfSTArmFLOeTQ3dHy/mak70c5VMU67kj3
6trdOzk53IxA4vxRJYSuxZX77P4U78QB1PLTwU3BDzv5wlYh1z3MSivSH+gX/eFK
bwKDxNqe6nXN7Le+JxqcGuVOPnLb5d+00skrkvIbkJ9BFkbHdcOYa0oO9yFz2sFx
lK1X7j9z9n3D68Kaac3Mk2C7dfqTjRUT+Ml9C4k4W3kBy49UCoUPqQpb9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJrAf6Vvtrl+u5SRb8coKZZogGDMB8GA1UdIwQY
MBaAFBafTtZiDIlgUh+7gf9y6DfcADivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWIt
Y2Y1ZmIwNDI1NjZhLzEvOG1zQl9wVy0ydVg2N2xKRnZ4eWdwbG1pQVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWItY2Y1ZmIwNDI1NjZh
LzEvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQEnMA8E
AgACMAkDBwAgAQf4AIAwDQYJKoZIhvcNAQELBQADggEBAAm/xWldsVL2dWLkOjuH
TpbWQVMrn/B41T5pPIUmyp4vD9h719ucPLZTRxIOfXx2eKfXlDwG1ZSQfSJ+eP/u
PX/AqHjPxaRCOx0XkCIyQUCn3X0jE1OdyZ5G2oc1kMbE1eqiaUYiZmLZLYRGOTeF
o7ZGbDlx7P0gJnG3r/UNpLwAL1cDrihEKMpeiy3i5aLCIH+4vyYnR4VbNXy3CF1z
yFP7Mucfjj5jXJDtbxe+FwbsR/cWhYoF5Ujk39nbu8MhV/7gwOA6XVUgLIifg7+Y
nNsQCmrHXXABjsu/YSdpggPb42/3AoBqHlMCEz4NYsIoxKKEDQMKe8HI7/LYHJD1
WRU=
-----END CERTIFICATE-----