Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/q87YasPi0P-A4RG5sPV3wuAufYQ.roa
File:                     q87YasPi0P-A4RG5sPV3wuAufYQ.roa (raw, json)
Hash identifier:          kJZPr94cnSfkBS7GDeJfwaSpjY+FpnvEJHJB2hPmYoo=
Subject key identifier:   AB:CE:D8:6A:C3:E2:D0:FF:80:E1:11:B9:B0:F5:77:C2:E0:2E:7D:84
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019EBC1F59A47ABB51C3FEFA7C86DD8DC330
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/q87YasPi0P-A4RG5sPV3wuAufYQ.roa
Signing time:             Fri 12 Jun 2026 13:57:11 +0000
ROA not before:           Fri 12 Jun 2026 13:57:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61157
IP address blocks:        85.93.65.0/24 maxlen: 24
                          85.93.66.0/24 maxlen: 24
                          85.93.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:1f:59:a4:7a:bb:51:c3:fe:fa:7c:86:dd:8d:c3:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jun 12 13:57:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abced86ac3e2d0ff80e111b9b0f577c2e02e7d84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f3:4f:20:f8:00:11:80:20:51:63:35:48:ac:
                    3e:53:ce:91:01:bb:fc:01:2f:e6:3e:10:83:5e:c9:
                    73:17:2d:43:56:32:58:1f:03:eb:7e:3a:25:24:86:
                    b2:b5:db:e5:f4:a1:f5:35:d3:34:87:55:35:07:01:
                    5b:7a:b6:29:ba:8a:06:8c:36:be:da:55:6a:0b:ff:
                    13:90:77:64:01:7c:c7:d3:74:5e:4d:36:2a:eb:3a:
                    22:5a:1c:d5:f0:9f:90:62:f0:2f:bc:74:b2:b4:72:
                    84:1f:1c:bf:82:ee:d5:bd:23:d9:1d:4e:fa:0c:aa:
                    76:53:54:de:a5:94:cc:85:93:87:1d:51:f1:8f:94:
                    25:c5:07:18:4d:c8:b2:ce:f9:f1:0e:82:a6:34:f4:
                    b2:d3:a7:4e:4c:05:04:cd:6b:b5:a0:47:ad:d7:f9:
                    f9:92:ad:f8:e4:d8:ff:c0:14:95:2a:d5:01:f3:39:
                    5a:0e:0b:90:32:e2:36:04:8d:aa:c5:98:99:c3:39:
                    c5:59:d5:53:85:b5:59:88:bb:5b:d1:f1:18:c9:b7:
                    92:df:61:65:14:4e:8d:dc:82:9d:1e:e7:dc:0a:2d:
                    5c:05:46:bc:08:20:ad:ff:2e:f4:8e:9d:a9:c7:ea:
                    c8:40:75:30:79:ee:16:9d:a5:73:f4:e4:70:bd:43:
                    2a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CE:D8:6A:C3:E2:D0:FF:80:E1:11:B9:B0:F5:77:C2:E0:2E:7D:84
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/q87YasPi0P-A4RG5sPV3wuAufYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.93.65.0-85.93.66.255
                  85.93.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:44:17:4d:2f:79:3f:8e:89:b7:65:bb:6f:ff:34:cf:03:ec:
         38:81:d8:2a:cf:0e:f6:3f:db:61:a5:3e:74:e8:50:2d:93:ee:
         3b:61:01:6d:e7:92:5e:91:68:01:0e:97:3b:99:93:82:f7:83:
         03:73:a6:b0:9e:25:8f:a6:35:74:b4:e0:ec:b5:f9:62:ab:43:
         0c:8d:15:35:02:ba:5e:e2:7d:aa:09:a5:da:0a:dd:f2:86:9b:
         0b:cc:df:19:c8:16:ec:1d:6d:ff:62:ac:f5:6a:98:3b:68:81:
         29:7a:80:c7:8a:f2:04:f1:29:b6:62:41:ea:70:fd:a6:48:56:
         80:f5:d1:ab:dc:80:f3:30:0d:25:ab:d4:45:be:91:de:01:b8:
         b9:58:f2:90:aa:5d:f8:a6:3a:22:f0:17:23:29:bd:4d:98:a1:
         1e:2a:58:1c:33:6b:43:16:ee:27:31:bc:7d:7f:6d:0a:53:bb:
         71:ad:54:d9:a0:ab:fd:72:cb:47:68:92:28:38:ff:5d:39:db:
         8b:f6:7d:c8:fa:97:15:24:83:06:96:a1:f4:e4:74:a2:9d:ae:
         a1:6e:3b:3a:26:89:32:2d:2a:ed:f0:c6:e7:2c:cf:40:95:02:
         52:e7:c1:d3:0e:84:2b:39:7b:a5:c5:96:7d:52:62:01:17:47:
         62:37:93:b2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ68H1mkertRw/76fIbdjcMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwNjEyMTM1NzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNlZDg2YWMzZTJkMGZmODBlMTExYjliMGY1NzdjMmUwMmU3ZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/NPIPgAEYAgUWM1SKw+U86RAbv8
AS/mPhCDXslzFy1DVjJYHwPrfjolJIaytdvl9KH1NdM0h1U1BwFberYpuooGjDa+
2lVqC/8TkHdkAXzH03ReTTYq6zoiWhzV8J+QYvAvvHSytHKEHxy/gu7VvSPZHU76
DKp2U1TepZTMhZOHHVHxj5QlxQcYTciyzvnxDoKmNPSy06dOTAUEzWu1oEet1/n5
kq345Nj/wBSVKtUB8zlaDguQMuI2BI2qxZiZwznFWdVThbVZiLtb0fEYybeS32Fl
FE6N3IKdHufcCi1cBUa8CCCt/y70jp2px+rIQHUwee4WnaVz9ORwvUMqRQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKvO2GrD4tD/gOERubD1d8LgLn2EMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvcTg3WWFzUGkwUC1BNFJHNXNQVjN3dUF1ZllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABVXUED
BABVXUIDBABVXVAwDQYJKoZIhvcNAQELBQADggEBAGlEF00veT+Oibdlu2//NM8D
7DiB2CrPDvY/22GlPnToUC2T7jthAW3nkl6RaAEOlzuZk4L3gwNzprCeJY+mNXS0
4Oy1+WKrQwyNFTUCul7ifaoJpdoK3fKGmwvM3xnIFuwdbf9irPVqmDtogSl6gMeK
8gTxKbZiQepw/aZIVoD10avcgPMwDSWr1EW+kd4BuLlY8pCqXfimOiLwFyMpvU2Y
oR4qWBwza0MW7icxvH1/bQpTu3GtVNmgq/1yy0dokig4/10524v2fcj6lxUkgwaW
ofTkdKKdrqFuOzomiTItKu3wxucsz0CVAlLnwdMOhCs5e6XFln1SYgEXR2I3k7I=
-----END CERTIFICATE-----