Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/2KUTocOpAT7sBhebTwh3G4FESlk.roa
File:                     2KUTocOpAT7sBhebTwh3G4FESlk.roa (raw, json)
Hash identifier:          qCXP7Gzh5WeYsyND7xGMNVQazeCbTW+xxU01dOva01I=
Subject key identifier:   D8:A5:13:A1:C3:A9:01:3E:EC:06:17:9B:4F:08:77:1B:81:44:4A:59
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019C0079ADA6C138E9E46F4F514A6E9A5A80
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/2KUTocOpAT7sBhebTwh3G4FESlk.roa
Signing time:             Tue 27 Jan 2026 17:21:40 +0000
ROA not before:           Tue 27 Jan 2026 17:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205009
IP address blocks:        89.39.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:00:79:ad:a6:c1:38:e9:e4:6f:4f:51:4a:6e:9a:5a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan 27 17:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a513a1c3a9013eec06179b4f08771b81444a59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8b:2d:94:d7:6a:80:cc:ab:73:ae:87:1e:f4:
                    fd:6f:22:d2:3c:6e:39:0d:f9:1a:98:60:80:9f:06:
                    d0:87:e7:77:64:e8:29:d0:a7:ed:cd:15:7c:4e:c4:
                    95:3f:90:50:27:e6:55:64:af:d7:ff:51:4c:12:dd:
                    e2:00:59:a4:31:58:5f:5d:c3:85:0b:ca:70:11:51:
                    b8:a5:42:92:41:d0:97:5f:cc:09:96:c8:90:69:6b:
                    bc:2f:b3:a4:6c:e9:28:45:25:ee:e0:f6:35:73:09:
                    2f:ad:21:69:30:c9:a3:db:06:de:49:d4:63:57:a3:
                    7e:33:3e:bb:40:ba:6a:6a:d9:4c:e9:59:e8:c4:c4:
                    a4:2a:66:bf:02:05:b3:71:8b:45:49:99:7f:29:89:
                    2e:3c:be:59:ef:0c:31:da:8a:e2:cf:bf:76:92:97:
                    5b:e1:ae:8c:b2:03:9d:7e:4a:68:fd:70:85:9b:63:
                    3e:43:7e:99:5c:83:80:0c:e8:48:bf:b3:70:9b:b6:
                    a9:42:99:e0:0d:a1:45:1a:dd:61:99:22:2e:13:52:
                    2e:fe:5c:aa:ab:d7:bf:6e:da:43:fe:11:e2:f2:b4:
                    51:7b:83:32:87:e0:21:7e:d3:ff:a2:5f:cf:9f:b5:
                    35:63:ca:4e:69:96:3c:61:3f:ce:40:4b:71:ae:88:
                    57:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A5:13:A1:C3:A9:01:3E:EC:06:17:9B:4F:08:77:1B:81:44:4A:59
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/2KUTocOpAT7sBhebTwh3G4FESlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:05:25:d6:c4:c0:87:07:90:e6:77:5d:87:52:04:e3:04:d5:
         3a:97:d9:61:65:ff:ab:19:24:36:d8:4f:c8:65:fd:b7:0d:02:
         91:71:a9:92:98:4c:6d:7f:3a:c0:f6:3a:b1:b8:72:11:c9:06:
         25:52:56:5b:b8:81:b8:c8:62:cf:24:d4:8f:bb:7c:f2:ed:d1:
         40:c1:c0:86:b3:ff:7f:53:9a:e9:24:34:8d:6a:13:e1:aa:33:
         04:bc:b9:0b:80:4f:2f:fc:f9:44:6d:49:35:ed:5a:84:35:28:
         39:73:fc:6d:4c:5c:40:12:85:0f:2c:fa:57:25:db:21:5a:0e:
         00:8d:77:87:de:28:f8:53:4b:ff:07:14:a6:40:4f:18:f8:7f:
         ac:00:d3:ab:19:bd:08:bd:76:d0:cb:dc:55:4f:78:e7:6b:e9:
         92:03:82:09:80:cb:d0:76:2b:ec:64:b2:61:5c:dd:84:e3:24:
         5e:44:a0:34:d3:8f:17:49:e1:e9:4a:e9:23:d0:0b:f2:6f:3e:
         54:da:3b:bf:5b:af:ab:1e:73:b8:5b:26:58:32:72:70:b4:03:
         45:b9:70:49:11:d3:aa:ad:c5:f7:93:09:ce:6d:3f:34:0e:58:
         49:64:eb:ba:60:eb:9c:93:21:d5:3f:f1:01:60:4a:c0:e4:87:
         af:63:76:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwAea2mwTjp5G9PUUpumlqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTI3MTcyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE1MTNhMWMzYTkwMTNlZWMwNjE3OWI0ZjA4NzcxYjgxNDQ0YTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjostlNdqgMyrc66HHvT9byLSPG45
DfkamGCAnwbQh+d3ZOgp0KftzRV8TsSVP5BQJ+ZVZK/X/1FMEt3iAFmkMVhfXcOF
C8pwEVG4pUKSQdCXX8wJlsiQaWu8L7OkbOkoRSXu4PY1cwkvrSFpMMmj2wbeSdRj
V6N+Mz67QLpqatlM6VnoxMSkKma/AgWzcYtFSZl/KYkuPL5Z7wwx2oriz792kpdb
4a6MsgOdfkpo/XCFm2M+Q36ZXIOADOhIv7Nwm7apQpngDaFFGt1hmSIuE1Iu/lyq
q9e/btpD/hHi8rRRe4Myh+AhftP/ol/Pn7U1Y8pOaZY8YT/OQEtxrohXdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNilE6HDqQE+7AYXm08IdxuBREpZMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvMktVVG9jT3BBVDdzQmhlYlR3aDNHNEZFU2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSf8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5BSXWxMCHB5Dmd12HUgTjBNU6l9lhZf+rGSQ22E/I
Zf23DQKRcamSmExtfzrA9jqxuHIRyQYlUlZbuIG4yGLPJNSPu3zy7dFAwcCGs/9/
U5rpJDSNahPhqjMEvLkLgE8v/PlEbUk17VqENSg5c/xtTFxAEoUPLPpXJdshWg4A
jXeH3ij4U0v/BxSmQE8Y+H+sANOrGb0IvXbQy9xVT3jna+mSA4IJgMvQdivsZLJh
XN2E4yReRKA0048XSeHpSukj0Avybz5U2ju/W6+rHnO4WyZYMnJwtANFuXBJEdOq
rcX3kwnObT80DlhJZOu6YOuckyHVP/EBYErA5IevY3ae
-----END CERTIFICATE-----