Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/2S62mTmjDl4px8NNmk9NduukcXk.roa
File:                     2S62mTmjDl4px8NNmk9NduukcXk.roa (raw, json)
Hash identifier:          xYOYC1MdsFxurlcP8/NupJrR7Rlh58ssFzFiALiUCRE=
Subject key identifier:   D9:2E:B6:99:39:A3:0E:5E:29:C7:C3:4D:9A:4F:4D:76:EB:A4:71:79
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       019C284758F25D3C9CF9CBA84D7E169AE0DE
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/2S62mTmjDl4px8NNmk9NduukcXk.roa
Signing time:             Wed 04 Feb 2026 10:51:30 +0000
ROA not before:           Wed 04 Feb 2026 10:51:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        85.116.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:28:47:58:f2:5d:3c:9c:f9:cb:a8:4d:7e:16:9a:e0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Feb  4 10:51:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d92eb69939a30e5e29c7c34d9a4f4d76eba47179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b5:d9:79:c5:17:d0:4d:0e:c3:9e:16:13:04:
                    23:33:f8:92:ec:a4:d0:8f:84:7e:56:17:08:b5:02:
                    d3:77:3f:11:4a:19:f0:b9:d5:73:d1:b0:f4:2f:fd:
                    e4:f9:8a:3e:29:6e:88:4e:f9:41:86:a0:83:ea:1d:
                    8c:88:13:e9:bb:51:41:91:36:96:e7:05:ca:31:aa:
                    63:27:05:cc:fa:80:06:cf:6c:44:91:a8:d5:a4:29:
                    ae:2c:df:1f:bb:ac:a8:ca:93:ff:24:78:62:80:98:
                    7a:7a:bc:2c:80:c9:a3:5e:ba:da:6e:e6:1b:99:4c:
                    6a:12:39:ef:93:a8:aa:ca:25:e4:46:3f:87:e3:d1:
                    97:12:f1:a4:9d:12:f9:fe:d4:5e:8b:a2:b2:38:2d:
                    7d:34:2e:76:da:df:c9:c1:ab:c7:f6:fd:b3:2d:f3:
                    cc:8e:f5:83:44:61:59:44:b4:49:c9:b6:d4:08:df:
                    99:5c:5a:52:60:d1:1e:05:25:4d:08:83:b0:22:ad:
                    c8:6c:e8:40:59:8b:fb:3c:f5:cd:bd:e3:d0:3b:49:
                    63:09:1f:a6:10:be:5a:d6:7b:d3:b9:4f:f3:57:e2:
                    52:49:4d:5a:27:95:1a:66:d0:b7:84:e1:54:af:97:
                    3a:27:c1:88:55:1d:fa:21:67:45:dd:e4:90:56:32:
                    31:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:2E:B6:99:39:A3:0E:5E:29:C7:C3:4D:9A:4F:4D:76:EB:A4:71:79
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/2S62mTmjDl4px8NNmk9NduukcXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:bc:0d:99:8f:88:21:0c:ab:3a:4d:71:fa:0b:cb:38:bb:10:
         40:59:3c:39:66:d0:93:1b:a1:a2:8e:16:da:f4:c8:cf:64:d8:
         09:d1:9b:4e:d6:c9:63:cc:e2:be:50:86:d0:86:1e:63:7d:0d:
         17:24:3e:63:cc:5f:20:c8:22:73:1c:36:b0:39:25:a7:77:97:
         87:cf:35:1a:30:39:f9:2a:a7:a8:1d:db:dd:0c:34:5e:69:f3:
         00:92:f0:fd:17:92:5c:c3:bc:73:9b:45:80:5f:92:b3:11:8b:
         c3:61:97:44:24:72:79:66:3f:fc:2d:59:b4:44:05:d5:40:c2:
         1a:f9:97:d5:1c:72:0d:9d:0b:08:3d:b8:c4:41:27:7c:d2:5d:
         f6:ef:95:27:3e:4b:7d:fe:75:1d:c6:9c:60:5b:69:a3:52:11:
         7f:a8:34:27:a6:3d:81:aa:2d:5c:5e:07:5a:81:ea:2f:fa:d2:
         29:df:58:4a:6d:40:70:60:a3:47:93:26:fb:0f:d9:9f:5c:7b:
         ca:c1:59:e9:d1:2f:53:1d:3f:55:1d:f0:4a:80:37:8f:3f:5a:
         90:8b:66:d2:54:c5:af:00:71:f1:fc:3d:b8:66:5f:ee:8c:04:
         82:5d:93:cc:1f:a4:ad:58:f0:34:00:7e:e7:24:96:fb:22:64:
         c3:bf:5a:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwoR1jyXTyc+cuoTX4WmuDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjYwMjA0MTA1MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTJlYjY5OTM5YTMwZTVlMjljN2MzNGQ5YTRmNGQ3NmViYTQ3MTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rXZecUX0E0Ow54WEwQjM/iS7KTQ
j4R+VhcItQLTdz8RShnwudVz0bD0L/3k+Yo+KW6ITvlBhqCD6h2MiBPpu1FBkTaW
5wXKMapjJwXM+oAGz2xEkajVpCmuLN8fu6yoypP/JHhigJh6erwsgMmjXrrabuYb
mUxqEjnvk6iqyiXkRj+H49GXEvGknRL5/tRei6KyOC19NC522t/JwavH9v2zLfPM
jvWDRGFZRLRJybbUCN+ZXFpSYNEeBSVNCIOwIq3IbOhAWYv7PPXNvePQO0ljCR+m
EL5a1nvTuU/zV+JSSU1aJ5UaZtC3hOFUr5c6J8GIVR36IWdF3eSQVjIxcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkutpk5ow5eKcfDTZpPTXbrpHF5MB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvMlM2Mm1UbWpEbDRweDhOTm1rOU5kdXVrY1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXTEMA0G
CSqGSIb3DQEBCwUAA4IBAQAfvA2Zj4ghDKs6TXH6C8s4uxBAWTw5ZtCTG6Gijhba
9MjPZNgJ0ZtO1sljzOK+UIbQhh5jfQ0XJD5jzF8gyCJzHDawOSWnd5eHzzUaMDn5
KqeoHdvdDDReafMAkvD9F5Jcw7xzm0WAX5KzEYvDYZdEJHJ5Zj/8LVm0RAXVQMIa
+ZfVHHINnQsIPbjEQSd80l3275UnPkt9/nUdxpxgW2mjUhF/qDQnpj2Bqi1cXgda
geov+tIp31hKbUBwYKNHkyb7D9mfXHvKwVnp0S9THT9VHfBKgDePP1qQi2bSVMWv
AHHx/D24Zl/ujASCXZPMH6StWPA0AH7nJJb7ImTDv1ra
-----END CERTIFICATE-----