Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bTS3b_uV6axfBrwNTrYfjMmOF3U.roa
File:                     bTS3b_uV6axfBrwNTrYfjMmOF3U.roa (raw, json)
Hash identifier:          oWLpGKIZkW0l4H3BurMofQ3iPXdEr+qIAl7ZtFjGTwU=
Subject key identifier:   6D:34:B7:6F:FB:95:E9:AC:5F:06:BC:0D:4E:B6:1F:8C:C9:8E:17:75
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019D8901A78EDAF6DA20BDA58B5CD0367C5C
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bTS3b_uV6axfBrwNTrYfjMmOF3U.roa
Signing time:             Mon 13 Apr 2026 22:41:20 +0000
ROA not before:           Mon 13 Apr 2026 22:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12978
IP address blocks:        85.153.160.0/24 maxlen: 24
                          85.153.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:89:01:a7:8e:da:f6:da:20:bd:a5:8b:5c:d0:36:7c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Apr 13 22:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d34b76ffb95e9ac5f06bc0d4eb61f8cc98e1775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4f:3d:d7:73:0c:70:39:5a:70:08:e0:61:41:
                    d4:da:5c:ce:f9:f3:ac:ba:fe:eb:65:0b:63:e5:9c:
                    57:5b:e6:97:09:70:23:18:4d:8a:13:d4:1c:20:78:
                    65:ec:64:99:ee:1d:b8:92:13:34:c3:a5:58:17:fc:
                    55:94:0d:ba:a0:a5:78:7b:9d:57:3e:7c:1e:6d:7e:
                    a6:4a:ef:e4:48:f3:2e:4e:4e:6b:5c:c4:84:9d:6f:
                    2b:18:10:16:a9:40:c6:bc:10:8a:57:10:f1:8f:fe:
                    79:40:81:24:0f:62:d8:6c:18:3f:46:e1:f1:8c:be:
                    6e:e6:0e:82:c1:79:49:61:84:ca:61:88:97:fe:ec:
                    b5:42:39:a2:41:8d:08:06:e7:0d:23:a0:75:32:88:
                    4a:75:5a:1d:e3:6c:bc:1b:a3:6f:91:8d:84:b9:81:
                    54:6b:8d:08:71:c4:52:28:52:43:9f:8f:66:fa:0f:
                    b2:d2:c2:34:7c:00:04:22:08:60:4c:5e:db:40:53:
                    3d:07:11:b6:c4:e6:be:f3:13:42:2e:28:49:5d:0c:
                    90:8e:a2:29:5d:87:d0:bb:6c:de:18:63:53:be:48:
                    8c:86:f3:ca:d2:a8:82:fe:05:b1:d2:92:de:bc:06:
                    86:7d:96:be:16:53:d2:b1:86:36:f9:c8:04:7c:88:
                    2a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:34:B7:6F:FB:95:E9:AC:5F:06:BC:0D:4E:B6:1F:8C:C9:8E:17:75
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bTS3b_uV6axfBrwNTrYfjMmOF3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.160.0/24
                  85.153.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:1a:d7:e5:96:4d:6d:e9:94:e5:e1:24:35:9b:06:64:a3:50:
         28:7c:9b:30:ee:91:12:c1:a8:a9:e0:4e:a1:9d:1f:fa:1e:c3:
         e3:67:3a:58:d0:cc:ff:98:a0:08:c6:eb:54:56:11:ff:db:b4:
         fb:65:d3:c0:d4:51:4d:94:89:2c:bf:23:49:ce:b6:4d:85:79:
         31:8e:fb:99:15:86:8a:8d:fd:0f:65:9d:1b:38:9e:99:c4:9b:
         46:80:37:1c:72:15:c6:33:43:2d:15:32:16:82:92:e3:95:20:
         6a:ad:dc:c0:ab:6e:14:19:a7:f2:47:95:b9:20:f0:1b:2b:25:
         3c:e6:2c:bf:9b:67:4c:ec:87:c7:d0:0f:ea:db:08:d2:51:ef:
         b9:12:23:b5:9f:53:65:9a:ce:5b:46:71:d3:55:6a:22:1c:1b:
         9a:e9:bb:4b:80:a0:2f:f9:07:e2:ed:e8:da:35:a3:ba:ad:f7:
         56:75:b8:a6:23:be:4f:fa:36:54:8f:d1:8c:34:bb:0f:80:c2:
         1c:1e:90:06:83:d2:ac:28:93:eb:76:75:79:d5:fc:d3:eb:e9:
         91:5e:1e:cb:61:e6:5f:bd:49:78:2c:c0:87:48:ff:05:94:f4:
         2c:1a:c4:18:8c:98:9e:73:0d:6a:23:86:13:27:01:49:38:af:
         db:b6:03:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2JAaeO2vbaIL2li1zQNnxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjYwNDEzMjI0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDM0Yjc2ZmZiOTVlOWFjNWYwNmJjMGQ0ZWI2MWY4Y2M5OGUxNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU8913MMcDlacAjgYUHU2lzO+fOs
uv7rZQtj5ZxXW+aXCXAjGE2KE9QcIHhl7GSZ7h24khM0w6VYF/xVlA26oKV4e51X
PnwebX6mSu/kSPMuTk5rXMSEnW8rGBAWqUDGvBCKVxDxj/55QIEkD2LYbBg/RuHx
jL5u5g6CwXlJYYTKYYiX/uy1QjmiQY0IBucNI6B1MohKdVod42y8G6NvkY2EuYFU
a40IccRSKFJDn49m+g+y0sI0fAAEIghgTF7bQFM9BxG2xOa+8xNCLihJXQyQjqIp
XYfQu2zeGGNTvkiMhvPK0qiC/gWx0pLevAaGfZa+FlPSsYY2+cgEfIgqCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG00t2/7lemsXwa8DU62H4zJjhd1MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYlRTM2JfdVY2YXhmQnJ3TlRyWWZqTW1PRjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVZmgAwQA
VZnGMA0GCSqGSIb3DQEBCwUAA4IBAQBvGtfllk1t6ZTl4SQ1mwZko1AofJsw7pES
waip4E6hnR/6HsPjZzpY0Mz/mKAIxutUVhH/27T7ZdPA1FFNlIksvyNJzrZNhXkx
jvuZFYaKjf0PZZ0bOJ6ZxJtGgDccchXGM0MtFTIWgpLjlSBqrdzAq24UGafyR5W5
IPAbKyU85iy/m2dM7IfH0A/q2wjSUe+5EiO1n1Nlms5bRnHTVWoiHBua6btLgKAv
+Qfi7ejaNaO6rfdWdbimI75P+jZUj9GMNLsPgMIcHpAGg9KsKJPrdnV51fzT6+mR
Xh7LYeZfvUl4LMCHSP8FlPQsGsQYjJiecw1qI4YTJwFJOK/btgNb
-----END CERTIFICATE-----