Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/81IrEqThFJ71oZltC7sydtXNojo.roa
File:                     81IrEqThFJ71oZltC7sydtXNojo.roa (raw, json)
Hash identifier:          tEfEiIXn9wfKX7SvDjdARvZLxRgzMJ/S8JlSOukelog=
Subject key identifier:   F3:52:2B:12:A4:E1:14:9E:F5:A1:99:6D:0B:BB:32:76:D5:CD:A2:3A
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019D860AADCC0147953A524D745364C61DE3
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/81IrEqThFJ71oZltC7sydtXNojo.roa
Signing time:             Mon 13 Apr 2026 08:52:20 +0000
ROA not before:           Mon 13 Apr 2026 08:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51167
IP address blocks:        85.232.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:0a:ad:cc:01:47:95:3a:52:4d:74:53:64:c6:1d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 13 08:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3522b12a4e1149ef5a1996d0bbb3276d5cda23a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:8c:5d:b3:87:20:4b:c5:7e:a0:5d:58:ec:b9:
                    61:86:70:00:65:f7:8c:e1:2c:02:b4:77:f9:ae:09:
                    74:79:df:be:87:97:dd:50:e3:fd:bc:2b:c8:2f:f6:
                    2e:5e:bb:ec:c7:35:9c:1c:92:18:ef:42:77:8b:7a:
                    62:d2:85:97:44:2c:7d:a8:51:26:89:c1:7b:7a:08:
                    15:ef:3d:4b:64:79:1f:d1:15:08:b5:22:25:13:ad:
                    ed:2c:13:c2:5a:12:56:2a:d1:54:b2:d3:0c:5b:ca:
                    a8:7b:3c:cb:bd:dd:84:61:0d:65:98:e6:45:d2:3a:
                    de:4f:e2:2e:17:44:17:f3:86:77:95:bf:65:cf:c8:
                    17:95:f6:a2:6d:2d:de:16:22:1b:c7:99:5b:2c:59:
                    c3:87:8e:a3:cd:fb:b8:e4:8c:42:e4:48:05:48:84:
                    df:ac:9a:44:17:e1:5c:83:b3:2b:5e:aa:e8:09:6b:
                    8a:8b:49:e8:96:38:fc:3f:81:c0:a2:bb:f8:68:a5:
                    78:51:ad:b1:38:ec:a2:55:8f:4e:08:34:85:74:a1:
                    8e:4f:bf:a6:7b:db:0a:bf:eb:8c:0d:5e:ee:88:b4:
                    7f:9e:f1:3c:22:0a:87:bc:96:e2:db:eb:ea:a3:79:
                    8a:d9:2b:76:23:ad:7f:15:30:0a:ef:65:cd:a9:3a:
                    37:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:52:2B:12:A4:E1:14:9E:F5:A1:99:6D:0B:BB:32:76:D5:CD:A2:3A
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/81IrEqThFJ71oZltC7sydtXNojo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:66:b6:d9:40:3a:f5:f4:7e:a6:5d:18:75:24:e2:c6:be:50:
         9f:95:16:69:42:a4:35:7d:5e:90:86:fa:fc:30:a0:20:02:80:
         5f:cd:dc:f5:01:12:9a:9e:25:67:c7:1c:d8:99:51:b2:04:6c:
         c2:ae:42:7c:67:ac:a4:c0:9a:49:bd:1b:55:37:6a:b2:9c:7b:
         4e:73:63:c2:0a:a3:2e:13:0b:79:9e:92:39:2b:28:62:18:2a:
         6c:fb:dd:a7:ad:1e:9d:10:c6:ab:57:4d:2c:af:de:c8:69:38:
         a6:d1:47:a4:28:85:82:e6:1a:a2:af:40:aa:38:47:59:54:d6:
         dd:35:50:1e:dd:f7:92:46:28:6f:e1:8d:93:b5:bd:4c:2c:8c:
         be:c0:00:60:52:5d:ed:a9:27:c3:45:ab:d1:57:e6:61:f6:87:
         7a:c8:af:97:ea:02:33:29:82:9e:ef:bd:eb:a4:68:83:1c:e1:
         fe:aa:12:b7:04:ea:ee:c2:a4:d9:72:10:46:1e:33:15:f1:db:
         c9:2a:56:e4:8b:58:1d:bf:4c:4f:83:f5:b8:48:b1:9b:7d:4d:
         58:9f:d9:f3:20:6f:f7:12:54:68:40:e6:b8:0d:30:bc:d0:ec:
         a5:53:2b:20:db:56:0f:64:8f:ac:4c:96:06:56:b0:a4:f3:de:
         5c:ae:a5:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GCq3MAUeVOlJNdFNkxh3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDEzMDg1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzUyMmIxMmE0ZTExNDllZjVhMTk5NmQwYmJiMzI3NmQ1Y2RhMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7oxds4cgS8V+oF1Y7LlhhnAAZfeM
4SwCtHf5rgl0ed++h5fdUOP9vCvIL/YuXrvsxzWcHJIY70J3i3pi0oWXRCx9qFEm
icF7eggV7z1LZHkf0RUItSIlE63tLBPCWhJWKtFUstMMW8qoezzLvd2EYQ1lmOZF
0jreT+IuF0QX84Z3lb9lz8gXlfaibS3eFiIbx5lbLFnDh46jzfu45IxC5EgFSITf
rJpEF+Fcg7MrXqroCWuKi0noljj8P4HAorv4aKV4Ua2xOOyiVY9OCDSFdKGOT7+m
e9sKv+uMDV7uiLR/nvE8IgqHvJbi2+vqo3mK2St2I61/FTAK72XNqTo3HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNSKxKk4RSe9aGZbQu7MnbVzaI6MB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvODFJckVxVGhGSjcxb1psdEM3c3lkdFhOb2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei0MA0G
CSqGSIb3DQEBCwUAA4IBAQA5ZrbZQDr19H6mXRh1JOLGvlCflRZpQqQ1fV6Qhvr8
MKAgAoBfzdz1ARKaniVnxxzYmVGyBGzCrkJ8Z6ykwJpJvRtVN2qynHtOc2PCCqMu
Ewt5npI5KyhiGCps+92nrR6dEMarV00sr97IaTim0UekKIWC5hqir0CqOEdZVNbd
NVAe3feSRihv4Y2Ttb1MLIy+wABgUl3tqSfDRavRV+Zh9od6yK+X6gIzKYKe773r
pGiDHOH+qhK3BOruwqTZchBGHjMV8dvJKlbki1gdv0xPg/W4SLGbfU1Yn9nzIG/3
ElRoQOa4DTC80OylUysg21YPZI+sTJYGVrCk895crqUd
-----END CERTIFICATE-----