Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pxZoxiXoLv6JlB9BD4cRJQhq1JQ.roa
File:                     pxZoxiXoLv6JlB9BD4cRJQhq1JQ.roa (raw, json)
Hash identifier:          xihxohMXye0siExTdbCKkHpoPsWAVoq7886LxvH0VQ8=
Subject key identifier:   A7:16:68:C6:25:E8:2E:FE:89:94:1F:41:0F:87:11:25:08:6A:D4:94
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C22F0786F7E50194536C2945528E11B95
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pxZoxiXoLv6JlB9BD4cRJQhq1JQ.roa
Signing time:             Tue 03 Feb 2026 09:58:30 +0000
ROA not before:           Tue 03 Feb 2026 09:58:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216472
IP address blocks:        85.189.9.0/24 maxlen: 24
                          85.189.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:22:f0:78:6f:7e:50:19:45:36:c2:94:55:28:e1:1b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb  3 09:58:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a71668c625e82efe89941f410f871125086ad494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ba:c6:23:d5:a1:50:c6:35:35:d4:77:bc:ba:
                    9b:4e:0f:3d:26:56:4e:4b:a7:1d:9b:5a:f9:16:05:
                    8c:10:42:cb:70:1a:51:e6:95:a9:54:11:55:35:dc:
                    a5:86:11:0a:22:41:48:f0:99:00:58:50:2b:66:57:
                    74:20:36:0d:72:20:b4:45:0d:7f:2d:40:a4:88:69:
                    a0:6c:3a:6c:16:d5:5a:70:62:d7:df:15:0d:11:99:
                    0f:2e:fb:17:56:7f:21:c0:77:ce:66:a5:e5:54:37:
                    f7:1f:32:86:b7:8b:41:8b:a6:1a:73:be:f2:62:11:
                    b4:b7:68:dc:72:2b:53:a5:2f:d9:ac:2d:c7:8b:b7:
                    a3:70:ff:8e:b8:32:fc:1a:32:f5:34:9d:28:b6:92:
                    5e:3f:0a:54:30:07:55:51:61:09:5f:a3:92:30:4f:
                    48:aa:7f:a0:ec:83:76:6d:78:cb:b1:ca:08:a1:71:
                    af:77:9f:a6:c0:f2:3b:23:5a:f8:ee:6a:0f:5f:fb:
                    04:4e:a5:3d:05:3c:82:41:c1:16:8f:e9:3a:b3:74:
                    f4:7e:ab:67:ba:b3:60:22:af:d4:cc:28:a3:46:51:
                    33:4d:04:35:18:e8:d4:98:7f:7d:de:d4:f4:d8:17:
                    f9:3a:eb:6f:45:01:43:14:b1:5b:5d:5b:11:30:03:
                    07:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:16:68:C6:25:E8:2E:FE:89:94:1F:41:0F:87:11:25:08:6A:D4:94
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pxZoxiXoLv6JlB9BD4cRJQhq1JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.189.9.0/24
                  85.189.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:b8:55:71:23:9b:15:d3:9a:9f:f3:a3:2d:03:6b:4d:12:66:
         3e:83:6f:3e:d1:25:82:ee:ca:4b:69:d7:9c:0e:66:09:5d:68:
         da:5d:9b:a4:c9:d2:c8:5b:fd:2c:63:92:41:b7:bc:d3:71:24:
         09:6c:aa:76:75:d2:e0:d6:f5:c6:d3:62:7f:1e:40:d1:96:4c:
         95:2c:49:03:87:ee:b0:e2:5b:14:6f:06:d7:5c:e3:78:6b:8f:
         79:52:c9:6b:8e:d3:c4:c2:75:63:8d:ff:ff:14:7e:69:ad:3b:
         9a:0e:0f:4d:7a:75:9e:a8:f5:7c:e3:bc:1a:a5:5a:b4:26:b5:
         7a:db:f4:61:9e:0a:76:7d:5b:ee:96:ee:71:f1:01:fb:bd:9f:
         a3:76:2a:f3:2a:a9:ac:fe:39:54:ed:88:94:15:60:e2:f9:d8:
         08:ac:bd:35:10:51:f1:48:50:db:ef:a1:a7:54:d4:5c:52:8f:
         61:9c:8b:1f:ae:0a:c0:c4:e7:e1:36:7a:43:97:c2:bf:81:0e:
         ac:b1:8b:42:aa:b0:88:70:9f:0a:f5:a2:5d:34:36:08:da:8c:
         75:24:e9:6f:d1:1d:c0:97:01:56:4c:34:fb:b6:19:c3:17:8a:
         83:ba:cd:76:c8:24:ce:31:6a:18:79:e4:f1:ae:ae:a4:c3:4c:
         99:77:1a:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwi8HhvflAZRTbClFUo4RuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjAzMDk1ODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzE2NjhjNjI1ZTgyZWZlODk5NDFmNDEwZjg3MTEyNTA4NmFkNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLrGI9WhUMY1NdR3vLqbTg89JlZO
S6cdm1r5FgWMEELLcBpR5pWpVBFVNdylhhEKIkFI8JkAWFArZld0IDYNciC0RQ1/
LUCkiGmgbDpsFtVacGLX3xUNEZkPLvsXVn8hwHfOZqXlVDf3HzKGt4tBi6Yac77y
YhG0t2jccitTpS/ZrC3Hi7ejcP+OuDL8GjL1NJ0otpJePwpUMAdVUWEJX6OSME9I
qn+g7IN2bXjLscoIoXGvd5+mwPI7I1r47moPX/sETqU9BTyCQcEWj+k6s3T0fqtn
urNgIq/UzCijRlEzTQQ1GOjUmH993tT02Bf5OutvRQFDFLFbXVsRMAMHawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKcWaMYl6C7+iZQfQQ+HESUIatSUMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvcHhab3hpWG9MdjZKbEI5QkQ0Y1JKUWhxMUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVb0JAwQA
Vb0NMA0GCSqGSIb3DQEBCwUAA4IBAQCuuFVxI5sV05qf86MtA2tNEmY+g28+0SWC
7spLadecDmYJXWjaXZukydLIW/0sY5JBt7zTcSQJbKp2ddLg1vXG02J/HkDRlkyV
LEkDh+6w4lsUbwbXXON4a495UslrjtPEwnVjjf//FH5prTuaDg9NenWeqPV847wa
pVq0JrV62/Rhngp2fVvulu5x8QH7vZ+jdirzKqms/jlU7YiUFWDi+dgIrL01EFHx
SFDb76GnVNRcUo9hnIsfrgrAxOfhNnpDl8K/gQ6ssYtCqrCIcJ8K9aJdNDYI2ox1
JOlv0R3AlwFWTDT7thnDF4qDus12yCTOMWoYeeTxrq6kw0yZdxqD
-----END CERTIFICATE-----