Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/85Q2BPZ8YrJ4JSMOhyIE7VjIm4A.roa
File:                     85Q2BPZ8YrJ4JSMOhyIE7VjIm4A.roa (raw, json)
Hash identifier:          BN/ts7p0HOLbx5n5to0Fap17/wIm1nJi+AFg7t64Ih0=
Subject key identifier:   F3:94:36:04:F6:7C:62:B2:78:25:23:0E:87:22:04:ED:58:C8:9B:80
Certificate issuer:       /CN=1b1504baf82ef8eb0ae508af40b638e3660a5488
Certificate serial:       019B7DC92F8CB925A974DC457D449A2E34D4
Authority key identifier: 1B:15:04:BA:F8:2E:F8:EB:0A:E5:08:AF:40:B6:38:E3:66:0A:54:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/85Q2BPZ8YrJ4JSMOhyIE7VjIm4A.roa
Signing time:             Fri 02 Jan 2026 08:18:15 +0000
ROA not before:           Fri 02 Jan 2026 08:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210459
IP address blocks:        77.81.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:2f:8c:b9:25:a9:74:dc:45:7d:44:9a:2e:34:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1504baf82ef8eb0ae508af40b638e3660a5488
        Validity
            Not Before: Jan  2 08:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3943604f67c62b27825230e872204ed58c89b80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:a5:76:da:f8:7d:18:97:08:a7:be:05:1d:88:
                    e9:a3:e0:22:98:07:c5:c8:aa:e2:04:51:d8:c8:82:
                    01:61:72:5e:e4:f0:77:d8:4c:18:94:5f:a7:8e:3b:
                    78:d2:ce:1b:5c:a4:5e:15:10:67:87:fa:92:b3:d6:
                    0c:86:b7:2e:64:51:20:b1:59:67:08:24:14:ab:65:
                    51:77:4c:a1:76:d1:e1:59:bd:95:45:36:cd:2b:5a:
                    5c:92:9b:c2:08:cd:e0:49:a0:d9:c4:35:57:92:02:
                    27:0c:6f:58:2e:97:f5:97:c2:fd:10:03:1f:d1:8a:
                    6a:c1:e0:02:82:97:23:a7:83:aa:58:36:64:e5:b9:
                    9e:c7:1f:34:11:93:50:aa:44:a3:65:5f:ab:59:4b:
                    32:16:f2:fa:9b:54:d3:80:95:35:71:a6:a1:16:9f:
                    03:42:eb:a9:bf:27:29:01:88:05:61:08:e7:4d:b7:
                    ce:c7:1f:94:8e:f4:17:bf:6a:2b:f1:49:a3:1f:0d:
                    a1:a9:0a:ff:92:80:c8:0d:20:90:53:71:23:8a:6c:
                    f8:75:df:41:e2:a3:1c:24:3c:c7:ef:15:fe:d3:f5:
                    f0:31:f1:02:be:af:92:2a:14:7d:65:8a:24:96:05:
                    21:d4:34:27:46:1b:3d:99:2d:58:72:34:d5:1d:5f:
                    1d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:94:36:04:F6:7C:62:B2:78:25:23:0E:87:22:04:ED:58:C8:9B:80
            X509v3 Authority Key Identifier:
                keyid:1B:15:04:BA:F8:2E:F8:EB:0A:E5:08:AF:40:B6:38:E3:66:0A:54:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/85Q2BPZ8YrJ4JSMOhyIE7VjIm4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:13:2c:0d:08:8f:1a:9d:6b:65:6b:06:87:09:12:e5:7e:ca:
         fd:e2:ab:db:8f:c3:3d:50:17:5c:69:87:e7:d0:79:83:f7:3a:
         d3:43:10:12:41:a3:34:24:27:e3:f0:d2:04:64:13:10:4a:b7:
         e7:1e:06:97:26:36:24:a0:9a:c6:5f:73:37:ca:e2:fc:67:03:
         d3:4a:82:a5:2d:cd:ce:d6:80:a9:af:76:ca:f4:09:f5:52:25:
         3a:32:98:e9:80:fc:83:f1:97:52:84:b4:db:69:62:2d:7a:98:
         bd:22:b8:f2:5c:1c:7e:eb:5a:e7:f6:21:d4:92:46:ef:bf:40:
         9b:f2:50:45:28:fb:51:09:ff:bf:f3:c3:35:ed:65:60:a1:32:
         e5:8a:bc:e3:87:6f:c7:9d:fc:c8:d7:0e:d9:11:ea:66:d0:39:
         5a:ba:42:3b:a4:55:90:38:41:f5:03:9c:30:8c:7b:dd:84:e6:
         ce:f7:7e:9d:b1:26:e9:7a:dc:ee:78:95:97:54:b1:22:34:51:
         41:82:fa:ef:51:10:c3:7f:e7:74:91:59:d9:82:0f:bf:a1:6c:
         c5:f9:55:e1:2a:4b:91:c8:02:ae:32:20:54:6f:50:83:ce:a5:
         49:c7:77:65:bb:24:ed:fb:19:89:17:9c:e7:a6:26:16:41:4e:
         68:91:db:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yS+MuSWpdNxFfUSaLjTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTUwNGJhZjgyZWY4ZWIwYWU1MDhhZjQwYjYzOGUzNjYw
YTU0ODgwHhcNMjYwMTAyMDgxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk0MzYwNGY2N2M2MmIyNzgyNTIzMGU4NzIyMDRlZDU4Yzg5YjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9KV22vh9GJcIp74FHYjpo+AimAfF
yKriBFHYyIIBYXJe5PB32EwYlF+njjt40s4bXKReFRBnh/qSs9YMhrcuZFEgsVln
CCQUq2VRd0yhdtHhWb2VRTbNK1pckpvCCM3gSaDZxDVXkgInDG9YLpf1l8L9EAMf
0YpqweACgpcjp4OqWDZk5bmexx80EZNQqkSjZV+rWUsyFvL6m1TTgJU1caahFp8D
QuupvycpAYgFYQjnTbfOxx+UjvQXv2or8UmjHw2hqQr/koDIDSCQU3Ejimz4dd9B
4qMcJDzH7xX+0/XwMfECvq+SKhR9ZYoklgUh1DQnRhs9mS1YcjTVHV8dXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOUNgT2fGKyeCUjDociBO1YyJuAMB8GA1UdIwQY
MBaAFBsVBLr4LvjrCuUIr0C2OONmClSIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hVRXV2Z3UtT3NLNVFpdlFMWTQ0MllLVklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yYjdmNzAtZmFkMS00MDNjLWIwOGUt
MmMzZWE0Yjg2ZTIwLzEvODVRMkJQWjhZcko0SlNNT2h5SUU3VmpJbTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yYjdmNzAtZmFkMS00MDNjLWIwOGUtMmMzZWE0Yjg2ZTIw
LzEvR3hVRXV2Z3UtT3NLNVFpdlFMWTQ0MllLVklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVGxMA0G
CSqGSIb3DQEBCwUAA4IBAQCZEywNCI8anWtlawaHCRLlfsr94qvbj8M9UBdcaYfn
0HmD9zrTQxASQaM0JCfj8NIEZBMQSrfnHgaXJjYkoJrGX3M3yuL8ZwPTSoKlLc3O
1oCpr3bK9An1UiU6MpjpgPyD8ZdShLTbaWItepi9IrjyXBx+61rn9iHUkkbvv0Cb
8lBFKPtRCf+/88M17WVgoTLlirzjh2/HnfzI1w7ZEepm0DlaukI7pFWQOEH1A5ww
jHvdhObO936dsSbpetzueJWXVLEiNFFBgvrvURDDf+d0kVnZgg+/oWzF+VXhKkuR
yAKuMiBUb1CDzqVJx3dluyTt+xmJF5znpiYWQU5okdu2
-----END CERTIFICATE-----