Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/MtlNPbOiQrDPq9JzI5yqmhqIeu0.roa
File:                     MtlNPbOiQrDPq9JzI5yqmhqIeu0.roa (raw, json)
Hash identifier:          jVaCEGYVnh9jmEuUNesf3uuQIlhN1CzzAG7BWnlcSmA=
Subject key identifier:   32:D9:4D:3D:B3:A2:42:B0:CF:AB:D2:73:23:9C:AA:9A:1A:88:7A:ED
Certificate issuer:       /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial:       019C295D114673BC1E3BA37BE6EABD682214
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/MtlNPbOiQrDPq9JzI5yqmhqIeu0.roa
Signing time:             Wed 04 Feb 2026 15:54:50 +0000
ROA not before:           Wed 04 Feb 2026 15:54:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208728
IP address blocks:        85.222.237.0/24 maxlen: 24
                          89.255.207.0/24 maxlen: 24
                          185.223.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:29:5d:11:46:73:bc:1e:3b:a3:7b:e6:ea:bd:68:22:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
        Validity
            Not Before: Feb  4 15:54:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32d94d3db3a242b0cfabd273239caa9a1a887aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:93:69:74:fd:31:dc:55:9f:98:39:8d:91:bd:
                    59:aa:15:8c:48:58:52:69:2e:1b:36:bc:7c:7b:b6:
                    1a:83:be:0d:45:6d:87:00:18:41:4b:ef:8c:5d:24:
                    3f:d6:71:1c:87:27:a0:8d:ac:81:cb:84:8c:5c:b6:
                    92:7b:35:b8:a7:1f:b0:1f:bb:eb:99:a2:0a:60:54:
                    91:88:c1:c8:bb:fa:d5:76:7d:f2:52:db:21:b7:ac:
                    81:3f:6b:23:20:d1:4d:79:bd:78:13:af:e2:aa:a2:
                    9c:27:55:4b:10:fa:ff:1a:91:c9:31:41:8a:09:85:
                    91:f8:3a:19:b4:47:a3:ee:ab:6c:e7:bc:44:1b:af:
                    9a:16:5a:58:60:37:a5:a2:59:a7:76:59:c3:f6:6e:
                    a5:88:39:c6:f8:d8:d0:6a:0a:2a:cf:24:39:74:51:
                    d2:e2:01:82:f9:2f:25:9a:ab:ed:0e:55:7a:e2:c8:
                    71:fe:8c:2b:a9:63:13:31:72:45:75:d3:6b:fa:18:
                    e3:99:96:e2:b7:99:66:25:82:af:4d:e8:e1:e6:fc:
                    b3:c2:10:77:ac:d8:2c:cc:e5:3d:66:ee:8d:ef:50:
                    53:bc:64:b4:a2:0d:31:4c:63:d0:94:b5:b1:96:b8:
                    c6:e2:42:c2:d2:db:20:a6:be:e5:6b:7d:0b:9a:95:
                    3d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D9:4D:3D:B3:A2:42:B0:CF:AB:D2:73:23:9C:AA:9A:1A:88:7A:ED
            X509v3 Authority Key Identifier:
                keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/MtlNPbOiQrDPq9JzI5yqmhqIeu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.237.0/24
                  89.255.207.0/24
                  185.223.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:91:b7:62:41:05:87:1a:2e:1a:1e:87:37:9f:25:8f:15:25:
         f8:69:17:83:ac:92:bb:2c:b9:91:09:cf:b7:06:4b:25:b4:16:
         55:ac:93:4a:6c:6f:58:e2:a5:65:b8:9a:3a:e8:c6:6d:f3:a8:
         a8:45:45:cc:e0:ab:da:b8:da:38:4d:cc:3e:0f:21:4a:a1:1a:
         9a:e1:40:3f:22:6b:5b:89:f0:fc:5c:c8:b9:8a:b3:62:ea:51:
         92:50:3c:00:2f:25:54:3e:db:05:cf:7e:ed:79:d0:c0:24:ec:
         56:13:84:0a:c3:a2:fa:5f:c0:7c:da:a1:ce:80:16:8e:89:83:
         04:c7:75:8d:ce:81:b8:c2:da:a4:c1:d1:d4:9b:e0:bc:42:01:
         7d:a8:94:88:5e:fd:30:ff:a8:17:0c:1b:ad:d6:8a:e3:65:e8:
         7e:d9:cd:e0:b9:d4:88:85:29:b7:d7:b2:d5:17:e6:af:08:2b:
         7f:ab:4f:7d:c3:4a:0d:f3:d7:9b:6b:c6:38:a2:6c:64:25:4c:
         97:4f:8a:2c:a6:91:a9:90:02:31:5a:ca:47:d0:d4:de:d3:e5:
         a8:55:07:be:a6:15:6b:9b:71:40:4b:fd:92:a2:e4:55:b0:c1:
         ce:56:83:fa:cb:31:d7:a4:65:bb:17:37:b0:dd:77:bc:99:d5:
         d2:f9:27:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwpXRFGc7weO6N75uq9aCIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjYwMjA0MTU1NDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQ5NGQzZGIzYTI0MmIwY2ZhYmQyNzMyMzljYWE5YTFhODg3YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZNpdP0x3FWfmDmNkb1ZqhWMSFhS
aS4bNrx8e7Yag74NRW2HABhBS++MXSQ/1nEchyegjayBy4SMXLaSezW4px+wH7vr
maIKYFSRiMHIu/rVdn3yUtsht6yBP2sjINFNeb14E6/iqqKcJ1VLEPr/GpHJMUGK
CYWR+DoZtEej7qts57xEG6+aFlpYYDelolmndlnD9m6liDnG+NjQagoqzyQ5dFHS
4gGC+S8lmqvtDlV64shx/owrqWMTMXJFddNr+hjjmZbit5lmJYKvTejh5vyzwhB3
rNgszOU9Zu6N71BTvGS0og0xTGPQlLWxlrjG4kLC0tsgpr7la30LmpU9XQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDLZTT2zokKwz6vScyOcqpoaiHrtMB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvTXRsTlBiT2lRckRQcTlKekk1eXFtaHFJZXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVd7tAwQA
Wf/PAwQAud9VMA0GCSqGSIb3DQEBCwUAA4IBAQBFkbdiQQWHGi4aHoc3nyWPFSX4
aReDrJK7LLmRCc+3BksltBZVrJNKbG9Y4qVluJo66MZt86ioRUXM4KvauNo4Tcw+
DyFKoRqa4UA/ImtbifD8XMi5irNi6lGSUDwALyVUPtsFz37tedDAJOxWE4QKw6L6
X8B82qHOgBaOiYMEx3WNzoG4wtqkwdHUm+C8QgF9qJSIXv0w/6gXDBut1orjZeh+
2c3gudSIhSm317LVF+avCCt/q099w0oN89eba8Y4omxkJUyXT4osppGpkAIxWspH
0NTe0+WoVQe+phVrm3FAS/2SouRVsMHOVoP6yzHXpGW7Fzew3Xe8mdXS+Sdy
-----END CERTIFICATE-----