Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/bpt9BsJOl3owDEYCjUtmuxEN8E0.roa
File:                     bpt9BsJOl3owDEYCjUtmuxEN8E0.roa (raw, json)
Hash identifier:          nUeffKsyk9gHED4nwJFpfEhtvPTx7ZUa82CM8DIOyWQ=
Subject key identifier:   6E:9B:7D:06:C2:4E:97:7A:30:0C:46:02:8D:4B:66:BB:11:0D:F0:4D
Certificate issuer:       /CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
Certificate serial:       019B797F36B37B31ADDEC5CCA64AB661262D
Authority key identifier: 67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/bpt9BsJOl3owDEYCjUtmuxEN8E0.roa
Signing time:             Thu 01 Jan 2026 12:18:58 +0000
ROA not before:           Thu 01 Jan 2026 12:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208035
IP address blocks:        85.202.196.0/22 maxlen: 24
                          85.202.196.0/24 maxlen: 24
                          85.202.197.0/24 maxlen: 24
                          85.202.198.0/24 maxlen: 24
                          85.202.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:36:b3:7b:31:ad:de:c5:cc:a6:4a:b6:61:26:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
        Validity
            Not Before: Jan  1 12:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e9b7d06c24e977a300c46028d4b66bb110df04d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:86:20:59:48:84:60:2a:0e:d3:da:f1:2e:26:
                    91:0b:50:f6:c7:6d:7f:b8:cf:28:90:1f:81:8a:75:
                    32:14:3b:70:37:d8:5d:8f:9f:00:4e:de:62:a0:b9:
                    91:15:d9:92:22:97:d6:4b:cc:e7:84:54:d1:8c:43:
                    26:a9:64:be:ee:de:6b:24:c3:e0:8d:8e:b8:a5:c2:
                    9e:7e:43:41:de:c0:e7:a2:91:6d:bb:90:e5:60:59:
                    3e:d9:71:8e:3b:a5:29:1c:ba:55:72:e6:f6:08:22:
                    43:e8:06:aa:c2:e5:0f:a8:96:03:99:14:dc:58:a6:
                    03:3d:5d:13:6b:4a:7d:2e:23:e6:d2:f2:dd:21:97:
                    03:40:20:37:2e:1e:71:3f:88:1a:7f:06:6d:5a:a4:
                    b9:fa:8e:a1:72:d7:fa:0d:a5:a1:25:cb:21:f8:f7:
                    cf:a3:90:ef:b0:c6:1f:41:e9:0c:e2:9a:e1:02:5b:
                    af:5d:db:78:57:05:f9:d3:13:fb:52:4b:4e:53:4a:
                    5b:3d:2b:71:69:d2:af:92:7e:76:07:52:77:9f:bf:
                    3f:ea:e8:d5:ef:53:dc:e8:af:e5:56:ec:97:13:76:
                    d0:3e:24:0e:59:17:be:03:5f:0a:ca:b9:2b:04:d1:
                    a6:ad:80:2f:1e:00:f6:a6:82:5d:d1:b0:69:a6:ed:
                    73:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9B:7D:06:C2:4E:97:7A:30:0C:46:02:8D:4B:66:BB:11:0D:F0:4D
            X509v3 Authority Key Identifier:
                keyid:67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/bpt9BsJOl3owDEYCjUtmuxEN8E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:1c:3b:1b:02:23:4d:aa:16:3e:1f:34:54:f4:73:b5:3b:23:
         b0:f5:54:ec:1e:55:c4:60:27:34:0a:59:85:dd:f6:88:07:64:
         6a:12:45:12:e7:e4:d5:1d:11:8d:00:72:99:12:62:c3:8f:64:
         16:d8:4f:ef:66:63:e1:08:65:31:c6:0a:ab:1d:51:6d:74:6d:
         33:03:82:e1:4e:d5:b8:fe:f0:7c:44:b2:65:43:c1:82:bc:cb:
         bb:04:fa:a1:d7:28:82:2a:85:bd:94:14:98:f9:88:90:38:10:
         9c:f0:a6:81:e3:c8:fb:2c:13:01:85:bd:44:1a:32:68:4c:c6:
         36:6d:ef:1d:84:3c:c8:c7:57:83:10:3f:76:57:4e:af:4f:3b:
         ce:be:da:6a:12:86:61:18:79:f5:f6:b3:fc:ae:5d:e1:12:a2:
         21:a0:50:66:32:ea:15:29:c2:4f:28:91:62:0d:c9:d8:05:1c:
         18:0f:7e:f8:26:5d:a8:b1:12:39:c0:ea:34:55:a9:43:65:5c:
         47:73:bb:a1:16:d1:5f:0c:74:d9:2c:b3:94:ac:9d:61:25:4e:
         fb:de:3a:9e:a9:3a:8d:eb:c0:62:11:ad:c7:f1:2f:d0:59:fb:
         3f:f9:82:ab:16:57:ef:dc:07:c2:e9:92:d1:60:ad:0e:de:bd:
         50:b7:46:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fzazezGt3sXMpkq2YSYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGE2MWE4YTljOTdjMDNjZGViZTA1ZjgyNTU4ZTUxZGJm
OTA4MjEwHhcNMjYwMTAxMTIxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTliN2QwNmMyNGU5NzdhMzAwYzQ2MDI4ZDRiNjZiYjExMGRmMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYYgWUiEYCoO09rxLiaRC1D2x21/
uM8okB+BinUyFDtwN9hdj58ATt5ioLmRFdmSIpfWS8znhFTRjEMmqWS+7t5rJMPg
jY64pcKefkNB3sDnopFtu5DlYFk+2XGOO6UpHLpVcub2CCJD6AaqwuUPqJYDmRTc
WKYDPV0Ta0p9LiPm0vLdIZcDQCA3Lh5xP4gafwZtWqS5+o6hctf6DaWhJcsh+PfP
o5DvsMYfQekM4prhAluvXdt4VwX50xP7UktOU0pbPStxadKvkn52B1J3n78/6ujV
71Pc6K/lVuyXE3bQPiQOWRe+A18KyrkrBNGmrYAvHgD2poJd0bBppu1zewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6bfQbCTpd6MAxGAo1LZrsRDfBNMB8GA1UdIwQY
MBaAFGdKYaipyXwDzevgX4JVjlHb+QghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmIt
NGM4NmNiZTAzNjEwLzEvYnB0OUJzSk9sM293REVZQ2pVdG11eEVOOEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmItNGM4NmNiZTAzNjEw
LzEvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBfHDsbAiNNqhY+HzRU9HO1OyOw9VTsHlXEYCc0ClmF
3faIB2RqEkUS5+TVHRGNAHKZEmLDj2QW2E/vZmPhCGUxxgqrHVFtdG0zA4LhTtW4
/vB8RLJlQ8GCvMu7BPqh1yiCKoW9lBSY+YiQOBCc8KaB48j7LBMBhb1EGjJoTMY2
be8dhDzIx1eDED92V06vTzvOvtpqEoZhGHn19rP8rl3hEqIhoFBmMuoVKcJPKJFi
DcnYBRwYD374Jl2osRI5wOo0ValDZVxHc7uhFtFfDHTZLLOUrJ1hJU773jqeqTqN
68BiEa3H8S/QWfs/+YKrFlfv3AfC6ZLRYK0O3r1Qt0au
-----END CERTIFICATE-----