Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/pUq5FgDmcbsOBzOSxvfT-61HYXc.roa
File:                     pUq5FgDmcbsOBzOSxvfT-61HYXc.roa (raw, json)
Hash identifier:          UB81wheS00LuQ/3CNRheeKScZVmaRZ7KVUFOcqWElYY=
Subject key identifier:   A5:4A:B9:16:00:E6:71:BB:0E:07:33:92:C6:F7:D3:FB:AD:47:61:77
Certificate issuer:       /CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
Certificate serial:       019B797F360AB0EC78D480B0CE4E0134EBA0
Authority key identifier: 67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/pUq5FgDmcbsOBzOSxvfT-61HYXc.roa
Signing time:             Thu 01 Jan 2026 12:18:58 +0000
ROA not before:           Thu 01 Jan 2026 12:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43545
IP address blocks:        85.202.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:36:0a:b0:ec:78:d4:80:b0:ce:4e:01:34:eb:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
        Validity
            Not Before: Jan  1 12:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a54ab91600e671bb0e073392c6f7d3fbad476177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:47:88:27:72:61:fa:2e:dd:92:8c:63:64:da:
                    70:50:3e:d0:fe:4c:e1:77:bf:94:65:a0:71:b0:75:
                    25:b6:48:58:96:01:c1:24:f7:9d:be:fd:22:e5:68:
                    84:80:e0:cc:4e:09:f5:62:29:36:2f:17:35:e5:14:
                    f0:6c:f9:83:1d:86:2d:36:9b:b6:42:ac:36:76:29:
                    25:ff:e8:72:ef:bc:6a:4d:74:dc:68:cf:6d:e8:cf:
                    06:d5:18:21:2b:2f:fe:fa:78:1d:b7:41:74:e7:08:
                    80:ef:a5:b8:c7:cf:c1:a8:2c:ec:56:d4:a1:33:34:
                    ea:9a:a1:d8:44:aa:01:13:a9:f7:35:47:87:c7:6c:
                    33:d9:8a:1e:4b:3a:51:7a:fd:97:66:16:6a:fa:ea:
                    99:9b:d1:aa:09:e7:89:c7:66:18:c8:3f:56:20:41:
                    20:f8:33:89:7b:1f:f5:99:1e:c5:ca:a7:13:ab:80:
                    d5:15:39:c2:15:e9:09:da:8b:cf:8c:2d:ee:7b:5b:
                    de:2c:5c:63:4e:3c:a6:54:94:cd:4f:88:81:a3:8b:
                    88:7f:9c:60:df:8c:b4:f7:dc:ea:a0:a6:af:4d:c0:
                    f8:a4:d8:0c:cd:51:d3:85:cf:13:7a:86:af:af:c3:
                    ba:3b:d5:99:e4:3e:29:2f:39:95:d2:5c:6c:05:97:
                    34:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:4A:B9:16:00:E6:71:BB:0E:07:33:92:C6:F7:D3:FB:AD:47:61:77
            X509v3 Authority Key Identifier:
                keyid:67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/pUq5FgDmcbsOBzOSxvfT-61HYXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:69:c3:72:12:8b:16:88:0d:f0:dd:e7:3d:91:6a:59:9d:79:
         a1:bb:1d:ea:b1:1a:61:6d:82:99:16:79:bb:93:30:cc:ff:a9:
         bd:6c:bd:55:f5:90:85:0e:63:6a:24:b7:6e:64:72:31:bc:ce:
         bb:5b:4c:aa:ba:8a:a6:fe:ce:48:85:3f:28:12:8f:58:a0:9e:
         53:17:b3:4c:87:8c:e2:90:f2:be:ee:f7:34:92:21:ca:57:e2:
         5a:65:2e:65:96:b0:30:be:fc:3a:56:68:de:6c:0d:23:84:67:
         71:5d:37:cc:8d:2c:55:36:cb:b2:f2:94:25:de:86:d4:94:8f:
         9c:d5:3b:54:04:69:23:63:88:03:88:97:f9:87:f8:f0:13:eb:
         28:c9:2e:4f:9f:a6:9a:dd:25:30:ad:0c:d9:c1:a0:aa:a1:f4:
         e0:f2:67:15:89:65:af:05:b0:17:fc:64:a0:f0:fc:f7:6b:fd:
         76:68:4b:5d:4e:77:6f:eb:68:0f:80:43:f2:f9:ed:f6:4f:e0:
         88:06:8d:be:6f:be:6e:73:43:c5:d5:9d:bc:6e:bf:86:bd:fa:
         bb:97:a3:63:36:f7:49:97:f0:e9:e0:04:43:b4:a4:f6:4f:53:
         ab:f5:7c:5b:ba:0f:55:16:86:91:bd:86:58:f3:0b:ff:60:8d:
         42:75:01:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fzYKsOx41ICwzk4BNOugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGE2MWE4YTljOTdjMDNjZGViZTA1ZjgyNTU4ZTUxZGJm
OTA4MjEwHhcNMjYwMTAxMTIxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTRhYjkxNjAwZTY3MWJiMGUwNzMzOTJjNmY3ZDNmYmFkNDc2MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0eIJ3Jh+i7dkoxjZNpwUD7Q/kzh
d7+UZaBxsHUltkhYlgHBJPedvv0i5WiEgODMTgn1Yik2Lxc15RTwbPmDHYYtNpu2
Qqw2dikl/+hy77xqTXTcaM9t6M8G1RghKy/++ngdt0F05wiA76W4x8/BqCzsVtSh
MzTqmqHYRKoBE6n3NUeHx2wz2YoeSzpRev2XZhZq+uqZm9GqCeeJx2YYyD9WIEEg
+DOJex/1mR7FyqcTq4DVFTnCFekJ2ovPjC3ue1veLFxjTjymVJTNT4iBo4uIf5xg
34y099zqoKavTcD4pNgMzVHThc8Teoavr8O6O9WZ5D4pLzmV0lxsBZc0uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVKuRYA5nG7Dgczksb30/utR2F3MB8GA1UdIwQY
MBaAFGdKYaipyXwDzevgX4JVjlHb+QghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmIt
NGM4NmNiZTAzNjEwLzEvcFVxNUZnRG1jYnNPQnpPU3h2ZlQtNjFIWVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmItNGM4NmNiZTAzNjEw
LzEvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcrEMA0G
CSqGSIb3DQEBCwUAA4IBAQB3acNyEosWiA3w3ec9kWpZnXmhux3qsRphbYKZFnm7
kzDM/6m9bL1V9ZCFDmNqJLduZHIxvM67W0yquoqm/s5IhT8oEo9YoJ5TF7NMh4zi
kPK+7vc0kiHKV+JaZS5llrAwvvw6VmjebA0jhGdxXTfMjSxVNsuy8pQl3obUlI+c
1TtUBGkjY4gDiJf5h/jwE+soyS5Pn6aa3SUwrQzZwaCqofTg8mcViWWvBbAX/GSg
8Pz3a/12aEtdTndv62gPgEPy+e32T+CIBo2+b75uc0PF1Z28br+Gvfq7l6NjNvdJ
l/Dp4ARDtKT2T1Or9Xxbug9VFoaRvYZY8wv/YI1CdQEI
-----END CERTIFICATE-----