Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/L128U4uHpPB8XXEkgPNjVcIZ9XE.roa
File:                     L128U4uHpPB8XXEkgPNjVcIZ9XE.roa (raw, json)
Hash identifier:          IYk8giMHsoZQEDIjV2cGRAdLhqHOaoQ1gIQuvMVROxs=
Subject key identifier:   2F:5D:BC:53:8B:87:A4:F0:7C:5D:71:24:80:F3:63:55:C2:19:F5:71
Certificate issuer:       /CN=6f108bd5addfabf151d9079e3d3d341269666fa7
Certificate serial:       019B7EA5761A74D76DE7C880DE9A9EE6EC6E
Authority key identifier: 6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/L128U4uHpPB8XXEkgPNjVcIZ9XE.roa
Signing time:             Fri 02 Jan 2026 12:18:51 +0000
ROA not before:           Fri 02 Jan 2026 12:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199533
IP address blocks:        89.34.124.0/24 maxlen: 24
                          185.144.115.0/24 maxlen: 24
                          2a0f:ac80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:76:1a:74:d7:6d:e7:c8:80:de:9a:9e:e6:ec:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f108bd5addfabf151d9079e3d3d341269666fa7
        Validity
            Not Before: Jan  2 12:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f5dbc538b87a4f07c5d712480f36355c219f571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1b:7d:72:64:4e:01:23:83:75:24:a6:4a:d4:
                    76:18:e3:80:cc:e2:1f:02:bd:c9:a9:d9:fe:13:1e:
                    41:a3:50:7a:4b:02:c3:c5:79:e4:59:73:ee:16:30:
                    f5:a9:ec:4f:55:70:44:8a:40:d4:67:91:39:07:1a:
                    ae:19:36:ff:7a:d9:02:59:3e:db:91:7f:d2:69:93:
                    18:2c:11:e1:37:74:ed:e7:26:dd:8c:d7:49:ec:e1:
                    0e:ad:9e:c2:55:2e:cf:d5:e9:70:76:ca:a7:b5:b2:
                    0f:dd:85:7a:82:cd:13:96:0f:33:3f:dc:d4:1f:36:
                    dc:fa:c6:5e:cc:07:08:e6:07:4d:c4:65:42:81:35:
                    ef:f3:17:62:03:96:93:1a:01:5a:5c:e8:12:dc:ce:
                    6e:22:70:df:1e:c0:1c:24:8e:ea:94:a4:ed:72:3f:
                    bb:47:04:62:90:07:9d:ee:65:ff:52:97:45:b4:3c:
                    b8:2e:2a:6e:0e:46:76:f0:a3:84:34:9e:3d:70:6f:
                    fb:1f:b4:45:a8:73:91:0e:06:81:4f:7b:d5:b6:c0:
                    35:f0:1a:6b:15:f4:35:a4:7d:92:a1:27:89:5d:fb:
                    83:ae:e5:4f:20:a4:64:a4:0c:c5:f0:46:5d:9d:30:
                    5c:fd:84:1a:58:bc:ab:b7:5e:de:8c:9f:b2:5e:fc:
                    49:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:5D:BC:53:8B:87:A4:F0:7C:5D:71:24:80:F3:63:55:C2:19:F5:71
            X509v3 Authority Key Identifier:
                keyid:6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/L128U4uHpPB8XXEkgPNjVcIZ9XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.124.0/24
                  185.144.115.0/24
                IPv6:
                  2a0f:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:4e:a9:94:72:d4:3c:16:59:a1:4a:89:c2:63:6f:3e:ae:54:
         1b:c6:f3:c4:df:da:2d:c5:b4:33:b3:ec:20:87:e4:85:ad:da:
         47:af:80:45:bc:2f:b2:83:21:da:11:08:19:c1:f8:4b:a9:77:
         45:05:4f:31:6d:44:1d:01:a0:f4:d0:30:44:89:6c:ce:12:c3:
         86:aa:44:df:29:3b:c0:0d:60:95:16:8b:56:a0:79:b8:e9:d1:
         92:c3:61:bd:15:ae:68:6f:ed:aa:cc:ff:65:34:02:40:21:04:
         75:d6:08:3f:97:93:4c:e9:71:fb:a2:4e:02:d7:3c:09:06:c2:
         0d:5b:e9:f9:24:23:50:0e:77:37:04:52:46:dc:6d:94:24:b5:
         d9:3d:f8:54:55:6b:95:b9:6c:0b:17:c4:7b:26:55:50:9d:93:
         0a:fb:55:2e:75:a3:33:72:8c:7e:99:58:eb:e0:ed:5f:99:ac:
         8c:f9:0c:74:b9:c3:e9:f8:da:df:b1:63:ca:9e:aa:cc:50:9a:
         f2:37:22:47:2c:e1:43:b9:ff:0c:e8:a6:68:ad:85:a7:3f:a2:
         45:4e:39:18:2c:e2:b1:ac:19:be:b4:03:92:d2:ec:c7:ad:af:
         f2:2f:8e:51:3f:9d:8c:25:24:b2:97:02:86:62:5d:05:59:a6:
         fc:b3:58:4f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+pXYadNdt58iA3pqe5uxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMTA4YmQ1YWRkZmFiZjE1MWQ5MDc5ZTNkM2QzNDEyNjk2
NjZmYTcwHhcNMjYwMTAyMTIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjVkYmM1MzhiODdhNGYwN2M1ZDcxMjQ4MGYzNjM1NWMyMTlmNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRt9cmROASODdSSmStR2GOOAzOIf
Ar3Jqdn+Ex5Bo1B6SwLDxXnkWXPuFjD1qexPVXBEikDUZ5E5BxquGTb/etkCWT7b
kX/SaZMYLBHhN3Tt5ybdjNdJ7OEOrZ7CVS7P1elwdsqntbIP3YV6gs0Tlg8zP9zU
Hzbc+sZezAcI5gdNxGVCgTXv8xdiA5aTGgFaXOgS3M5uInDfHsAcJI7qlKTtcj+7
RwRikAed7mX/UpdFtDy4LipuDkZ28KOENJ49cG/7H7RFqHORDgaBT3vVtsA18Bpr
FfQ1pH2SoSeJXfuDruVPIKRkpAzF8EZdnTBc/YQaWLyrt17ejJ+yXvxJDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC9dvFOLh6TwfF1xJIDzY1XCGfVxMB8GA1UdIwQY
MBaAFG8Qi9Wt36vxUdkHnj09NBJpZm+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4Nzgt
MDk3YjRkNmQ4MWU0LzEvTDEyOFU0dUhwUEI4WFhFa2dQTmpWY0laOVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4NzgtMDk3YjRkNmQ4MWU0
LzEvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWSJ8AwQA
uZBzMA0EAgACMAcDBQMqD6yAMA0GCSqGSIb3DQEBCwUAA4IBAQAsTqmUctQ8Flmh
SonCY28+rlQbxvPE39otxbQzs+wgh+SFrdpHr4BFvC+ygyHaEQgZwfhLqXdFBU8x
bUQdAaD00DBEiWzOEsOGqkTfKTvADWCVFotWoHm46dGSw2G9Fa5ob+2qzP9lNAJA
IQR11gg/l5NM6XH7ok4C1zwJBsINW+n5JCNQDnc3BFJG3G2UJLXZPfhUVWuVuWwL
F8R7JlVQnZMK+1UudaMzcox+mVjr4O1fmayM+Qx0ucPp+NrfsWPKnqrMUJryNyJH
LOFDuf8M6KZorYWnP6JFTjkYLOKxrBm+tAOS0uzHra/yL45RP52MJSSylwKGYl0F
Wab8s1hP
-----END CERTIFICATE-----