Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/2JPFka-DWRK5XsIqTGIT4kRBBiY.roa
File:                     2JPFka-DWRK5XsIqTGIT4kRBBiY.roa (raw, json)
Hash identifier:          OBFANYJYiiGrhtxEtBeG3Q/UspubVP2TcqbHH77GDJ8=
Subject key identifier:   D8:93:C5:91:AF:83:59:12:B9:5E:C2:2A:4C:62:13:E2:44:41:06:26
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       019EC677F865A6E8DC373F02EA3D9C924A25
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/2JPFka-DWRK5XsIqTGIT4kRBBiY.roa
Signing time:             Sun 14 Jun 2026 14:10:11 +0000
ROA not before:           Sun 14 Jun 2026 14:10:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211318
IP address blocks:        81.85.0.0/21 maxlen: 24
                          81.85.8.0/21 maxlen: 21
                          2a13:5942:420::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c6:77:f8:65:a6:e8:dc:37:3f:02:ea:3d:9c:92:4a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Jun 14 14:10:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d893c591af835912b95ec22a4c6213e244410626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c3:26:36:ad:60:ce:07:c7:cd:a7:8a:8b:8f:
                    f6:82:ad:48:a9:ae:5d:c0:39:06:2b:95:00:c9:15:
                    5e:a5:b0:3d:79:2c:95:69:02:2c:b5:59:d9:d1:66:
                    91:b8:c0:05:43:b5:6f:ca:eb:19:62:8f:91:c9:96:
                    bf:f2:cc:5d:8c:03:86:da:d1:66:8c:34:90:79:00:
                    65:bc:53:4a:4a:e6:cc:56:80:aa:2f:f6:27:f9:5f:
                    8e:ea:87:c6:d0:74:3a:cc:e2:56:1c:a8:73:8b:5c:
                    44:c5:09:47:8d:95:d4:df:ba:ea:73:a4:b8:c1:10:
                    ca:25:f7:78:1b:05:b2:8e:2b:e8:de:bc:ec:0e:1b:
                    56:78:88:ed:eb:a0:5a:16:81:04:8b:a3:8d:7c:c1:
                    85:1e:be:bf:5a:3a:97:89:8e:f3:df:9c:4c:52:7a:
                    3d:85:60:53:09:eb:a7:03:c6:83:df:ff:45:2a:ac:
                    9b:d8:d9:8f:30:84:7d:70:5f:cb:ee:1f:09:9c:51:
                    01:f0:76:a1:b0:64:a4:cb:33:ad:97:b5:f0:db:39:
                    9e:e6:b7:d6:ca:43:51:9c:5a:05:92:36:f2:cf:7e:
                    80:68:5f:3b:c6:26:06:eb:42:7f:1c:06:97:0f:df:
                    2f:00:e7:15:c5:41:38:e4:cd:78:02:66:c8:ec:c2:
                    68:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:93:C5:91:AF:83:59:12:B9:5E:C2:2A:4C:62:13:E2:44:41:06:26
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/2JPFka-DWRK5XsIqTGIT4kRBBiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.85.0.0/20
                IPv6:
                  2a13:5942:420::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:f5:aa:92:7e:76:6d:00:98:f5:ab:ce:fe:ed:b5:8a:87:32:
         e2:a4:94:8a:ca:ef:39:9d:27:5e:35:a9:be:ba:50:8f:75:b9:
         c2:2d:3a:cd:66:a6:14:06:8b:69:e8:bf:22:0d:bd:7a:29:1b:
         36:76:3a:9d:6f:59:e5:24:50:79:c8:33:87:69:06:1c:81:cd:
         ff:2f:6c:1f:7b:bc:d0:37:dc:29:3b:b4:4a:6e:4c:58:77:11:
         01:f2:a5:dd:c2:d2:13:e4:61:44:9e:18:68:f9:fa:fe:38:11:
         3e:0c:34:10:36:fa:c2:1a:b6:bd:43:fa:f3:3a:02:a9:e7:c6:
         3c:23:98:5c:ce:b6:85:d1:a0:d0:5a:a2:a7:d8:bc:93:b7:a5:
         c4:3e:3a:25:c0:23:1b:23:2d:68:03:20:b8:28:f1:43:db:ef:
         b8:83:81:cd:d6:11:ca:dc:b3:a6:59:a1:ad:e3:45:a1:6a:6e:
         11:1f:fe:e9:65:05:b2:9e:da:d4:0c:83:61:a1:5a:9b:26:f4:
         a9:14:98:e7:0c:cf:1e:cf:9a:4d:33:10:2e:1e:e9:32:df:6f:
         d7:f1:8e:af:aa:21:37:1d:27:7d:ee:93:09:56:1e:d6:8b:27:
         aa:a9:6f:bc:f3:58:98:f8:4b:ff:c7:ea:86:f7:15:b7:90:66:
         89:f6:78:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7Gd/hlpujcNz8C6j2ckkolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjYwNjE0MTQxMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODkzYzU5MWFmODM1OTEyYjk1ZWMyMmE0YzYyMTNlMjQ0NDEwNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcMmNq1gzgfHzaeKi4/2gq1Iqa5d
wDkGK5UAyRVepbA9eSyVaQIstVnZ0WaRuMAFQ7VvyusZYo+RyZa/8sxdjAOG2tFm
jDSQeQBlvFNKSubMVoCqL/Yn+V+O6ofG0HQ6zOJWHKhzi1xExQlHjZXU37rqc6S4
wRDKJfd4GwWyjivo3rzsDhtWeIjt66BaFoEEi6ONfMGFHr6/WjqXiY7z35xMUno9
hWBTCeunA8aD3/9FKqyb2NmPMIR9cF/L7h8JnFEB8HahsGSkyzOtl7Xw2zme5rfW
ykNRnFoFkjbyz36AaF87xiYG60J/HAaXD98vAOcVxUE45M14AmbI7MJo1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNiTxZGvg1kSuV7CKkxiE+JEQQYmMB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvMkpQRmthLURXUks1WHNJcVRHSVQ0a1JCQmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTktOTkyZDc5N2Y0YmJi
LzEvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEUVUAMA8E
AgACMAkDBwQqE1lCBCAwDQYJKoZIhvcNAQELBQADggEBAH31qpJ+dm0AmPWrzv7t
tYqHMuKklIrK7zmdJ141qb66UI91ucItOs1mphQGi2novyINvXopGzZ2Op1vWeUk
UHnIM4dpBhyBzf8vbB97vNA33Ck7tEpuTFh3EQHypd3C0hPkYUSeGGj5+v44ET4M
NBA2+sIatr1D+vM6AqnnxjwjmFzOtoXRoNBaoqfYvJO3pcQ+OiXAIxsjLWgDILgo
8UPb77iDgc3WEcrcs6ZZoa3jRaFqbhEf/ullBbKe2tQMg2GhWpsm9KkUmOcMzx7P
mk0zEC4e6TLfb9fxjq+qITcdJ33ukwlWHtaLJ6qpb7zzWJj4S//H6ob3FbeQZon2
eHU=
-----END CERTIFICATE-----