Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M2_Eyl56dYWORD0kcYnv1r52oJ4.roa
File:                     M2_Eyl56dYWORD0kcYnv1r52oJ4.roa (raw, json)
Hash identifier:          sm0TgaCculcU5GlEmhKkrpTp1eQ1ny+Hg9RHp06cGCE=
Subject key identifier:   33:6F:C4:CA:5E:7A:75:85:8E:44:3D:24:71:89:EF:D6:BE:76:A0:9E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019C607088827EBCC860B06C72D3E6E6D7EF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M2_Eyl56dYWORD0kcYnv1r52oJ4.roa
Signing time:             Sun 15 Feb 2026 08:35:13 +0000
ROA not before:           Sun 15 Feb 2026 08:35:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197537
IP address blocks:        84.245.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:60:70:88:82:7e:bc:c8:60:b0:6c:72:d3:e6:e6:d7:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 15 08:35:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=336fc4ca5e7a75858e443d247189efd6be76a09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a5:68:0d:ad:7a:20:8e:a2:ff:ee:20:c7:ae:
                    7d:3f:c0:e4:8a:4e:83:6e:c7:7c:a3:e4:d3:54:dc:
                    de:7b:fc:f9:55:b0:2f:e6:ff:81:0d:cd:b5:15:76:
                    6b:65:89:fc:dd:2a:2c:48:a8:63:9c:f7:91:07:ca:
                    d5:1a:e6:64:5a:1d:e7:52:01:b3:f8:ef:d4:35:47:
                    02:ed:d4:df:7c:e5:e8:3c:0b:48:ef:f6:d5:53:61:
                    f7:1a:b3:6c:c6:71:3c:25:ad:23:f4:ae:25:72:44:
                    e5:08:dd:f9:6a:f3:15:cb:71:2c:b9:14:a3:3d:75:
                    7c:cf:62:2f:58:0c:58:78:15:e0:60:00:45:6c:e5:
                    1f:69:8e:ed:a1:e2:26:a2:60:1c:85:e1:8b:dd:c5:
                    6a:1c:55:ec:6f:c1:9c:f9:83:07:6a:e7:20:6a:56:
                    77:37:54:b3:68:89:10:71:62:b8:14:cb:1c:cb:86:
                    f7:f8:56:6d:5d:43:be:6a:9e:4e:bb:e6:07:d0:71:
                    e9:94:53:06:6b:0c:2e:94:fa:f6:b6:ed:de:49:19:
                    ba:71:1d:41:d4:34:a2:f0:c3:0b:36:2c:43:4f:ac:
                    d3:26:0f:2d:b8:2b:9c:e6:87:b1:92:c8:21:22:84:
                    4d:1b:69:7b:24:72:da:ef:f2:b1:cd:19:a8:58:d1:
                    ff:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6F:C4:CA:5E:7A:75:85:8E:44:3D:24:71:89:EF:D6:BE:76:A0:9E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M2_Eyl56dYWORD0kcYnv1r52oJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.245.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3b:68:48:ba:d7:6a:7c:59:de:a8:09:cd:0e:35:86:3b:68:
         a5:b2:ce:57:98:18:21:c8:10:22:64:ae:c7:d8:16:03:21:b8:
         8c:7c:50:2f:a5:90:a9:00:b2:9d:46:ba:95:c6:1b:d4:09:e3:
         e6:b9:a9:e8:4a:ed:89:31:8e:6c:92:a5:4f:74:5e:aa:6b:bb:
         0f:e7:ba:61:be:76:a3:bd:02:19:64:fb:c7:ae:0d:a8:5d:a7:
         f3:9d:d9:f6:62:e4:d4:0c:68:5a:9d:4c:a7:b9:4d:ef:62:78:
         c9:2a:aa:57:d3:05:58:49:35:98:44:44:ae:db:91:8f:ac:4f:
         f5:82:6f:6d:96:c2:cf:fa:f8:39:f6:16:4a:f0:a2:1f:48:c8:
         37:6a:c5:ce:9d:94:45:6a:5f:f6:5e:a1:20:39:fa:1d:2b:eb:
         59:19:92:0d:65:83:53:81:6d:69:98:38:a6:b3:57:4c:78:32:
         37:d6:fa:d6:26:0a:16:b3:e1:c0:65:83:3a:cd:40:aa:9f:8a:
         ce:f9:77:54:1e:ea:26:a0:64:5d:fe:2d:18:d5:79:a5:ce:6a:
         45:a0:96:6d:60:fa:13:e2:07:0c:70:53:43:44:98:af:f2:f2:
         fa:45:ff:22:ec:2d:06:15:26:06:2f:a8:ee:33:f3:9b:60:9c:
         85:a0:d1:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxgcIiCfrzIYLBsctPm5tfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjE1MDgzNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZmYzRjYTVlN2E3NTg1OGU0NDNkMjQ3MTg5ZWZkNmJlNzZhMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqVoDa16II6i/+4gx659P8Dkik6D
bsd8o+TTVNzee/z5VbAv5v+BDc21FXZrZYn83SosSKhjnPeRB8rVGuZkWh3nUgGz
+O/UNUcC7dTffOXoPAtI7/bVU2H3GrNsxnE8Ja0j9K4lckTlCN35avMVy3EsuRSj
PXV8z2IvWAxYeBXgYABFbOUfaY7toeImomAcheGL3cVqHFXsb8Gc+YMHaucgalZ3
N1SzaIkQcWK4FMscy4b3+FZtXUO+ap5Ou+YH0HHplFMGawwulPr2tu3eSRm6cR1B
1DSi8MMLNixDT6zTJg8tuCuc5oexksghIoRNG2l7JHLa7/KxzRmoWNH/KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNvxMpeenWFjkQ9JHGJ79a+dqCeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTTJfRXlsNTZkWVdPUkQwa2NZbnYxcjUyb0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPUcMA0G
CSqGSIb3DQEBCwUAA4IBAQB0O2hIutdqfFneqAnNDjWGO2ilss5XmBghyBAiZK7H
2BYDIbiMfFAvpZCpALKdRrqVxhvUCePmuanoSu2JMY5skqVPdF6qa7sP57phvnaj
vQIZZPvHrg2oXafzndn2YuTUDGhanUynuU3vYnjJKqpX0wVYSTWYRESu25GPrE/1
gm9tlsLP+vg59hZK8KIfSMg3asXOnZRFal/2XqEgOfodK+tZGZINZYNTgW1pmDim
s1dMeDI31vrWJgoWs+HAZYM6zUCqn4rO+XdUHuomoGRd/i0Y1XmlzmpFoJZtYPoT
4gcMcFNDRJiv8vL6Rf8i7C0GFSYGL6juM/ObYJyFoNE2
-----END CERTIFICATE-----