Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/cTl1BoIjoBM0xgKkijgr095D4yM.roa
File:                     cTl1BoIjoBM0xgKkijgr095D4yM.roa (raw, json)
Hash identifier:          DZztADygEBvCauPefXUXIG2C159CdAX09TCUW+E8dVs=
Subject key identifier:   71:39:75:06:82:23:A0:13:34:C6:02:A4:8A:38:2B:D3:DE:43:E3:23
Certificate issuer:       /CN=65cd7803f41fe499e800664e0aacadee19b66d9d
Certificate serial:       019B7DC9A452C8BE24591EF993F9B219834A
Authority key identifier: 65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/cTl1BoIjoBM0xgKkijgr095D4yM.roa
Signing time:             Fri 02 Jan 2026 08:18:45 +0000
ROA not before:           Fri 02 Jan 2026 08:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34622
IP address blocks:        85.197.128.0/18 maxlen: 18
                          2a05:e840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:a4:52:c8:be:24:59:1e:f9:93:f9:b2:19:83:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65cd7803f41fe499e800664e0aacadee19b66d9d
        Validity
            Not Before: Jan  2 08:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=713975068223a01334c602a48a382bd3de43e323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:13:34:18:09:eb:95:46:3b:4b:0d:63:28:10:
                    2b:4b:08:6f:50:13:a5:62:48:8b:8b:1d:a1:ff:52:
                    ac:e7:7e:68:c4:e1:a6:b7:d7:7c:5a:b4:fd:58:f5:
                    cf:d0:e0:f0:00:98:11:5e:cb:26:2d:0d:5c:1f:12:
                    e0:69:e6:05:bc:b3:76:d7:8b:35:9e:5d:da:d6:5d:
                    6b:1b:ac:ee:73:fd:17:83:66:17:00:c4:60:9b:86:
                    a7:28:c2:8c:94:e4:41:7c:eb:5c:25:f7:be:21:e2:
                    44:b5:c9:0c:75:10:69:c3:9c:04:0a:1e:37:86:3f:
                    2f:77:6a:5e:1c:55:b6:ef:1b:4b:17:d9:d8:bf:ee:
                    cf:20:ee:7c:84:43:c1:3e:d1:1a:03:66:2f:76:23:
                    66:e3:57:cb:09:77:a2:65:c2:df:35:ea:77:93:82:
                    e5:4f:5f:3b:e4:62:fb:d9:56:80:6a:28:7b:3c:06:
                    36:6e:e2:c1:ef:bd:10:d5:19:cc:0b:c2:c3:49:eb:
                    5f:65:2b:af:0d:62:13:eb:0b:95:f5:4c:3f:8b:35:
                    89:a2:32:98:39:60:70:b9:ba:a1:5f:ee:fb:7a:20:
                    d0:28:2e:45:04:b7:2b:4f:79:92:88:b2:ad:44:95:
                    10:16:bc:a2:67:4c:ee:da:5e:7b:65:c8:04:73:ab:
                    d5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:39:75:06:82:23:A0:13:34:C6:02:A4:8A:38:2B:D3:DE:43:E3:23
            X509v3 Authority Key Identifier:
                keyid:65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/cTl1BoIjoBM0xgKkijgr095D4yM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.197.128.0/18
                IPv6:
                  2a05:e840::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:9f:ac:f4:ed:f3:a1:b3:4b:8c:09:4d:03:ce:83:cd:9c:67:
         7e:36:75:08:7a:b0:41:01:45:b5:9f:dc:66:07:a0:d2:ee:f9:
         cf:25:62:0c:a9:d4:3d:0c:dc:04:6b:46:9f:03:d8:5a:fc:e6:
         cf:23:a0:89:23:d6:3a:62:ae:2d:3c:0f:7d:6b:1f:12:ae:bf:
         32:b6:d3:e2:0b:08:73:26:77:22:4a:5c:1f:ab:71:e6:9c:27:
         58:0e:a9:de:53:16:59:70:2d:34:45:5c:23:b5:c7:e5:9e:85:
         41:00:d0:d3:3d:35:6f:9c:c9:26:6e:18:9c:e8:aa:88:ce:56:
         be:f7:81:41:22:4a:e8:e9:bd:76:df:0a:ca:23:28:17:f9:86:
         a3:55:4b:90:eb:b5:96:62:4e:8c:7a:66:f3:d2:4d:21:53:b3:
         f1:70:f4:5f:74:90:07:75:c9:7a:fd:d8:f5:88:e3:da:94:6a:
         f6:df:e5:d2:e4:39:47:96:15:3a:e5:dd:fc:75:ca:a7:24:45:
         fa:25:3a:03:86:a5:10:38:9a:82:bf:8c:77:36:dd:3b:b0:86:
         93:a5:dc:21:df:a1:3e:f0:37:5e:a7:cb:88:6b:dc:62:54:8d:
         bd:0d:a7:e5:35:c8:97:16:3c:a1:59:03:ad:82:c3:bf:0e:da:
         41:6f:e5:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9yaRSyL4kWR75k/myGYNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1Y2Q3ODAzZjQxZmU0OTllODAwNjY0ZTBhYWNhZGVlMTli
NjZkOWQwHhcNMjYwMTAyMDgxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTM5NzUwNjgyMjNhMDEzMzRjNjAyYTQ4YTM4MmJkM2RlNDNlMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hM0GAnrlUY7Sw1jKBArSwhvUBOl
YkiLix2h/1Ks535oxOGmt9d8WrT9WPXP0ODwAJgRXssmLQ1cHxLgaeYFvLN214s1
nl3a1l1rG6zuc/0Xg2YXAMRgm4anKMKMlORBfOtcJfe+IeJEtckMdRBpw5wECh43
hj8vd2peHFW27xtLF9nYv+7PIO58hEPBPtEaA2YvdiNm41fLCXeiZcLfNep3k4Ll
T1875GL72VaAaih7PAY2buLB770Q1RnMC8LDSetfZSuvDWIT6wuV9Uw/izWJojKY
OWBwubqhX+77eiDQKC5FBLcrT3mSiLKtRJUQFryiZ0zu2l57ZcgEc6vVmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHE5dQaCI6ATNMYCpIo4K9PeQ+MjMB8GA1UdIwQY
MBaAFGXNeAP0H+SZ6ABmTgqsre4Ztm2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEt
Zjk2YmZiMDRlNjQ1LzEvY1RsMUJvSWpvQk0weGdLa2lqZ3IwOTVENHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEtZjk2YmZiMDRlNjQ1
LzEvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGVcWAMA0E
AgACMAcDBQMqBehAMA0GCSqGSIb3DQEBCwUAA4IBAQABn6z07fOhs0uMCU0DzoPN
nGd+NnUIerBBAUW1n9xmB6DS7vnPJWIMqdQ9DNwEa0afA9ha/ObPI6CJI9Y6Yq4t
PA99ax8Srr8yttPiCwhzJnciSlwfq3HmnCdYDqneUxZZcC00RVwjtcflnoVBANDT
PTVvnMkmbhic6KqIzla+94FBIkro6b123wrKIygX+YajVUuQ67WWYk6Membz0k0h
U7PxcPRfdJAHdcl6/dj1iOPalGr23+XS5DlHlhU65d38dcqnJEX6JToDhqUQOJqC
v4x3Nt07sIaTpdwh36E+8Ddep8uIa9xiVI29DaflNciXFjyhWQOtgsO/DtpBb+U9
-----END CERTIFICATE-----