Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/868i0cEmWAdaQ1srLCAkC6Q7hMo.roa
File:                     868i0cEmWAdaQ1srLCAkC6Q7hMo.roa (raw, json)
Hash identifier:          bgPNU3tWKyMlZeeAEm+kUMGWGR8Zu5gAsJkW3Dggnbc=
Subject key identifier:   F3:AF:22:D1:C1:26:58:07:5A:43:5B:2B:2C:20:24:0B:A4:3B:84:CA
Certificate issuer:       /CN=535825ce8bf544170282f720a2484141568b0e7d
Certificate serial:       019B7F14DCF7E8430AD3E12CF1065D459A4E
Authority key identifier: 53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/868i0cEmWAdaQ1srLCAkC6Q7hMo.roa
Signing time:             Fri 02 Jan 2026 14:20:32 +0000
ROA not before:           Fri 02 Jan 2026 14:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21177
IP address blocks:        80.84.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:dc:f7:e8:43:0a:d3:e1:2c:f1:06:5d:45:9a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535825ce8bf544170282f720a2484141568b0e7d
        Validity
            Not Before: Jan  2 14:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3af22d1c12658075a435b2b2c20240ba43b84ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3f:91:0b:ed:c2:66:74:84:e2:62:11:01:f0:
                    5c:19:22:8c:b3:6a:3c:2f:98:6d:40:f7:11:67:72:
                    46:f2:9d:7c:b9:c9:d7:2e:e0:c2:92:4c:2a:e5:03:
                    91:e6:cc:9e:0c:26:82:0f:fb:92:f4:6d:5b:c3:a6:
                    2f:26:75:2e:af:4c:9c:06:ae:ec:09:09:9a:03:48:
                    41:a6:a9:81:ef:bb:50:4a:10:76:30:a9:2d:4d:bb:
                    ff:08:ec:ae:c2:44:e1:29:ce:14:5c:39:82:9e:62:
                    4e:6c:96:c9:6c:18:23:b7:23:d4:07:ae:b6:c8:b6:
                    21:8e:23:65:84:7a:5a:23:db:ea:e6:ed:74:59:c5:
                    52:e1:c0:97:f9:99:19:68:3c:ba:8c:2d:7d:9d:e5:
                    e2:0c:37:a2:ea:2d:cf:91:9b:3b:91:83:02:25:3a:
                    ad:16:80:03:ee:da:8d:45:45:ea:33:bc:e2:46:73:
                    aa:f1:64:22:3c:ca:20:12:6a:3f:ae:9b:ad:27:c8:
                    91:ea:aa:49:a7:33:03:52:65:0f:67:bd:40:8b:78:
                    7a:71:a0:3c:11:c8:12:d5:0c:ec:59:63:1e:7c:c6:
                    01:de:01:97:5c:f1:54:a2:e4:19:3c:61:9b:c7:93:
                    57:2e:f2:17:ad:89:21:23:a6:f8:07:1c:ed:dd:09:
                    9f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AF:22:D1:C1:26:58:07:5A:43:5B:2B:2C:20:24:0B:A4:3B:84:CA
            X509v3 Authority Key Identifier:
                keyid:53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/868i0cEmWAdaQ1srLCAkC6Q7hMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:35:cf:cb:a1:d7:6d:30:a6:57:ad:93:fe:82:ee:5e:9b:34:
         35:54:68:ac:22:ee:e8:6e:f0:c9:37:9f:1d:e3:c4:f3:bf:97:
         9d:6b:94:d5:a5:cc:1a:d0:ae:c7:c9:22:89:cd:bc:de:8f:d4:
         8a:95:c0:e7:b6:fb:79:40:f4:59:0a:19:3f:df:21:20:7e:5e:
         ef:9a:78:63:d3:e9:f9:31:0b:5c:56:f9:3a:05:4e:4d:40:01:
         c2:f2:b7:d6:e2:e9:c3:1b:56:7f:ae:88:07:cf:d1:4f:43:d5:
         86:cb:8f:5e:22:50:83:69:eb:62:3d:fe:36:7d:66:ad:08:28:
         37:aa:8c:8e:ff:26:4f:96:24:41:93:40:27:6e:25:4b:08:4f:
         18:de:97:d7:85:f8:7b:7c:23:8c:55:b5:b4:d8:bf:0e:18:01:
         d8:16:63:5c:3b:ef:d0:53:42:d8:54:72:f6:0c:f8:fd:f6:8d:
         7e:21:e6:95:30:f0:fb:fb:35:a8:ae:e5:78:e8:37:59:40:36:
         22:30:2d:6f:6b:1c:24:59:d1:ec:2d:7f:2f:f9:2c:32:27:7b:
         e1:8a:3f:81:ba:53:42:79:71:7b:78:e9:05:db:63:21:23:fd:
         03:b2:86:e2:d3:b2:cf:1e:c4:36:95:ac:c8:25:90:2e:ee:cf:
         cc:6d:b8:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FNz36EMK0+Es8QZdRZpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTgyNWNlOGJmNTQ0MTcwMjgyZjcyMGEyNDg0MTQxNTY4
YjBlN2QwHhcNMjYwMTAyMTQyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2FmMjJkMWMxMjY1ODA3NWE0MzViMmIyYzIwMjQwYmE0M2I4NGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT+RC+3CZnSE4mIRAfBcGSKMs2o8
L5htQPcRZ3JG8p18ucnXLuDCkkwq5QOR5syeDCaCD/uS9G1bw6YvJnUur0ycBq7s
CQmaA0hBpqmB77tQShB2MKktTbv/COyuwkThKc4UXDmCnmJObJbJbBgjtyPUB662
yLYhjiNlhHpaI9vq5u10WcVS4cCX+ZkZaDy6jC19neXiDDei6i3PkZs7kYMCJTqt
FoAD7tqNRUXqM7ziRnOq8WQiPMogEmo/rputJ8iR6qpJpzMDUmUPZ71Ai3h6caA8
EcgS1QzsWWMefMYB3gGXXPFUouQZPGGbx5NXLvIXrYkhI6b4Bxzt3QmfYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOvItHBJlgHWkNbKywgJAukO4TKMB8GA1UdIwQY
MBaAFFNYJc6L9UQXAoL3IKJIQUFWiw59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUt
NTE0NmFiN2VhMDE1LzEvODY4aTBjRW1XQWRhUTFzckxDQWtDNlE3aE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUtNTE0NmFiN2VhMDE1
LzEvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUFRQMA0G
CSqGSIb3DQEBCwUAA4IBAQAwNc/LoddtMKZXrZP+gu5emzQ1VGisIu7obvDJN58d
48Tzv5eda5TVpcwa0K7HySKJzbzej9SKlcDntvt5QPRZChk/3yEgfl7vmnhj0+n5
MQtcVvk6BU5NQAHC8rfW4unDG1Z/rogHz9FPQ9WGy49eIlCDaetiPf42fWatCCg3
qoyO/yZPliRBk0AnbiVLCE8Y3pfXhfh7fCOMVbW02L8OGAHYFmNcO+/QU0LYVHL2
DPj99o1+IeaVMPD7+zWoruV46DdZQDYiMC1vaxwkWdHsLX8v+SwyJ3vhij+BulNC
eXF7eOkF22MhI/0Dsobi07LPHsQ2lazIJZAu7s/MbbhR
-----END CERTIFICATE-----