Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/1TVNFB2oqiU4XNjEv0BT-Pb2M0M.roa
File:                     1TVNFB2oqiU4XNjEv0BT-Pb2M0M.roa (raw, json)
Hash identifier:          3vvI5UYlWItjTSfQrco2BtzXvJBHGkk/x8CyOBqqD8U=
Subject key identifier:   D5:35:4D:14:1D:A8:AA:25:38:5C:D8:C4:BF:40:53:F8:F6:F6:33:43
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       019D598CAA6F51933CDAFECE6F4D722352AC
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/1TVNFB2oqiU4XNjEv0BT-Pb2M0M.roa
Signing time:             Sat 04 Apr 2026 17:31:24 +0000
ROA not before:           Sat 04 Apr 2026 17:31:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133210
IP address blocks:        194.15.115.0/24 maxlen: 24
                          194.26.18.0/24 maxlen: 24
                          2a0d:5140::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:59:8c:aa:6f:51:93:3c:da:fe:ce:6f:4d:72:23:52:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Apr  4 17:31:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5354d141da8aa25385cd8c4bf4053f8f6f63343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ac:b1:e9:2a:84:b8:78:b5:bb:42:f4:c1:95:
                    00:3d:71:80:70:7e:4b:c8:8f:1c:bd:bd:d5:1f:bb:
                    26:6d:80:8b:b4:70:c0:5f:b5:9b:b7:ed:62:ab:cb:
                    4a:1d:f6:0a:d5:fb:7a:4a:40:82:ab:36:c7:02:6a:
                    cb:29:db:d8:ff:7b:e5:79:8a:2c:9a:a5:d3:6f:fe:
                    d0:c5:9e:aa:fa:21:47:19:40:a7:0b:87:8d:d9:0b:
                    87:d9:0a:08:71:6c:e0:05:dc:fc:1a:ca:4c:fd:b6:
                    65:42:ed:15:22:03:b6:91:5f:e2:43:b1:a8:25:b7:
                    26:ca:48:f7:f9:11:63:bd:6b:95:d2:19:f8:2f:c1:
                    bd:59:32:c9:46:e3:a2:ae:06:35:03:4f:ec:e9:50:
                    13:61:3f:d8:2a:d0:f1:cf:fb:71:f1:2e:85:16:61:
                    a7:5c:0a:9b:20:ec:24:1f:f0:0e:d2:87:ab:78:2d:
                    74:f0:3c:00:bb:39:9e:b0:a3:d9:49:04:1d:df:a5:
                    90:65:2b:2b:35:97:09:1d:65:42:20:0a:9b:e1:85:
                    12:c2:57:98:44:29:d4:8b:e4:25:af:17:49:0d:4e:
                    2b:3d:c5:b6:40:50:49:26:85:20:5e:37:19:a2:68:
                    7e:ef:cb:a0:c8:82:ae:cd:c3:9c:26:27:00:a3:75:
                    4b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:35:4D:14:1D:A8:AA:25:38:5C:D8:C4:BF:40:53:F8:F6:F6:33:43
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/1TVNFB2oqiU4XNjEv0BT-Pb2M0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.115.0/24
                  194.26.18.0/24
                IPv6:
                  2a0d:5140::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:db:b5:4b:af:eb:f3:4d:23:6a:06:cb:2b:e7:d5:ed:90:c1:
         fb:35:3c:be:3d:0c:f0:55:f3:09:4b:63:fe:cc:8e:55:bf:c7:
         46:bf:d8:0e:c0:94:f5:77:f9:f3:0c:f7:be:d6:ce:7e:33:03:
         ec:c2:ad:c4:18:fd:53:cc:d8:c8:ae:7c:6b:4f:06:6b:4c:fb:
         90:a5:16:ea:b8:d0:f5:09:3a:1f:61:66:cc:54:4d:f4:89:8b:
         82:99:ba:02:48:d1:d1:ca:89:54:8e:c0:fd:da:c7:bd:e3:ae:
         89:9f:9c:44:18:9f:d5:9f:bb:4c:ed:a2:d8:46:85:e7:2e:d3:
         f1:df:8e:d6:18:c5:3a:be:26:43:25:c8:77:d2:38:19:90:bb:
         d2:86:f2:f2:74:bd:39:6d:79:7b:4b:35:70:d2:ff:72:6f:eb:
         78:82:ec:95:33:01:ba:71:e9:f5:97:03:08:7c:a7:23:3f:9c:
         df:6d:08:bc:1d:8b:d9:e0:96:2a:04:46:92:ee:aa:7b:e0:55:
         ca:f9:32:8a:bb:fe:74:3a:88:a0:8a:21:93:bc:f3:b9:5a:6a:
         b0:ab:7c:60:41:0e:8f:bf:59:44:22:96:3d:94:d2:21:46:29:
         7d:87:b2:2e:2d:c5:54:ed:86:c8:eb:96:a7:8d:01:e1:88:ed:
         2a:4a:68:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ1ZjKpvUZM82v7Ob01yI1KsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjYwNDA0MTczMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTM1NGQxNDFkYThhYTI1Mzg1Y2Q4YzRiZjQwNTNmOGY2ZjYzMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6yx6SqEuHi1u0L0wZUAPXGAcH5L
yI8cvb3VH7smbYCLtHDAX7Wbt+1iq8tKHfYK1ft6SkCCqzbHAmrLKdvY/3vleYos
mqXTb/7QxZ6q+iFHGUCnC4eN2QuH2QoIcWzgBdz8GspM/bZlQu0VIgO2kV/iQ7Go
Jbcmykj3+RFjvWuV0hn4L8G9WTLJRuOirgY1A0/s6VATYT/YKtDxz/tx8S6FFmGn
XAqbIOwkH/AO0oereC108DwAuzmesKPZSQQd36WQZSsrNZcJHWVCIAqb4YUSwleY
RCnUi+QlrxdJDU4rPcW2QFBJJoUgXjcZomh+78ugyIKuzcOcJicAo3VLQQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNU1TRQdqKolOFzYxL9AU/j29jNDMB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEvMVRWTkZCMm9xaVU0WE5qRXYwQlQtUGIyTTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwg9zAwQA
whoSMA0EAgACMAcDBQAqDVFAMA0GCSqGSIb3DQEBCwUAA4IBAQCc27VLr+vzTSNq
Bssr59XtkMH7NTy+PQzwVfMJS2P+zI5Vv8dGv9gOwJT1d/nzDPe+1s5+MwPswq3E
GP1TzNjIrnxrTwZrTPuQpRbquND1CTofYWbMVE30iYuCmboCSNHRyolUjsD92se9
466Jn5xEGJ/Vn7tM7aLYRoXnLtPx347WGMU6viZDJch30jgZkLvShvLydL05bXl7
SzVw0v9yb+t4guyVMwG6cen1lwMIfKcjP5zfbQi8HYvZ4JYqBEaS7qp74FXK+TKK
u/50OoigiiGTvPO5Wmqwq3xgQQ6Pv1lEIpY9lNIhRil9h7IuLcVU7YbI65anjQHh
iO0qSmhr
-----END CERTIFICATE-----