Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ulNfXAbUCn0EIzzAH-fg_QLGm7I.roa
File:                     ulNfXAbUCn0EIzzAH-fg_QLGm7I.roa (raw, json)
Hash identifier:          qj6bZX/kfBz2h0JS13N+LxoFybMNI2V0ojpMRowCNJQ=
Subject key identifier:   BA:53:5F:5C:06:D4:0A:7D:04:23:3C:C0:1F:E7:E0:FD:02:C6:9B:B2
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019C0A58BEA7BB4E4E8C26F0659D3DC8C797
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ulNfXAbUCn0EIzzAH-fg_QLGm7I.roa
Signing time:             Thu 29 Jan 2026 15:21:54 +0000
ROA not before:           Thu 29 Jan 2026 15:21:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        85.133.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0a:58:be:a7:bb:4e:4e:8c:26:f0:65:9d:3d:c8:c7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan 29 15:21:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba535f5c06d40a7d04233cc01fe7e0fd02c69bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:62:3d:4c:28:61:56:d8:4b:37:84:95:d6:b7:
                    9f:d6:c9:a5:b0:85:6c:a0:ec:d9:90:b9:a2:d4:4a:
                    d2:26:f6:30:58:38:be:43:e4:9a:25:41:3a:c2:72:
                    d9:d7:4f:14:c9:8e:0b:fd:d3:80:83:cf:7e:e2:e9:
                    22:a8:f0:a2:b6:0a:a1:93:db:22:17:e7:f5:1e:c0:
                    56:fb:c1:31:f1:0b:75:97:9e:b2:fe:cb:4c:bc:78:
                    cc:0e:b3:7a:00:40:11:8e:36:ae:a0:bf:63:e2:8e:
                    68:79:c0:ee:f1:fe:2e:87:4a:da:5f:ad:1a:4f:1c:
                    73:3f:a6:ae:65:7c:8d:5b:8f:7a:a0:a4:5c:23:fe:
                    fd:29:06:ca:92:ac:4b:01:51:d2:ba:5a:9a:10:58:
                    6d:23:29:73:f5:73:d2:1f:18:02:d2:1a:93:f2:92:
                    b6:b1:ef:db:42:4d:b5:1d:29:a3:44:4e:39:bd:c0:
                    6a:51:e6:b0:74:91:82:16:a5:a8:09:1e:78:dd:15:
                    15:cd:b6:e9:42:f3:ac:3a:fb:71:76:2c:59:f0:ed:
                    e2:19:92:cc:19:13:d6:35:0d:fd:6b:17:60:50:ce:
                    72:2e:11:bc:f8:ee:29:c1:f5:3b:44:27:6a:84:d0:
                    a5:5b:ce:74:23:7c:aa:fd:41:06:40:3d:04:1e:7e:
                    46:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:53:5F:5C:06:D4:0A:7D:04:23:3C:C0:1F:E7:E0:FD:02:C6:9B:B2
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ulNfXAbUCn0EIzzAH-fg_QLGm7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:43:f8:7c:83:de:5e:6c:99:86:7f:e5:95:4f:4c:b6:5d:3d:
         25:a3:63:80:46:c0:d0:24:29:ca:8a:68:dd:24:04:45:a5:b0:
         59:2a:53:95:6f:9c:6b:f8:78:88:00:8e:89:2f:8c:f9:ff:a9:
         5d:cd:c4:c7:ab:63:57:f7:20:ff:53:95:2d:36:08:c7:99:36:
         96:b3:20:1b:69:66:db:10:df:1d:6d:e0:58:8b:60:c2:5a:46:
         22:6f:0e:65:b9:9a:bd:8c:9d:cc:d6:8a:c0:3f:cf:39:c2:9e:
         9b:6f:28:bf:f0:54:19:8b:d6:63:14:12:2f:ba:13:9d:14:db:
         5c:c2:d4:0a:28:05:51:f0:ca:30:43:67:2a:f9:6d:4b:7f:48:
         79:82:8c:da:4d:8a:b0:84:68:7f:29:f5:b1:af:11:73:0d:a0:
         60:fe:c1:26:44:a6:76:ca:d7:8f:b9:8d:81:7e:1b:aa:23:15:
         2d:5e:6b:d3:6e:45:5b:42:35:db:04:18:5f:e8:e5:3f:6e:40:
         c0:79:27:62:3a:1a:4a:1b:be:00:87:59:92:16:70:1e:f4:59:
         84:6f:46:e5:ec:ca:36:e9:29:63:54:94:54:dc:7e:8c:1b:09:
         e6:57:6a:a4:78:e4:0f:13:3c:fd:99:9f:93:d2:53:bd:58:aa:
         99:2f:0f:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwKWL6nu05OjCbwZZ09yMeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMTI5MTUyMTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTUzNWY1YzA2ZDQwYTdkMDQyMzNjYzAxZmU3ZTBmZDAyYzY5YmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8mI9TChhVthLN4SV1ref1smlsIVs
oOzZkLmi1ErSJvYwWDi+Q+SaJUE6wnLZ108UyY4L/dOAg89+4ukiqPCitgqhk9si
F+f1HsBW+8Ex8Qt1l56y/stMvHjMDrN6AEARjjauoL9j4o5oecDu8f4uh0raX60a
TxxzP6auZXyNW496oKRcI/79KQbKkqxLAVHSulqaEFhtIylz9XPSHxgC0hqT8pK2
se/bQk21HSmjRE45vcBqUeawdJGCFqWoCR543RUVzbbpQvOsOvtxdixZ8O3iGZLM
GRPWNQ39axdgUM5yLhG8+O4pwfU7RCdqhNClW850I3yq/UEGQD0EHn5GowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpTX1wG1Ap9BCM8wB/n4P0CxpuyMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdWxOZlhBYlVDbjBFSXp6QUgtZmdfUUxHbTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXCMA0G
CSqGSIb3DQEBCwUAA4IBAQCGQ/h8g95ebJmGf+WVT0y2XT0lo2OARsDQJCnKimjd
JARFpbBZKlOVb5xr+HiIAI6JL4z5/6ldzcTHq2NX9yD/U5UtNgjHmTaWsyAbaWbb
EN8dbeBYi2DCWkYibw5luZq9jJ3M1orAP885wp6bbyi/8FQZi9ZjFBIvuhOdFNtc
wtQKKAVR8MowQ2cq+W1Lf0h5gozaTYqwhGh/KfWxrxFzDaBg/sEmRKZ2ytePuY2B
fhuqIxUtXmvTbkVbQjXbBBhf6OU/bkDAeSdiOhpKG74Ah1mSFnAe9FmEb0bl7Mo2
6SljVJRU3H6MGwnmV2qkeOQPEzz9mZ+T0lO9WKqZLw99
-----END CERTIFICATE-----