Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/84lhNVWjfCNBvr3PCV47ce0nnfU.roa
File:                     84lhNVWjfCNBvr3PCV47ce0nnfU.roa (raw, json)
Hash identifier:          4T3jn28U+vBZ4NxTYxbLOUMX86XF3V96DLzXoQSnwmA=
Subject key identifier:   F3:89:61:35:55:A3:7C:23:41:BE:BD:CF:09:5E:3B:71:ED:27:9D:F5
Certificate issuer:       /CN=85b871d69395610465779323b91b34e69bfcf5b5
Certificate serial:       019B79110FDEAA2E55EDBE9E2A6F1A9D0C4F
Authority key identifier: 85:B8:71:D6:93:95:61:04:65:77:93:23:B9:1B:34:E6:9B:FC:F5:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/84lhNVWjfCNBvr3PCV47ce0nnfU.roa
Signing time:             Thu 01 Jan 2026 10:18:39 +0000
ROA not before:           Thu 01 Jan 2026 10:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206581
IP address blocks:        185.168.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:0f:de:aa:2e:55:ed:be:9e:2a:6f:1a:9d:0c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b871d69395610465779323b91b34e69bfcf5b5
        Validity
            Not Before: Jan  1 10:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f389613555a37c2341bebdcf095e3b71ed279df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:48:c9:33:f2:40:0f:d9:20:99:ac:b5:92:
                    79:c3:12:d3:c7:10:22:2b:80:d9:28:2e:91:74:1f:
                    82:fb:de:f4:8f:d1:53:50:7d:e8:8e:fe:3a:1d:4f:
                    3f:dd:9d:53:0b:0c:81:19:1c:58:c3:49:a2:a7:9b:
                    4d:34:71:f8:25:45:b4:2c:00:a9:1b:8e:81:71:8e:
                    18:2b:40:ae:52:7e:e7:a8:19:69:5d:fd:17:17:02:
                    48:76:23:eb:ef:19:31:41:8b:ce:84:7e:d6:ee:bd:
                    2b:62:ac:b8:95:f7:c4:95:f3:32:48:0a:bb:aa:77:
                    be:ec:6a:9e:38:76:8d:1d:e1:93:93:2c:80:9c:53:
                    9c:5c:d7:9a:b4:d8:27:e1:76:b0:48:ae:a6:48:88:
                    71:a4:05:cd:f8:21:02:80:8d:f2:e4:1d:05:7c:30:
                    76:1e:c0:f4:0b:50:cf:b0:6f:c7:b4:68:8a:4e:79:
                    a0:4e:d7:59:3f:c0:a2:8b:ab:76:a1:2b:4a:d8:de:
                    d0:ba:e2:8c:de:d2:6a:b9:a7:dc:59:55:4b:94:bf:
                    13:86:66:b6:9d:48:0b:f1:c3:76:e4:59:7d:ab:af:
                    5b:64:82:74:5c:a4:a1:61:8b:a2:d7:f5:21:b0:a4:
                    81:1e:1c:80:5b:f6:94:1a:75:e0:c5:46:21:6b:6c:
                    97:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:89:61:35:55:A3:7C:23:41:BE:BD:CF:09:5E:3B:71:ED:27:9D:F5
            X509v3 Authority Key Identifier:
                keyid:85:B8:71:D6:93:95:61:04:65:77:93:23:B9:1B:34:E6:9B:FC:F5:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbhx1pOVYQRld5MjuRs05pv89bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/84lhNVWjfCNBvr3PCV47ce0nnfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6744ac-9a1c-4013-be00-26a0b8def0c3/1/hbhx1pOVYQRld5MjuRs05pv89bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:78:1a:4b:aa:fb:f0:d1:95:e0:e7:4c:c9:8c:9c:c2:f9:be:
         e6:f0:c4:4a:98:12:df:9f:88:4c:f1:17:8c:b4:a0:4c:fb:c5:
         12:79:aa:d9:8b:a1:4f:36:7e:2d:fa:23:4b:e4:43:6d:87:98:
         ec:3e:36:21:f0:4d:a7:9f:76:ae:8e:b9:a4:ed:60:40:ae:a5:
         71:8e:42:fa:dc:d0:37:ce:24:ff:97:52:fc:17:bd:6b:de:0f:
         3c:37:fe:50:cf:b8:22:e5:f4:d5:e5:e7:23:57:dd:fb:7a:2f:
         4a:80:a8:b8:a1:02:28:22:19:57:62:ce:5e:d6:47:04:19:59:
         02:98:43:78:f1:6f:2e:c6:54:26:55:ae:9f:3d:74:b8:b9:f4:
         38:2f:54:59:7c:e3:0f:70:83:f0:04:35:20:db:29:13:99:67:
         a8:5b:d0:ea:d8:b2:7c:cf:35:36:84:5a:73:55:7d:ad:f8:3a:
         70:17:cb:5a:2d:1b:2a:f3:c0:e1:03:51:54:17:e5:02:27:8f:
         20:74:6b:27:e9:f5:40:00:88:22:12:88:13:ff:c7:d6:27:7c:
         71:2c:0e:07:85:9e:5e:d5:f3:49:70:2a:63:f5:b8:dc:52:9b:
         23:d7:07:45:4a:ef:b5:1f:41:6a:34:8d:ff:dd:83:ff:7c:7e:
         78:0a:da:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EQ/eqi5V7b6eKm8anQxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1Yjg3MWQ2OTM5NTYxMDQ2NTc3OTMyM2I5MWIzNGU2OWJm
Y2Y1YjUwHhcNMjYwMTAxMTAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzg5NjEzNTU1YTM3YzIzNDFiZWJkY2YwOTVlM2I3MWVkMjc5ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9dIyTPyQA/ZIJmstZJ5wxLTxxAi
K4DZKC6RdB+C+970j9FTUH3ojv46HU8/3Z1TCwyBGRxYw0mip5tNNHH4JUW0LACp
G46BcY4YK0CuUn7nqBlpXf0XFwJIdiPr7xkxQYvOhH7W7r0rYqy4lffElfMySAq7
qne+7GqeOHaNHeGTkyyAnFOcXNeatNgn4XawSK6mSIhxpAXN+CECgI3y5B0FfDB2
HsD0C1DPsG/HtGiKTnmgTtdZP8Cii6t2oStK2N7QuuKM3tJquafcWVVLlL8Thma2
nUgL8cN25Fl9q69bZIJ0XKShYYui1/UhsKSBHhyAW/aUGnXgxUYha2yXIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOJYTVVo3wjQb69zwleO3HtJ531MB8GA1UdIwQY
MBaAFIW4cdaTlWEEZXeTI7kbNOab/PW1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJoeDFwT1ZZUVJsZDVNanVSczA1cHY4OWJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS82NzQ0YWMtOWExYy00MDEzLWJlMDAt
MjZhMGI4ZGVmMGMzLzEvODRsaE5WV2pmQ05CdnIzUENWNDdjZTBubmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS82NzQ0YWMtOWExYy00MDEzLWJlMDAtMjZhMGI4ZGVmMGMz
LzEvaGJoeDFwT1ZZUVJsZDVNanVSczA1cHY4OWJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuah/MA0G
CSqGSIb3DQEBCwUAA4IBAQB8eBpLqvvw0ZXg50zJjJzC+b7m8MRKmBLfn4hM8ReM
tKBM+8USearZi6FPNn4t+iNL5ENth5jsPjYh8E2nn3aujrmk7WBArqVxjkL63NA3
ziT/l1L8F71r3g88N/5Qz7gi5fTV5ecjV937ei9KgKi4oQIoIhlXYs5e1kcEGVkC
mEN48W8uxlQmVa6fPXS4ufQ4L1RZfOMPcIPwBDUg2ykTmWeoW9Dq2LJ8zzU2hFpz
VX2t+DpwF8taLRsq88DhA1FUF+UCJ48gdGsn6fVAAIgiEogT/8fWJ3xxLA4HhZ5e
1fNJcCpj9bjcUpsj1wdFSu+1H0FqNI3/3YP/fH54Ctq5
-----END CERTIFICATE-----