Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/tueCs65KFYrYDAZt75DCyIoH5_M.roa
File:                     tueCs65KFYrYDAZt75DCyIoH5_M.roa (raw, json)
Hash identifier:          VfVDYtNm0lmYABLfzcwupzuFE3TOuGzFZ9OgjMr/apw=
Subject key identifier:   B6:E7:82:B3:AE:4A:15:8A:D8:0C:06:6D:EF:90:C2:C8:8A:07:E7:F3
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CD3301BB1261105ACD4072B547B41DEF4
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/tueCs65KFYrYDAZt75DCyIoH5_M.roa
Signing time:             Mon 09 Mar 2026 15:21:11 +0000
ROA not before:           Mon 09 Mar 2026 15:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213474
IP address blocks:        85.239.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:30:1b:b1:26:11:05:ac:d4:07:2b:54:7b:41:de:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar  9 15:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6e782b3ae4a158ad80c066def90c2c88a07e7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d6:19:60:07:02:a5:f2:24:97:44:d5:6e:00:
                    60:e8:f2:3c:9a:9e:5e:67:89:20:c0:7c:98:62:7f:
                    1b:47:49:b9:9c:e1:1e:e6:ae:ed:e9:bf:27:0c:02:
                    92:4e:e1:d8:95:a0:59:38:96:05:e5:cf:a5:ec:97:
                    3f:cf:06:b8:a8:e3:0d:49:ec:d9:e9:78:ec:50:f3:
                    97:61:67:c5:1f:25:f1:8d:0a:a3:73:19:1a:3a:16:
                    c1:87:c1:9f:59:01:51:d7:3c:70:4e:f2:ec:3b:c7:
                    f0:d3:af:61:da:73:17:ac:03:bb:44:44:dd:84:2f:
                    bf:35:06:11:32:9b:86:80:1d:4c:b9:ec:3d:4f:a2:
                    7d:d5:df:b2:80:d8:9a:71:c8:bf:99:00:94:61:f9:
                    ab:2d:c9:a8:fb:2f:a1:39:04:78:1a:0f:67:37:b5:
                    73:bd:00:1b:a7:bd:2c:a8:db:5f:0a:9b:01:90:52:
                    b6:8a:86:ea:7e:4b:dc:4a:8b:2e:21:35:eb:8f:47:
                    14:fa:b0:e0:5e:0f:2f:9b:c5:9f:e6:01:4b:8b:95:
                    33:5c:18:2a:88:97:51:2c:1b:bd:57:0e:2c:81:b3:
                    66:8a:f4:ca:3e:1f:b1:e8:cb:15:1c:90:ff:12:73:
                    65:e3:1c:af:e6:2d:70:57:56:48:e4:05:72:19:35:
                    60:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E7:82:B3:AE:4A:15:8A:D8:0C:06:6D:EF:90:C2:C8:8A:07:E7:F3
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/tueCs65KFYrYDAZt75DCyIoH5_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:06:a3:83:b6:bf:1a:3f:14:55:bb:44:71:32:a7:08:b0:3e:
         ef:97:77:93:35:34:48:0b:90:7a:19:a9:6e:43:21:f6:d7:d9:
         88:7a:3a:5f:7d:24:72:b7:f6:b5:2b:fa:6f:a7:8e:45:b7:f2:
         da:f1:48:1a:01:5c:e9:7e:25:35:b2:8e:62:25:cd:c6:e4:a1:
         db:c9:ba:d7:b5:3e:d2:a1:ea:16:b8:2e:2d:bb:50:21:61:08:
         90:46:21:91:50:c8:88:12:56:5d:7d:07:b3:30:7c:d5:3d:e9:
         1f:a0:37:1f:c3:f3:5c:c0:b0:c4:7f:88:38:79:00:bd:af:ef:
         2f:ed:17:88:9f:b1:0b:a5:f9:90:71:d8:ff:9b:6d:ca:d0:32:
         23:31:ea:e3:27:54:14:ef:88:3b:fd:e4:c5:ba:3c:69:cb:a9:
         34:55:c0:3a:00:08:63:52:f1:85:7a:09:04:03:cd:0d:f9:42:
         8e:97:b0:63:b1:5d:58:a7:1e:20:f0:98:19:03:e1:9f:9a:d9:
         75:83:ac:2b:a7:a4:a6:de:92:ab:2d:76:c7:2f:27:69:80:fa:
         83:5c:e6:5c:24:9a:a3:13:7f:68:dd:6a:7b:5f:fb:d5:59:d0:
         b0:d7:39:c3:f4:cd:02:09:b1:56:d4:56:5d:d8:75:0b:d9:74:
         af:7b:13:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTMBuxJhEFrNQHK1R7Qd70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzA5MTUyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmU3ODJiM2FlNGExNThhZDgwYzA2NmRlZjkwYzJjODhhMDdlN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tYZYAcCpfIkl0TVbgBg6PI8mp5e
Z4kgwHyYYn8bR0m5nOEe5q7t6b8nDAKSTuHYlaBZOJYF5c+l7Jc/zwa4qOMNSezZ
6XjsUPOXYWfFHyXxjQqjcxkaOhbBh8GfWQFR1zxwTvLsO8fw069h2nMXrAO7RETd
hC+/NQYRMpuGgB1Muew9T6J91d+ygNiacci/mQCUYfmrLcmo+y+hOQR4Gg9nN7Vz
vQAbp70sqNtfCpsBkFK2iobqfkvcSosuITXrj0cU+rDgXg8vm8Wf5gFLi5UzXBgq
iJdRLBu9Vw4sgbNmivTKPh+x6MsVHJD/EnNl4xyv5i1wV1ZI5AVyGTVgbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbngrOuShWK2AwGbe+QwsiKB+fzMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvdHVlQ3M2NUtGWXJZREFadDc1REN5SW9INV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+TMA0G
CSqGSIb3DQEBCwUAA4IBAQCMBqODtr8aPxRVu0RxMqcIsD7vl3eTNTRIC5B6Galu
QyH219mIejpffSRyt/a1K/pvp45Ft/La8UgaAVzpfiU1so5iJc3G5KHbybrXtT7S
oeoWuC4tu1AhYQiQRiGRUMiIElZdfQezMHzVPekfoDcfw/NcwLDEf4g4eQC9r+8v
7ReIn7ELpfmQcdj/m23K0DIjMerjJ1QU74g7/eTFujxpy6k0VcA6AAhjUvGFegkE
A80N+UKOl7BjsV1Ypx4g8JgZA+Gfmtl1g6wrp6Sm3pKrLXbHLydpgPqDXOZcJJqj
E39o3Wp7X/vVWdCw1znD9M0CCbFW1FZd2HUL2XSvexMs
-----END CERTIFICATE-----