Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/vELnjGZG0HPMMI6eyVMJCb07tlM.roa
File:                     vELnjGZG0HPMMI6eyVMJCb07tlM.roa (raw, json)
Hash identifier:          hBZn4JkNx5C+fP4A7VfhJIdgWEeaLDhsZs+aBB3PMpI=
Subject key identifier:   BC:42:E7:8C:66:46:D0:73:CC:30:8E:9E:C9:53:09:09:BD:3B:B6:53
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019E08DEC13F54BA44FFCDBDC99805999431
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/vELnjGZG0HPMMI6eyVMJCb07tlM.roa
Signing time:             Fri 08 May 2026 18:34:36 +0000
ROA not before:           Fri 08 May 2026 18:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        85.232.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:de:c1:3f:54:ba:44:ff:cd:bd:c9:98:05:99:94:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: May  8 18:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc42e78c6646d073cc308e9ec9530909bd3bb653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:35:be:a7:de:bb:54:81:4d:5a:8f:c9:ad:1b:
                    79:4e:68:74:03:cf:42:b8:82:78:9d:9f:21:91:17:
                    54:b5:1c:d0:cd:4d:c3:a2:43:33:8c:29:4a:8a:4a:
                    12:75:f5:e4:47:00:98:99:79:95:bc:fc:15:82:cc:
                    ed:0e:a1:a6:42:60:dd:a3:6c:75:46:11:7d:15:ef:
                    d4:83:d6:85:6b:e2:ff:0e:10:aa:74:95:9d:96:6c:
                    eb:6f:e5:5a:55:48:c3:24:00:40:92:8a:31:32:87:
                    85:e4:43:4d:62:ea:b9:fa:ec:71:c4:da:21:3f:fe:
                    1f:1e:37:4b:e8:9b:f2:81:f8:ec:b3:4e:f8:fa:2b:
                    62:29:40:a1:1d:09:d1:ca:c5:ff:81:fc:ec:95:a5:
                    39:f7:81:79:e8:9d:8c:b0:18:78:da:61:3a:74:72:
                    64:7e:52:5d:41:42:9f:d8:e0:20:e4:2f:87:40:93:
                    45:64:a2:15:20:83:c4:d4:f6:48:9c:cd:63:0c:69:
                    42:b1:c2:dd:94:eb:ea:bb:6f:74:e5:7f:ec:8a:d8:
                    56:ee:06:54:e2:9e:e6:7d:18:ff:a3:16:ed:b4:df:
                    c0:19:66:60:ff:33:8b:bb:fd:5b:35:9a:86:26:dc:
                    7d:50:ff:ab:ee:d6:9d:10:5c:2f:bf:bc:7e:ae:6b:
                    16:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:42:E7:8C:66:46:D0:73:CC:30:8E:9E:C9:53:09:09:BD:3B:B6:53
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/vELnjGZG0HPMMI6eyVMJCb07tlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:65:88:39:74:80:78:20:5b:52:b1:32:6a:a9:ee:2d:3a:43:
         c4:8c:2d:3a:b6:c5:7f:c1:41:e8:3c:6d:ec:b9:04:25:dc:82:
         30:08:e9:7c:5b:69:f0:25:a7:98:32:fd:f4:29:b2:d5:a5:04:
         b0:cb:73:19:7f:9a:24:20:31:f6:d8:45:f0:b0:40:55:5c:29:
         05:d4:7a:3e:d0:3c:8c:ae:99:9b:b8:13:d1:1e:52:ac:8d:a9:
         4d:2f:da:04:df:78:27:0c:56:21:1d:fd:df:06:bd:ce:77:52:
         26:74:a5:ca:65:db:37:d7:2a:9c:f4:24:2a:b8:73:24:49:79:
         85:8e:25:a8:af:af:9a:43:77:03:13:53:e0:28:dc:c0:06:b0:
         6d:53:b4:f7:61:96:1d:d0:08:d8:60:d7:1c:97:8b:81:b7:59:
         03:2a:8c:04:5b:bf:51:56:57:0a:00:cd:33:57:49:58:82:0d:
         ea:55:be:aa:33:35:95:74:ee:ec:0e:6a:8b:14:35:04:9b:82:
         d1:c6:47:f6:04:a1:a6:e7:f0:d6:40:c8:6d:3d:64:17:d2:90:
         47:ff:7d:d3:65:a9:79:22:32:bd:cb:d3:b8:47:84:76:7e:82:
         84:69:16:10:6e:25:75:23:2f:6c:f1:c7:15:d0:fb:8c:cd:af:
         63:93:db:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4I3sE/VLpE/829yZgFmZQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNTA4MTgzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzQyZTc4YzY2NDZkMDczY2MzMDhlOWVjOTUzMDkwOWJkM2JiNjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TW+p967VIFNWo/JrRt5Tmh0A89C
uIJ4nZ8hkRdUtRzQzU3DokMzjClKikoSdfXkRwCYmXmVvPwVgsztDqGmQmDdo2x1
RhF9Fe/Ug9aFa+L/DhCqdJWdlmzrb+VaVUjDJABAkooxMoeF5ENNYuq5+uxxxNoh
P/4fHjdL6Jvygfjss074+itiKUChHQnRysX/gfzslaU594F56J2MsBh42mE6dHJk
flJdQUKf2OAg5C+HQJNFZKIVIIPE1PZInM1jDGlCscLdlOvqu2905X/sithW7gZU
4p7mfRj/oxbttN/AGWZg/zOLu/1bNZqGJtx9UP+r7tadEFwvv7x+rmsW3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxC54xmRtBzzDCOnslTCQm9O7ZTMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvdkVMbmpHWkcwSFBNTUk2ZXlWTUpDYjA3dGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei7MA0G
CSqGSIb3DQEBCwUAA4IBAQArZYg5dIB4IFtSsTJqqe4tOkPEjC06tsV/wUHoPG3s
uQQl3IIwCOl8W2nwJaeYMv30KbLVpQSwy3MZf5okIDH22EXwsEBVXCkF1Ho+0DyM
rpmbuBPRHlKsjalNL9oE33gnDFYhHf3fBr3Od1ImdKXKZds31yqc9CQquHMkSXmF
jiWor6+aQ3cDE1PgKNzABrBtU7T3YZYd0AjYYNccl4uBt1kDKowEW79RVlcKAM0z
V0lYgg3qVb6qMzWVdO7sDmqLFDUEm4LRxkf2BKGm5/DWQMhtPWQX0pBH/33TZal5
IjK9y9O4R4R2foKEaRYQbiV1Iy9s8ccV0PuMza9jk9tY
-----END CERTIFICATE-----