Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CtzVGaD_Ap75E7MsmVVCDrsV-Dg.roa
File:                     CtzVGaD_Ap75E7MsmVVCDrsV-Dg.roa (raw, json)
Hash identifier:          YQlTcJCJ9b4dFb9smVrnm5F6ccw/gp2z9mmjGOaRPMo=
Subject key identifier:   0A:DC:D5:19:A0:FF:02:9E:F9:13:B3:2C:99:55:42:0E:BB:15:F8:38
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D42CB14F252B4F7E5E09DBFD2C281DD15
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CtzVGaD_Ap75E7MsmVVCDrsV-Dg.roa
Signing time:             Tue 31 Mar 2026 07:28:18 +0000
ROA not before:           Tue 31 Mar 2026 07:28:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        87.121.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Apr 2026 13:27:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:cb:14:f2:52:b4:f7:e5:e0:9d:bf:d2:c2:81:dd:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 31 07:28:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0adcd519a0ff029ef913b32c9955420ebb15f838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d5:2b:2d:72:b8:2a:c6:31:72:b6:ce:22:eb:
                    b2:e7:da:56:bb:2b:29:ab:7d:0b:ad:e4:18:18:2a:
                    08:b5:5a:8c:18:fb:76:be:ce:e9:4c:7f:e1:fd:e8:
                    51:a5:c0:6f:ad:d4:0d:3d:cd:a2:53:98:af:09:8f:
                    1d:b7:75:e8:1d:98:db:f5:1f:03:5f:8f:b3:28:d4:
                    ea:fd:b2:79:85:2f:44:7f:a8:7d:af:df:7b:dd:93:
                    bb:48:e8:37:6b:4f:79:aa:75:5e:8a:5e:66:ac:76:
                    99:11:dd:48:6d:76:80:d2:34:37:02:06:df:c7:14:
                    4a:02:fa:b9:e5:27:1f:0b:91:44:b1:6a:70:da:cf:
                    c1:f4:86:59:93:73:ef:f6:c0:ce:64:0a:18:8b:0d:
                    2b:94:0a:94:c9:37:a5:83:6a:da:3c:cf:70:4a:c4:
                    4c:f3:1f:95:6b:bc:58:fe:2e:29:65:2d:54:9d:ad:
                    ce:19:c8:42:1b:fb:e5:5a:8b:1a:c8:93:1c:f5:92:
                    d0:11:82:cb:10:e3:75:dd:f8:ab:02:2f:c5:77:c0:
                    d9:92:45:f0:8f:08:2c:cf:d3:47:3d:08:55:c7:1b:
                    37:f9:5f:19:f0:57:dc:6b:be:fa:ed:ad:6c:16:9d:
                    20:1e:b7:cd:4e:7a:1d:3b:e3:b6:c7:dd:40:20:28:
                    59:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DC:D5:19:A0:FF:02:9E:F9:13:B3:2C:99:55:42:0E:BB:15:F8:38
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CtzVGaD_Ap75E7MsmVVCDrsV-Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:fd:cb:55:7c:26:8e:b8:19:a7:23:c2:82:59:16:54:11:21:
         14:b7:ee:53:ee:8a:e7:87:1e:1a:23:58:dd:73:c8:68:37:20:
         7e:8a:42:25:ea:23:9e:3c:b8:ec:03:1d:63:d7:4f:74:a1:58:
         56:df:a4:04:e0:49:5b:a5:f2:7f:4c:0c:82:76:f3:45:66:d9:
         14:c4:81:67:c7:d5:a5:fe:c2:b3:92:9c:b6:8c:b9:15:9d:44:
         09:30:88:aa:21:ee:9c:ec:be:00:b6:37:f1:fc:74:47:ac:50:
         ad:8c:85:d6:25:1d:9c:de:be:b1:68:77:86:16:fd:e2:3a:cc:
         d1:f4:6e:b0:41:e8:e7:0b:c7:9e:3a:e0:f7:a9:21:06:10:96:
         8f:b8:d1:4e:3c:4c:74:dd:3c:4f:f2:be:e1:ab:aa:2a:49:b4:
         ce:d5:45:42:7a:38:05:3e:88:1c:00:1d:b9:ba:69:f8:25:4f:
         67:7e:d9:1f:ff:0b:a3:24:02:7c:ae:29:fe:1b:73:82:67:d8:
         ca:3d:78:51:6c:34:88:79:af:02:89:5a:39:5c:c2:a7:69:c4:
         8b:d8:14:4a:3f:29:dd:aa:85:fa:3e:8c:9e:75:9d:5f:e3:b8:
         2e:43:68:44:40:d6:1f:d8:11:07:4e:ef:7c:50:d4:7c:30:99:
         df:cf:de:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1CyxTyUrT35eCdv9LCgd0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzMxMDcyODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRjZDUxOWEwZmYwMjllZjkxM2IzMmM5OTU1NDIwZWJiMTVmODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29UrLXK4KsYxcrbOIuuy59pWuysp
q30LreQYGCoItVqMGPt2vs7pTH/h/ehRpcBvrdQNPc2iU5ivCY8dt3XoHZjb9R8D
X4+zKNTq/bJ5hS9Ef6h9r9973ZO7SOg3a095qnVeil5mrHaZEd1IbXaA0jQ3Agbf
xxRKAvq55ScfC5FEsWpw2s/B9IZZk3Pv9sDOZAoYiw0rlAqUyTelg2raPM9wSsRM
8x+Va7xY/i4pZS1Una3OGchCG/vlWosayJMc9ZLQEYLLEON13firAi/Fd8DZkkXw
jwgsz9NHPQhVxxs3+V8Z8Ffca7767a1sFp0gHrfNTnodO+O2x91AIChZ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArc1Rmg/wKe+ROzLJlVQg67Ffg4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ3R6VkdhRF9BcDc1RTdNc21WVkNEcnNWLURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3mlMA0G
CSqGSIb3DQEBCwUAA4IBAQCN/ctVfCaOuBmnI8KCWRZUESEUt+5T7ornhx4aI1jd
c8hoNyB+ikIl6iOePLjsAx1j1090oVhW36QE4ElbpfJ/TAyCdvNFZtkUxIFnx9Wl
/sKzkpy2jLkVnUQJMIiqIe6c7L4Atjfx/HRHrFCtjIXWJR2c3r6xaHeGFv3iOszR
9G6wQejnC8eeOuD3qSEGEJaPuNFOPEx03TxP8r7hq6oqSbTO1UVCejgFPogcAB25
umn4JU9nftkf/wujJAJ8rin+G3OCZ9jKPXhRbDSIea8CiVo5XMKnacSL2BRKPynd
qoX6PoyedZ1f47guQ2hEQNYf2BEHTu98UNR8MJnfz97F
-----END CERTIFICATE-----