Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PHtf8x7avmLp6M4NOWGU0D_tz-A.roa
File:                     PHtf8x7avmLp6M4NOWGU0D_tz-A.roa (raw, json)
Hash identifier:          8aYRhT0q60yV0/9kcJ0m3Ck6DQACRzc2rpfZkG1Sc/U=
Subject key identifier:   3C:7B:5F:F3:1E:DA:BE:62:E9:E8:CE:0D:39:61:94:D0:3F:ED:CF:E0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019CAE8BE6E8CDE9D0F1147757AE356DBE62
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PHtf8x7avmLp6M4NOWGU0D_tz-A.roa
Signing time:             Mon 02 Mar 2026 12:35:30 +0000
ROA not before:           Mon 02 Mar 2026 12:35:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214364
IP address blocks:        87.121.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 07:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:8b:e6:e8:cd:e9:d0:f1:14:77:57:ae:35:6d:be:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  2 12:35:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c7b5ff31edabe62e9e8ce0d396194d03fedcfe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0b:28:1b:3a:5f:9f:b7:4f:19:57:59:bf:81:
                    2c:1d:75:a7:a7:82:f0:8d:4c:c2:51:28:eb:84:b7:
                    06:29:92:0a:7b:8a:75:d4:e3:83:8f:28:ce:e6:c2:
                    23:6b:73:7e:8d:e5:70:9d:1a:2b:ae:4a:e3:47:f8:
                    32:f3:e2:d0:33:45:60:02:c3:18:9b:6f:26:b2:ea:
                    37:de:3b:79:9c:2b:41:66:01:8d:32:5a:e9:f1:61:
                    13:a2:fc:47:61:8b:8e:77:a1:53:1e:63:24:26:6c:
                    c1:18:9e:e8:a8:10:f9:b3:68:72:ed:62:c6:fe:11:
                    b3:e1:15:24:97:44:0f:9a:74:50:bb:10:39:d6:78:
                    15:f6:bd:db:86:c5:8d:c1:77:fb:72:8b:d9:fd:29:
                    cf:f1:0c:f9:3e:c9:cd:b7:9f:b8:32:48:0e:e0:52:
                    75:9d:9d:d1:33:f6:55:08:9f:3b:a6:48:70:09:0c:
                    8c:54:53:9f:4b:54:23:71:a1:b2:23:89:a7:f8:18:
                    ab:5f:ca:ae:15:63:8f:a0:de:c5:32:6a:86:7b:07:
                    c3:0c:d6:df:2d:de:50:1b:2a:a3:50:42:94:22:a0:
                    3a:69:31:b7:c6:ba:15:0b:92:ca:25:68:0f:ef:aa:
                    d9:73:0a:8a:60:2a:db:43:db:42:14:e7:c2:5b:57:
                    e9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7B:5F:F3:1E:DA:BE:62:E9:E8:CE:0D:39:61:94:D0:3F:ED:CF:E0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PHtf8x7avmLp6M4NOWGU0D_tz-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:6f:49:66:d5:85:9b:0b:98:d8:47:9b:66:bd:12:9b:f5:32:
         2a:2e:b2:cc:bc:89:a0:88:c6:db:0b:92:a3:ba:b9:df:0b:88:
         00:52:5d:f9:6b:97:e1:bd:e1:5e:74:ca:81:24:0e:cc:07:d0:
         00:b6:0c:17:fb:b8:1c:d3:35:8a:bd:eb:71:80:cf:e7:9f:16:
         e8:69:19:5c:db:06:99:c7:b1:ce:67:00:29:55:34:2f:1c:ec:
         f5:96:0d:b3:80:82:88:fa:c2:d8:44:8c:97:71:f3:7a:02:30:
         58:01:aa:7b:a0:14:81:d3:3f:9e:0e:4b:d3:fa:28:03:5c:f1:
         1a:89:c4:4f:c3:c5:7b:12:bc:f0:d8:78:92:5b:08:e5:b7:27:
         2b:3b:7f:54:0b:33:41:8b:97:9b:3b:58:78:33:84:7a:c8:fd:
         88:97:28:be:e6:98:e0:8f:02:44:e2:b3:c9:d8:94:54:78:b2:
         98:bc:ed:95:dd:4c:b5:e7:b3:9b:03:bc:73:15:5e:50:b2:cd:
         8f:e2:fa:ae:43:d7:fa:c7:92:66:1a:9b:1b:48:d9:d4:80:17:
         c2:6c:14:46:f7:45:3c:bd:dc:23:ac:38:25:77:91:4c:d8:e1:
         4a:16:37:30:1c:8a:62:d4:89:8a:a2:72:47:f6:6e:70:9a:68:
         80:29:b6:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyui+bozenQ8RR3V641bb5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzAyMTIzNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdiNWZmMzFlZGFiZTYyZTllOGNlMGQzOTYxOTRkMDNmZWRjZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgsoGzpfn7dPGVdZv4EsHXWnp4Lw
jUzCUSjrhLcGKZIKe4p11OODjyjO5sIja3N+jeVwnRorrkrjR/gy8+LQM0VgAsMY
m28msuo33jt5nCtBZgGNMlrp8WETovxHYYuOd6FTHmMkJmzBGJ7oqBD5s2hy7WLG
/hGz4RUkl0QPmnRQuxA51ngV9r3bhsWNwXf7covZ/SnP8Qz5PsnNt5+4MkgO4FJ1
nZ3RM/ZVCJ87pkhwCQyMVFOfS1QjcaGyI4mn+BirX8quFWOPoN7FMmqGewfDDNbf
Ld5QGyqjUEKUIqA6aTG3xroVC5LKJWgP76rZcwqKYCrbQ9tCFOfCW1fpjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx7X/Me2r5i6ejODTlhlNA/7c/gMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUEh0Zjh4N2F2bUxwNk00Tk9XR1UwRF90ei1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3ncMA0G
CSqGSIb3DQEBCwUAA4IBAQAib0lm1YWbC5jYR5tmvRKb9TIqLrLMvImgiMbbC5Kj
urnfC4gAUl35a5fhveFedMqBJA7MB9AAtgwX+7gc0zWKvetxgM/nnxboaRlc2waZ
x7HOZwApVTQvHOz1lg2zgIKI+sLYRIyXcfN6AjBYAap7oBSB0z+eDkvT+igDXPEa
icRPw8V7Erzw2HiSWwjltycrO39UCzNBi5ebO1h4M4R6yP2Ilyi+5pjgjwJE4rPJ
2JRUeLKYvO2V3Uy157ObA7xzFV5Qss2P4vquQ9f6x5JmGpsbSNnUgBfCbBRG90U8
vdwjrDgld5FM2OFKFjcwHIpi1ImKonJH9m5wmmiAKbYj
-----END CERTIFICATE-----