Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/z8l7mSU9KRY7NvwDgtk1N6bfpzg.roa
File:                     z8l7mSU9KRY7NvwDgtk1N6bfpzg.roa (raw, json)
Hash identifier:          UTc6qeGzgzsNu3Jv91oY0o4Hfys++8pCjFFEFQc/98o=
Subject key identifier:   CF:C9:7B:99:25:3D:29:16:3B:36:FC:03:82:D9:35:37:A6:DF:A7:38
Certificate issuer:       /CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
Certificate serial:       019DB4CD4CE1163DDC4F473C89767960F1B1
Authority key identifier: 06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/z8l7mSU9KRY7NvwDgtk1N6bfpzg.roa
Signing time:             Wed 22 Apr 2026 10:47:26 +0000
ROA not before:           Wed 22 Apr 2026 10:47:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209193
IP address blocks:        195.69.229.0/24 maxlen: 24
                          195.69.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:cd:4c:e1:16:3d:dc:4f:47:3c:89:76:79:60:f1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
        Validity
            Not Before: Apr 22 10:47:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfc97b99253d29163b36fc0382d93537a6dfa738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bd:33:5a:e7:db:cb:b9:3f:57:0a:59:e0:e1:
                    cb:ae:1f:96:de:c4:bd:f9:49:b3:b3:75:2c:b4:5d:
                    57:81:88:40:41:a3:21:05:26:b5:e6:5f:63:bb:eb:
                    23:2b:56:94:b2:2f:04:67:56:1b:b7:60:2d:63:a8:
                    8f:a7:e2:e1:10:2c:d8:24:3e:c7:00:ad:f6:81:d2:
                    a0:3b:be:2b:ff:52:6c:57:25:e8:6a:0f:3b:2f:e4:
                    ea:e4:98:8b:c7:79:38:2e:96:f3:f2:6a:56:ca:75:
                    8c:be:22:6d:a4:8d:66:ec:0a:e3:bc:1b:c7:db:0f:
                    90:26:c8:0d:ae:41:f6:22:b5:f4:52:42:53:66:a8:
                    c3:64:08:47:59:83:d2:45:b1:81:cf:1e:a9:d6:ad:
                    89:c0:91:22:ea:15:b4:b1:46:eb:a4:07:65:76:f0:
                    66:b8:83:1a:c3:5e:54:e1:ca:7e:a1:81:7d:1d:4b:
                    dc:92:36:f3:4b:ba:42:55:9b:6a:6b:99:48:ee:4c:
                    6d:de:74:6f:c4:96:cd:21:10:62:6f:a6:f4:90:07:
                    0f:66:ee:61:36:80:4b:f3:9a:8c:26:89:6e:13:b1:
                    59:14:96:6c:f1:13:11:95:e0:c2:0e:21:e4:1a:d3:
                    6a:a3:11:f0:07:8e:75:4c:43:39:ff:b1:15:13:50:
                    27:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C9:7B:99:25:3D:29:16:3B:36:FC:03:82:D9:35:37:A6:DF:A7:38
            X509v3 Authority Key Identifier:
                keyid:06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/z8l7mSU9KRY7NvwDgtk1N6bfpzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.229.0/24
                  195.69.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:36:8f:0c:01:3a:77:fe:cc:a2:1d:0e:32:51:ff:03:b5:07:
         f9:73:20:4a:8b:34:7e:d0:91:8b:01:48:f9:82:cc:74:c9:21:
         a5:66:77:08:6f:2b:8a:aa:a7:98:ce:ad:8a:ad:d4:23:5a:04:
         58:9d:5f:3b:d1:e4:a6:13:b8:a4:c1:63:ca:d1:63:39:84:54:
         00:44:38:1d:77:b1:a4:60:5a:69:b9:78:68:62:5b:46:f0:5b:
         dd:f6:b9:32:ff:2f:ed:a7:bb:33:3d:44:8b:d5:cb:41:36:8b:
         48:21:5a:fe:21:19:a8:29:97:a0:89:a8:6c:65:53:8d:8c:b9:
         11:61:51:84:1c:45:de:43:cf:2a:c2:76:c1:7b:cd:66:22:89:
         30:2d:89:2b:bf:74:c1:a8:00:62:fd:ef:e5:5e:27:a4:45:64:
         88:06:0f:c9:f8:f0:b6:fd:02:22:c3:27:fe:4c:48:ca:10:2d:
         e6:88:bc:d3:68:f1:07:19:1e:c2:84:ce:80:72:b5:95:18:ac:
         0c:84:63:2f:61:b5:5b:30:50:b6:23:31:51:4e:7c:0e:ad:76:
         42:79:cd:33:7a:f0:6a:5a:1b:f4:2e:4f:1e:57:be:50:ec:89:
         8c:e0:b9:d1:39:23:7e:cb:18:2d:dd:68:b7:9a:0c:d0:91:7c:
         a6:5f:17:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ20zUzhFj3cT0c8iXZ5YPGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MGM5ZWM1ZDQwNTg2ZWQzMjU1ZjBmYzRmY2IzMTU3NzE0
ZGRhMTUwHhcNMjYwNDIyMTA0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM5N2I5OTI1M2QyOTE2M2IzNmZjMDM4MmQ5MzUzN2E2ZGZhNzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb0zWufby7k/VwpZ4OHLrh+W3sS9
+Umzs3UstF1XgYhAQaMhBSa15l9ju+sjK1aUsi8EZ1Ybt2AtY6iPp+LhECzYJD7H
AK32gdKgO74r/1JsVyXoag87L+Tq5JiLx3k4Lpbz8mpWynWMviJtpI1m7ArjvBvH
2w+QJsgNrkH2IrX0UkJTZqjDZAhHWYPSRbGBzx6p1q2JwJEi6hW0sUbrpAdldvBm
uIMaw15U4cp+oYF9HUvckjbzS7pCVZtqa5lI7kxt3nRvxJbNIRBib6b0kAcPZu5h
NoBL85qMJoluE7FZFJZs8RMRleDCDiHkGtNqoxHwB451TEM5/7EVE1AnLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM/Je5klPSkWOzb8A4LZNTem36c4MB8GA1UdIwQY
MBaAFAYMnsXUBYbtMlXw/E/LMVdxTdoVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDct
OWUwYTUxM2RlZWYyLzEvejhsN21TVTlLUlk3TnZ3RGd0azFONmJmcHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDctOWUwYTUxM2RlZWYy
LzEvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw0XlAwQA
w0XnMA0GCSqGSIb3DQEBCwUAA4IBAQASNo8MATp3/syiHQ4yUf8DtQf5cyBKizR+
0JGLAUj5gsx0ySGlZncIbyuKqqeYzq2KrdQjWgRYnV870eSmE7ikwWPK0WM5hFQA
RDgdd7GkYFppuXhoYltG8Fvd9rky/y/tp7szPUSL1ctBNotIIVr+IRmoKZegiahs
ZVONjLkRYVGEHEXeQ88qwnbBe81mIokwLYkrv3TBqABi/e/lXiekRWSIBg/J+PC2
/QIiwyf+TEjKEC3miLzTaPEHGR7ChM6AcrWVGKwMhGMvYbVbMFC2IzFRTnwOrXZC
ec0zevBqWhv0Lk8eV75Q7ImM4LnROSN+yxgt3Wi3mgzQkXymXxc+
-----END CERTIFICATE-----