Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/ZP8E-oU1X82ERQFhp2szDKgGh6s.roa
File:                     ZP8E-oU1X82ERQFhp2szDKgGh6s.roa (raw, json)
Hash identifier:          vgE55UCmHiD6QoDqh4vXEPoiWkg6dPFnrVeHMaTduW8=
Subject key identifier:   64:FF:04:FA:85:35:5F:CD:84:45:01:61:A7:6B:33:0C:A8:06:87:AB
Certificate issuer:       /CN=ba79aa1a3798c9caefb2f676a338b4125bfad9ff
Certificate serial:       019D2E28B20CC8D56D37370A8F608513F625
Authority key identifier: BA:79:AA:1A:37:98:C9:CA:EF:B2:F6:76:A3:38:B4:12:5B:FA:D9:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/unmqGjeYycrvsvZ2ozi0Elv62f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/ZP8E-oU1X82ERQFhp2szDKgGh6s.roa
Signing time:             Fri 27 Mar 2026 07:18:32 +0000
ROA not before:           Fri 27 Mar 2026 07:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13189
IP address blocks:        195.66.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/unmqGjeYycrvsvZ2ozi0Elv62f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/unmqGjeYycrvsvZ2ozi0Elv62f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/unmqGjeYycrvsvZ2ozi0Elv62f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:28:b2:0c:c8:d5:6d:37:37:0a:8f:60:85:13:f6:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba79aa1a3798c9caefb2f676a338b4125bfad9ff
        Validity
            Not Before: Mar 27 07:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64ff04fa85355fcd84450161a76b330ca80687ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:56:58:22:fd:f7:3c:42:f1:34:9e:1e:bc:33:
                    44:c9:e9:bb:3b:1f:db:ff:2d:05:2a:3d:89:b7:40:
                    c9:87:80:07:99:fe:a2:b8:df:89:72:59:22:a0:75:
                    14:62:bb:96:1a:e5:63:13:ef:9f:98:9e:5f:79:fe:
                    5d:ac:aa:32:5f:42:ca:d4:c4:ad:74:bd:ae:3d:54:
                    06:30:e4:00:aa:8d:32:9f:a8:16:33:29:84:6a:1b:
                    ef:ad:93:8a:d1:4f:43:4a:f5:57:7b:df:ef:c2:74:
                    36:53:68:40:b8:85:b3:6d:61:b6:bb:a5:cf:6f:75:
                    33:ba:26:bf:53:7e:e0:40:14:f6:22:98:2a:13:90:
                    92:0b:82:1c:77:e4:79:d7:36:b4:ae:4a:e2:73:be:
                    ed:28:58:cc:33:a2:b5:44:55:5f:af:14:dd:a9:25:
                    52:6d:1c:56:7b:43:3d:e0:f4:38:9e:90:e5:58:49:
                    71:d4:a1:13:71:b2:03:eb:ce:32:f7:cd:df:f0:f7:
                    83:3c:23:71:8a:69:0d:10:8f:cc:01:70:f2:e0:31:
                    b5:b8:95:b9:9c:c5:f5:a0:51:1b:ba:57:30:f6:4d:
                    55:e0:80:48:31:22:c6:5c:f8:f3:af:a8:d5:63:a4:
                    1a:d6:ca:9d:9e:5b:96:d5:29:2e:cb:57:0c:60:18:
                    87:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:FF:04:FA:85:35:5F:CD:84:45:01:61:A7:6B:33:0C:A8:06:87:AB
            X509v3 Authority Key Identifier:
                keyid:BA:79:AA:1A:37:98:C9:CA:EF:B2:F6:76:A3:38:B4:12:5B:FA:D9:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/unmqGjeYycrvsvZ2ozi0Elv62f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/ZP8E-oU1X82ERQFhp2szDKgGh6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/12f13c-f518-422e-bf61-816c860c2a8f/1/unmqGjeYycrvsvZ2ozi0Elv62f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:da:30:1e:1e:91:fe:62:ce:49:27:a3:94:7b:45:cc:47:f9:
         e4:3f:93:3a:8d:55:f4:d5:96:2e:2a:b0:6e:e8:09:a4:29:e9:
         7b:94:be:91:d2:a2:1c:3a:42:ca:6d:90:76:dc:88:f7:cf:3a:
         2e:ff:7c:98:6f:b6:95:d1:ae:fc:b9:1a:ef:fd:93:a0:bc:52:
         2f:a0:85:36:9f:54:e0:de:91:2f:32:8a:11:fa:de:ad:3a:98:
         e3:4b:85:92:16:8b:34:4f:35:f2:45:56:94:ab:a9:94:27:08:
         85:61:18:4d:dd:fb:d0:21:d6:96:3f:49:e5:70:9b:c3:fd:89:
         b7:2e:d2:de:dd:2e:c9:c7:cb:05:56:59:ff:a0:b3:fc:f3:4e:
         27:e0:83:b8:92:b1:b7:d2:a9:28:f5:37:c0:9d:da:46:2f:fa:
         0f:7c:12:72:6b:1d:fa:05:7b:20:ab:fc:fa:0a:9a:fc:71:5b:
         dc:28:48:f2:73:40:84:d6:f5:65:7f:fa:95:eb:31:37:0c:34:
         b1:be:dc:2d:09:49:1b:a8:a8:6d:87:12:50:f5:e5:08:40:14:
         f7:ab:07:40:ce:b5:84:f4:d3:ee:92:0b:a8:0f:3c:a4:b2:da:
         09:e3:d7:f0:ea:66:89:69:b6:f1:db:8c:2c:23:32:53:95:79:
         81:f1:37:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0uKLIMyNVtNzcKj2CFE/YlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNzlhYTFhMzc5OGM5Y2FlZmIyZjY3NmEzMzhiNDEyNWJm
YWQ5ZmYwHhcNMjYwMzI3MDcxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGZmMDRmYTg1MzU1ZmNkODQ0NTAxNjFhNzZiMzMwY2E4MDY4N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlZYIv33PELxNJ4evDNEyem7Ox/b
/y0FKj2Jt0DJh4AHmf6iuN+JclkioHUUYruWGuVjE++fmJ5fef5drKoyX0LK1MSt
dL2uPVQGMOQAqo0yn6gWMymEahvvrZOK0U9DSvVXe9/vwnQ2U2hAuIWzbWG2u6XP
b3Uzuia/U37gQBT2IpgqE5CSC4Icd+R51za0rkric77tKFjMM6K1RFVfrxTdqSVS
bRxWe0M94PQ4npDlWElx1KETcbID684y983f8PeDPCNximkNEI/MAXDy4DG1uJW5
nMX1oFEbulcw9k1V4IBIMSLGXPjzr6jVY6Qa1sqdnluW1Skuy1cMYBiHYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGT/BPqFNV/NhEUBYadrMwyoBoerMB8GA1UdIwQY
MBaAFLp5qho3mMnK77L2dqM4tBJb+tn/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW5tcUdqZVl5Y3J2c3ZaMm96aTBFbHY2MmY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xMmYxM2MtZjUxOC00MjJlLWJmNjEt
ODE2Yzg2MGMyYThmLzEvWlA4RS1vVTFYODJFUlFGaHAyc3pES2dHaDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xMmYxM2MtZjUxOC00MjJlLWJmNjEtODE2Yzg2MGMyYThm
LzEvdW5tcUdqZVl5Y3J2c3ZaMm96aTBFbHY2MmY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0KCMA0G
CSqGSIb3DQEBCwUAA4IBAQAD2jAeHpH+Ys5JJ6OUe0XMR/nkP5M6jVX01ZYuKrBu
6AmkKel7lL6R0qIcOkLKbZB23Ij3zzou/3yYb7aV0a78uRrv/ZOgvFIvoIU2n1Tg
3pEvMooR+t6tOpjjS4WSFos0TzXyRVaUq6mUJwiFYRhN3fvQIdaWP0nlcJvD/Ym3
LtLe3S7Jx8sFVln/oLP8804n4IO4krG30qko9TfAndpGL/oPfBJyax36BXsgq/z6
Cpr8cVvcKEjyc0CE1vVlf/qV6zE3DDSxvtwtCUkbqKhthxJQ9eUIQBT3qwdAzrWE
9NPukguoDzykstoJ49fw6maJabbx24wsIzJTlXmB8Tf0
-----END CERTIFICATE-----