Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sz_c26rbvH0uu179TRjeU8EM_A0.roa
File:                     sz_c26rbvH0uu179TRjeU8EM_A0.roa (raw, json)
Hash identifier:          tMb7Bo7E7L+zeKT6DXx+zQjvZcrsYlKvO7dQ40ku1+s=
Subject key identifier:   B3:3F:DC:DB:AA:DB:BC:7D:2E:BB:5E:FD:4D:18:DE:53:C1:0C:FC:0D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019E4B6390984A65886E53A63B1E02960ACE
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sz_c26rbvH0uu179TRjeU8EM_A0.roa
Signing time:             Thu 21 May 2026 16:34:36 +0000
ROA not before:           Thu 21 May 2026 16:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        213.209.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:63:90:98:4a:65:88:6e:53:a6:3b:1e:02:96:0a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: May 21 16:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b33fdcdbaadbbc7d2ebb5efd4d18de53c10cfc0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0c:4b:30:f2:c9:0c:17:24:a5:d3:34:c7:bc:
                    17:12:72:89:88:59:cc:f3:ea:84:4f:84:48:87:6e:
                    4e:38:fb:87:2f:93:c7:aa:e1:eb:57:23:48:ec:84:
                    fe:8a:af:77:60:46:86:34:37:65:c2:eb:1c:0e:22:
                    8d:96:15:3d:dc:4c:0c:eb:37:7f:c7:b7:fd:ca:52:
                    6b:04:ee:f6:44:42:77:82:07:0f:b3:b3:5b:5a:b3:
                    61:a8:fd:bc:84:8a:0b:78:24:3d:0b:a0:bd:f1:a6:
                    fa:69:37:79:d6:60:de:15:22:53:83:40:57:bd:86:
                    6c:4f:ac:3b:80:f1:81:e7:5c:40:f1:aa:32:93:d3:
                    50:b6:49:e2:43:c1:e0:ea:39:e5:80:f1:2e:2c:0f:
                    4f:52:16:7e:4b:d2:0e:b2:aa:ec:41:21:ee:78:0d:
                    48:d0:dc:ee:b8:60:e5:9c:5a:79:ac:2b:cb:7f:50:
                    72:9f:11:e0:27:e9:59:1d:b0:9f:b4:69:f2:2b:cb:
                    91:c8:54:1c:22:14:0c:57:35:d2:32:72:fe:9d:dc:
                    36:88:a3:89:e9:7e:e6:c9:66:4b:8b:1b:16:4d:ba:
                    95:56:84:5b:eb:5e:f1:c9:d2:cb:19:fd:da:73:26:
                    e0:c0:15:27:da:e7:74:38:bd:f7:8a:d1:1d:84:5c:
                    fd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3F:DC:DB:AA:DB:BC:7D:2E:BB:5E:FD:4D:18:DE:53:C1:0C:FC:0D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sz_c26rbvH0uu179TRjeU8EM_A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:89:b0:04:c3:44:9e:e7:4d:7f:c5:56:9e:42:e1:db:d9:97:
         f1:60:19:66:ff:6e:b8:04:6b:eb:25:b1:c7:ab:5e:de:b4:27:
         23:d5:6d:82:22:09:06:4f:78:cb:fc:9d:0e:59:c4:01:77:1a:
         9d:45:84:83:4e:b3:0e:11:0c:92:57:6b:dc:f8:f6:e6:7e:80:
         0b:46:57:20:c0:b5:66:c2:62:55:c3:60:9b:cc:80:41:59:91:
         ac:47:79:41:19:f9:e2:1b:a4:36:fe:e1:07:ae:23:f8:c7:93:
         73:06:5c:3f:8d:c2:26:b1:19:a5:70:96:5a:3b:73:87:2d:22:
         8f:10:b3:40:16:32:48:54:8e:4c:7b:2a:b6:1f:23:09:b7:20:
         32:e7:04:26:79:4a:08:82:53:53:5c:67:03:c4:05:3a:a7:33:
         3b:91:30:62:d2:68:32:ab:e1:0e:46:3d:92:52:d5:98:85:e4:
         8c:b6:70:75:4c:08:24:3a:a8:78:45:18:33:c3:67:2d:2b:1d:
         b1:df:87:02:f7:7e:a7:35:02:53:54:3d:ad:7f:d9:a2:64:7a:
         b3:9b:d6:70:49:c9:22:a5:1d:84:1c:17:00:86:6f:37:fa:93:
         4b:44:d1:d1:2d:9d:c0:6a:dd:b3:2b:35:03:9e:48:cc:41:4c:
         38:8c:6d:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5LY5CYSmWIblOmOx4ClgrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNTIxMTYzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNmZGNkYmFhZGJiYzdkMmViYjVlZmQ0ZDE4ZGU1M2MxMGNmYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwxLMPLJDBckpdM0x7wXEnKJiFnM
8+qET4RIh25OOPuHL5PHquHrVyNI7IT+iq93YEaGNDdlwuscDiKNlhU93EwM6zd/
x7f9ylJrBO72REJ3ggcPs7NbWrNhqP28hIoLeCQ9C6C98ab6aTd51mDeFSJTg0BX
vYZsT6w7gPGB51xA8aoyk9NQtkniQ8Hg6jnlgPEuLA9PUhZ+S9IOsqrsQSHueA1I
0NzuuGDlnFp5rCvLf1BynxHgJ+lZHbCftGnyK8uRyFQcIhQMVzXSMnL+ndw2iKOJ
6X7myWZLixsWTbqVVoRb617xydLLGf3acybgwBUn2ud0OL33itEdhFz92wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLM/3Nuq27x9Lrte/U0Y3lPBDPwNMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvc3pfYzI2cmJ2SDB1dTE3OVRSamVVOEVNX0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGIMA0G
CSqGSIb3DQEBCwUAA4IBAQCCibAEw0Se501/xVaeQuHb2ZfxYBlm/264BGvrJbHH
q17etCcj1W2CIgkGT3jL/J0OWcQBdxqdRYSDTrMOEQySV2vc+PbmfoALRlcgwLVm
wmJVw2CbzIBBWZGsR3lBGfniG6Q2/uEHriP4x5NzBlw/jcImsRmlcJZaO3OHLSKP
ELNAFjJIVI5Meyq2HyMJtyAy5wQmeUoIglNTXGcDxAU6pzM7kTBi0mgyq+EORj2S
UtWYheSMtnB1TAgkOqh4RRgzw2ctKx2x34cC936nNQJTVD2tf9miZHqzm9ZwScki
pR2EHBcAhm83+pNLRNHRLZ3Aat2zKzUDnkjMQUw4jG3t
-----END CERTIFICATE-----