Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Zi0NjMEtFw5voPHGZoxrA-l2oWA.roa
File:                     Zi0NjMEtFw5voPHGZoxrA-l2oWA.roa (raw, json)
Hash identifier:          rEeauSC/jqbljS/hWUZuNo4LDWDnXsLsoGbI9r4RZdo=
Subject key identifier:   66:2D:0D:8C:C1:2D:17:0E:6F:A0:F1:C6:66:8C:6B:03:E9:76:A1:60
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019CC251CE8022CF9B8C4DC1F675AA376051
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Zi0NjMEtFw5voPHGZoxrA-l2oWA.roa
Signing time:             Fri 06 Mar 2026 08:44:27 +0000
ROA not before:           Fri 06 Mar 2026 08:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204762
IP address blocks:        185.121.135.0/24 maxlen: 24
                          212.232.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:51:ce:80:22:cf:9b:8c:4d:c1:f6:75:aa:37:60:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Mar  6 08:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=662d0d8cc12d170e6fa0f1c6668c6b03e976a160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8b:ba:fc:40:81:46:00:2f:1e:bc:ab:e6:de:
                    0e:5d:d2:bd:56:12:65:fb:c1:43:ac:fe:8e:cc:cf:
                    5e:70:f8:6e:19:24:b7:91:c1:f4:0f:d4:80:00:96:
                    2e:17:4b:38:7a:c2:b5:54:6f:05:6e:58:8a:14:bd:
                    cb:ec:00:fb:42:16:42:b5:02:79:84:85:40:54:c6:
                    19:b8:1a:05:0c:84:94:bb:94:0d:31:62:05:53:bc:
                    c8:cf:6c:b6:24:be:6f:2d:e4:40:9b:17:64:fe:7e:
                    61:b0:f0:a1:e0:cc:c4:e2:f0:5e:b3:2c:44:a2:f4:
                    e4:e0:75:6c:95:e3:19:54:63:19:53:49:d7:45:6d:
                    16:40:68:e6:cb:56:a1:0f:df:b2:bc:5b:c8:0b:40:
                    ef:42:49:9d:ca:d5:cb:2d:cc:45:a8:d7:5c:55:d3:
                    ba:a6:44:1c:6d:95:b6:2e:ef:95:cf:b2:1a:e8:62:
                    16:85:7e:62:6e:99:dd:5e:b4:95:0a:23:f5:ad:95:
                    3c:da:9c:f9:eb:27:d3:9c:38:87:64:fe:1c:2e:d2:
                    96:f2:d8:de:c0:da:d9:e6:e7:ef:b9:50:10:54:d8:
                    a2:08:22:73:2c:eb:18:b6:00:41:6e:62:e0:43:ff:
                    bd:b2:97:1c:1a:10:3b:9e:03:c8:4d:04:fb:eb:aa:
                    e0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2D:0D:8C:C1:2D:17:0E:6F:A0:F1:C6:66:8C:6B:03:E9:76:A1:60
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Zi0NjMEtFw5voPHGZoxrA-l2oWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.135.0/24
                  212.232.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:0b:4f:8d:4d:09:58:d6:a0:37:09:b2:ea:96:1d:7e:40:67:
         46:72:c2:0a:28:80:44:33:9e:7e:27:4c:8d:f0:59:3e:b2:0c:
         12:4f:12:3b:86:b4:ec:cf:0a:aa:a1:b4:48:7d:28:f5:f5:93:
         ca:c7:a6:cf:98:b7:fd:2b:61:e5:38:2f:72:38:07:75:ee:56:
         40:59:1a:80:10:46:dc:4c:7d:d6:7d:b0:19:96:8f:c5:16:5a:
         40:52:e5:8b:6d:10:dc:d6:26:4d:ad:ec:5c:e6:e4:48:90:9c:
         bc:4e:ed:fc:69:bc:bd:ec:f5:f2:36:46:8d:ea:a6:56:8e:13:
         aa:40:42:0b:2d:fe:2c:0d:4b:ef:54:eb:c5:88:41:6a:2f:38:
         fc:9c:54:cc:2f:8f:bc:be:c2:d5:9a:13:c4:6a:60:dd:84:f0:
         ee:ed:d3:f9:9d:66:ed:71:d8:dd:18:29:6a:2a:cd:45:95:7e:
         2f:66:80:33:c9:dc:9a:d1:ca:df:e4:0a:d9:49:a0:93:94:9d:
         91:88:b3:99:68:05:eb:c2:2d:6f:15:28:9f:b8:53:d9:71:de:
         78:4a:af:0b:a6:82:f3:26:d6:a9:80:52:cd:1e:47:5b:ba:b8:
         45:62:f8:e3:5e:3f:60:32:dd:49:69:a5:eb:4a:28:d2:16:00:
         ae:49:93:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzCUc6AIs+bjE3B9nWqN2BRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjYwMzA2MDg0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJkMGQ4Y2MxMmQxNzBlNmZhMGYxYzY2NjhjNmIwM2U5NzZhMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIu6/ECBRgAvHryr5t4OXdK9VhJl
+8FDrP6OzM9ecPhuGSS3kcH0D9SAAJYuF0s4esK1VG8FbliKFL3L7AD7QhZCtQJ5
hIVAVMYZuBoFDISUu5QNMWIFU7zIz2y2JL5vLeRAmxdk/n5hsPCh4MzE4vBesyxE
ovTk4HVsleMZVGMZU0nXRW0WQGjmy1ahD9+yvFvIC0DvQkmdytXLLcxFqNdcVdO6
pkQcbZW2Lu+Vz7Ia6GIWhX5ibpndXrSVCiP1rZU82pz56yfTnDiHZP4cLtKW8tje
wNrZ5ufvuVAQVNiiCCJzLOsYtgBBbmLgQ/+9spccGhA7ngPITQT766rg3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGYtDYzBLRcOb6DxxmaMawPpdqFgMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvWmkwTmpNRXRGdzV2b1BIR1pveHJBLWwyb1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXmHAwQA
1OgTMA0GCSqGSIb3DQEBCwUAA4IBAQAkC0+NTQlY1qA3CbLqlh1+QGdGcsIKKIBE
M55+J0yN8Fk+sgwSTxI7hrTszwqqobRIfSj19ZPKx6bPmLf9K2HlOC9yOAd17lZA
WRqAEEbcTH3WfbAZlo/FFlpAUuWLbRDc1iZNrexc5uRIkJy8Tu38aby97PXyNkaN
6qZWjhOqQEILLf4sDUvvVOvFiEFqLzj8nFTML4+8vsLVmhPEamDdhPDu7dP5nWbt
cdjdGClqKs1FlX4vZoAzydya0crf5ArZSaCTlJ2RiLOZaAXrwi1vFSifuFPZcd54
Sq8LpoLzJtapgFLNHkdburhFYvjjXj9gMt1JaaXrSijSFgCuSZPo
-----END CERTIFICATE-----