Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2ZNHcm0_76puL5kxBhmP7quS_es.roa
File:                     2ZNHcm0_76puL5kxBhmP7quS_es.roa (raw, json)
Hash identifier:          bh5IkLJpRmak9TN+5zad4LMmHuRQiQ4Qu284/VveRiY=
Subject key identifier:   D9:93:47:72:6D:3F:EF:AA:6E:2F:99:31:06:19:8F:EE:AB:92:FD:EB
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019CAF679616A3D1E3A2123EDA208580BC32
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2ZNHcm0_76puL5kxBhmP7quS_es.roa
Signing time:             Mon 02 Mar 2026 16:35:27 +0000
ROA not before:           Mon 02 Mar 2026 16:35:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59692
IP address blocks:        89.125.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:67:96:16:a3:d1:e3:a2:12:3e:da:20:85:80:bc:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar  2 16:35:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d99347726d3fefaa6e2f993106198feeab92fdeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:07:37:5f:d5:24:d2:32:cf:42:f8:20:06:14:
                    af:77:3f:7a:eb:71:17:2c:87:81:23:25:bb:0d:2a:
                    89:9d:1e:7b:bb:33:a2:31:29:76:51:e0:ea:ab:3e:
                    ff:24:65:a5:f4:d9:98:8f:ec:40:f6:7b:a1:a6:20:
                    ba:50:b4:4e:05:ac:85:41:87:2f:f4:89:85:84:8b:
                    c7:16:d8:f4:3a:f6:c0:0d:64:8e:f7:6f:0b:ce:44:
                    3d:d0:6c:9e:e6:5d:dd:2a:cc:44:22:da:a1:02:60:
                    40:df:2c:b6:1f:10:73:ef:34:ef:61:8f:ee:ef:68:
                    1c:8a:ef:a9:d6:5b:d0:00:e4:62:a6:41:37:5a:a8:
                    8e:f8:d7:c0:60:ce:0e:48:f3:11:41:df:26:c3:8b:
                    64:40:18:55:1b:9c:55:92:83:5b:f1:0d:ae:71:fc:
                    7b:7d:c1:42:99:5e:ad:fc:0b:3f:fb:8c:09:1d:ab:
                    77:b6:fb:21:f9:92:b8:fd:e6:e6:a7:08:54:4e:73:
                    c7:a7:f2:91:52:13:4f:46:53:06:41:62:03:98:e1:
                    97:3b:6c:8a:ce:e1:ef:61:72:eb:0f:da:17:64:1c:
                    d3:2a:f6:bf:c8:bb:d5:cf:74:12:9b:72:fb:8c:90:
                    81:1d:a7:e8:78:6f:bf:bd:d0:9b:59:2d:35:74:07:
                    03:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:93:47:72:6D:3F:EF:AA:6E:2F:99:31:06:19:8F:EE:AB:92:FD:EB
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2ZNHcm0_76puL5kxBhmP7quS_es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:13:73:04:00:0e:ef:1c:fd:d6:65:08:79:b0:0e:03:ea:62:
         c7:1d:2f:2f:c8:da:1c:c8:5f:96:72:28:d4:bd:36:0e:0b:02:
         9e:31:70:a0:12:98:85:dd:58:7b:bb:18:18:09:1f:0c:3e:81:
         f3:21:b9:d6:3f:5d:14:ac:61:a6:e7:8a:78:d9:3c:8e:3a:73:
         23:17:c9:13:e8:80:54:0c:15:e7:7f:cb:18:ee:4e:f6:e2:61:
         85:6c:8c:90:a3:be:62:02:7d:8c:ee:c9:c8:8b:50:09:f2:2f:
         82:6c:a8:a8:61:8a:d5:58:9f:56:ea:4c:db:91:7f:ef:eb:26:
         63:fa:a4:cd:96:26:88:06:be:99:f3:30:8f:36:a0:3c:dc:4f:
         9a:3a:1e:0a:7c:c8:56:23:9a:14:3d:b9:ec:03:13:6d:07:69:
         33:ad:08:ad:7f:06:13:b6:71:fb:23:b6:1a:54:59:e3:24:0a:
         74:4c:31:50:e9:93:36:78:3f:b4:a6:d9:e1:4f:10:0d:1d:7d:
         d9:73:27:f3:24:4a:94:57:f7:4f:4e:59:8e:90:a4:1e:14:27:
         c1:7c:58:05:13:50:9b:41:55:0b:8c:45:37:33:24:bb:94:a1:
         6c:5b:d2:25:a7:43:20:c7:b8:3b:01:25:ce:b7:d4:aa:e2:46:
         a1:78:64:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyvZ5YWo9HjohI+2iCFgLwyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMzAyMTYzNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkzNDc3MjZkM2ZlZmFhNmUyZjk5MzEwNjE5OGZlZWFiOTJmZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgc3X9Uk0jLPQvggBhSvdz9663EX
LIeBIyW7DSqJnR57uzOiMSl2UeDqqz7/JGWl9NmYj+xA9nuhpiC6ULROBayFQYcv
9ImFhIvHFtj0OvbADWSO928LzkQ90Gye5l3dKsxEItqhAmBA3yy2HxBz7zTvYY/u
72gciu+p1lvQAORipkE3WqiO+NfAYM4OSPMRQd8mw4tkQBhVG5xVkoNb8Q2ucfx7
fcFCmV6t/As/+4wJHat3tvsh+ZK4/ebmpwhUTnPHp/KRUhNPRlMGQWIDmOGXO2yK
zuHvYXLrD9oXZBzTKva/yLvVz3QSm3L7jJCBHafoeG+/vdCbWS01dAcDsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmTR3JtP++qbi+ZMQYZj+6rkv3rMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMlpOSGNtMF83NnB1TDVreEJobVA3cXVTX2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX2rMA0G
CSqGSIb3DQEBCwUAA4IBAQAqE3MEAA7vHP3WZQh5sA4D6mLHHS8vyNocyF+WcijU
vTYOCwKeMXCgEpiF3Vh7uxgYCR8MPoHzIbnWP10UrGGm54p42TyOOnMjF8kT6IBU
DBXnf8sY7k724mGFbIyQo75iAn2M7snIi1AJ8i+CbKioYYrVWJ9W6kzbkX/v6yZj
+qTNliaIBr6Z8zCPNqA83E+aOh4KfMhWI5oUPbnsAxNtB2kzrQitfwYTtnH7I7Ya
VFnjJAp0TDFQ6ZM2eD+0ptnhTxANHX3ZcyfzJEqUV/dPTlmOkKQeFCfBfFgFE1Cb
QVULjEU3MyS7lKFsW9Ilp0Mgx7g7ASXOt9Sq4kaheGRI
-----END CERTIFICATE-----