Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/2i2riD_zANke1WTb9VrTCthub7M.roa
File:                     2i2riD_zANke1WTb9VrTCthub7M.roa (raw, json)
Hash identifier:          NZDjS8baQizjs9Qun/LswWTm9TkfS6LYpDp97FSs5gU=
Subject key identifier:   DA:2D:AB:88:3F:F3:00:D9:1E:D5:64:DB:F5:5A:D3:0A:D8:6E:6F:B3
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019CB957D5E62867148148ECC2E4EAB8FCF2
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/2i2riD_zANke1WTb9VrTCthub7M.roa
Signing time:             Wed 04 Mar 2026 14:54:27 +0000
ROA not before:           Wed 04 Mar 2026 14:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214833
IP address blocks:        45.129.237.0/24 maxlen: 24
                          45.137.154.0/24 maxlen: 24
                          195.18.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:57:d5:e6:28:67:14:81:48:ec:c2:e4:ea:b8:fc:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Mar  4 14:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da2dab883ff300d91ed564dbf55ad30ad86e6fb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:17:c8:31:ab:43:2d:1d:e1:e4:39:6f:bb:1d:
                    cb:15:50:cf:0d:86:95:c2:0b:c4:06:c8:92:db:30:
                    a4:2a:60:47:d1:a0:99:b0:6c:7e:b3:9c:a5:3c:d8:
                    7a:26:33:2a:37:79:b1:e1:bb:4c:39:bf:68:da:21:
                    8e:f4:ed:05:f7:10:09:aa:bd:e8:bb:e8:f9:3a:23:
                    8a:77:5c:81:5f:19:cb:8a:a5:ea:8b:44:71:70:56:
                    d6:58:e2:eb:85:e1:47:fd:e8:f7:fb:c0:2e:b0:e3:
                    a2:36:47:0f:8b:d9:5b:6b:47:47:a2:9d:61:96:8f:
                    7c:2e:30:c8:0e:12:9c:76:ba:aa:de:fe:2f:85:5a:
                    a1:12:e2:b5:eb:91:b4:d4:6e:8a:eb:c6:17:4a:84:
                    bd:8c:cd:e9:41:d2:35:6e:d3:08:7c:01:f3:8d:38:
                    79:0d:27:a1:96:b0:47:63:c8:d8:aa:b6:09:aa:3e:
                    7c:a6:d8:e2:b4:4a:aa:d9:2a:fc:f0:53:0c:c0:f7:
                    9b:e8:81:c8:a1:8c:8e:9e:9e:ab:89:71:d7:ba:95:
                    88:36:ff:50:fe:df:67:20:cb:19:ac:85:27:e4:db:
                    c9:4a:1f:ec:e6:7f:3e:7f:72:6c:56:00:91:c2:4d:
                    53:79:43:98:1c:96:39:88:06:69:b9:6e:27:42:cc:
                    42:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2D:AB:88:3F:F3:00:D9:1E:D5:64:DB:F5:5A:D3:0A:D8:6E:6F:B3
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/2i2riD_zANke1WTb9VrTCthub7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.237.0/24
                  45.137.154.0/24
                  195.18.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:24:5c:25:94:bb:3b:27:b8:91:f3:68:b3:ab:60:f7:03:7d:
         4b:9f:16:19:b1:d1:30:ec:a1:2b:04:c6:dd:e3:4a:d2:94:81:
         c5:db:b1:27:d8:08:84:e5:e7:ee:0d:87:83:e3:75:27:e8:02:
         63:2a:16:94:11:8e:a4:77:dd:ae:bf:b6:b3:a1:43:09:67:0b:
         7a:db:09:42:66:54:ac:14:5b:94:7e:39:44:a4:4f:33:f7:5e:
         59:1f:78:a6:dd:0a:b8:c7:f1:40:79:e8:76:47:fc:b0:4a:a2:
         8b:da:82:09:cc:60:53:f8:cf:c5:0b:50:79:6d:a6:4c:f6:83:
         8b:6d:6d:c3:e5:df:8f:95:e7:40:9e:34:46:0b:72:44:85:27:
         59:ca:8e:14:23:32:ba:0c:a1:59:d2:5f:86:6e:f5:8b:12:e4:
         65:fa:4a:ce:3b:4f:ed:e9:29:63:46:53:ec:5a:9f:2c:50:3e:
         76:b8:89:aa:14:ca:6e:74:42:bd:44:70:8b:b1:19:bf:89:a3:
         77:21:fa:d6:ce:b8:60:0c:16:d4:6b:d4:87:1a:9e:95:5f:61:
         78:e1:31:8c:74:fa:65:c1:40:2d:26:c3:ce:cf:69:4d:fc:91:
         4a:f5:c0:f2:d3:c5:5e:0e:f5:8a:ba:f3:b3:6d:a7:02:3e:f4:
         7e:20:ab:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy5V9XmKGcUgUjswuTquPzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMzA0MTQ1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJkYWI4ODNmZjMwMGQ5MWVkNTY0ZGJmNTVhZDMwYWQ4NmU2ZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xfIMatDLR3h5Dlvux3LFVDPDYaV
wgvEBsiS2zCkKmBH0aCZsGx+s5ylPNh6JjMqN3mx4btMOb9o2iGO9O0F9xAJqr3o
u+j5OiOKd1yBXxnLiqXqi0RxcFbWWOLrheFH/ej3+8AusOOiNkcPi9lba0dHop1h
lo98LjDIDhKcdrqq3v4vhVqhEuK165G01G6K68YXSoS9jM3pQdI1btMIfAHzjTh5
DSehlrBHY8jYqrYJqj58ptjitEqq2Sr88FMMwPeb6IHIoYyOnp6riXHXupWINv9Q
/t9nIMsZrIUn5NvJSh/s5n8+f3JsVgCRwk1TeUOYHJY5iAZpuW4nQsxCjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNotq4g/8wDZHtVk2/Va0wrYbm+zMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMmkycmlEX3pBTmtlMVdUYjlWclRDdGh1YjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYHtAwQA
LYmaAwQAwxIbMA0GCSqGSIb3DQEBCwUAA4IBAQBQJFwllLs7J7iR82izq2D3A31L
nxYZsdEw7KErBMbd40rSlIHF27En2AiE5efuDYeD43Un6AJjKhaUEY6kd92uv7az
oUMJZwt62wlCZlSsFFuUfjlEpE8z915ZH3im3Qq4x/FAeeh2R/ywSqKL2oIJzGBT
+M/FC1B5baZM9oOLbW3D5d+PledAnjRGC3JEhSdZyo4UIzK6DKFZ0l+GbvWLEuRl
+krOO0/t6SljRlPsWp8sUD52uImqFMpudEK9RHCLsRm/iaN3IfrWzrhgDBbUa9SH
Gp6VX2F44TGMdPplwUAtJsPOz2lN/JFK9cDy08VeDvWKuvOzbacCPvR+IKuv
-----END CERTIFICATE-----