Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/hzNDyInh_bUBg7Uejg55aTvL-3Q.roa
File:                     hzNDyInh_bUBg7Uejg55aTvL-3Q.roa (raw, json)
Hash identifier:          FJw1sBNqJdJQhACILp+itphyL4fweg2OQEEsFKom/I8=
Subject key identifier:   87:33:43:C8:89:E1:FD:B5:01:83:B5:1E:8E:0E:79:69:3B:CB:FB:74
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       019C0E1B855599C956D1F89B8B64D9C0AFB1
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/hzNDyInh_bUBg7Uejg55aTvL-3Q.roa
Signing time:             Fri 30 Jan 2026 08:53:30 +0000
ROA not before:           Fri 30 Jan 2026 08:53:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13213
IP address blocks:        213.21.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Feb 2026 16:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0e:1b:85:55:99:c9:56:d1:f8:9b:8b:64:d9:c0:af:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan 30 08:53:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=873343c889e1fdb50183b51e8e0e79693bcbfb74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:95:be:4c:a2:25:ca:19:b1:fe:06:64:51:de:
                    b4:7c:17:a0:c0:01:50:36:c3:68:4e:73:de:d9:34:
                    58:1f:45:ce:c1:63:17:c3:d0:79:d2:8e:3d:98:ae:
                    03:29:26:32:72:65:91:8f:d2:bd:d4:9b:e1:52:d4:
                    47:15:a5:c1:7b:5a:9a:76:d5:78:08:4c:b1:84:95:
                    47:80:84:44:a3:7c:94:10:a7:a1:f9:9f:13:f9:40:
                    0f:20:66:b9:56:3c:58:2d:84:92:37:60:e0:2c:14:
                    a2:92:15:1f:1c:e4:7c:1b:53:b7:ef:bf:a2:cb:7b:
                    45:c0:50:f2:60:74:52:99:ad:e0:36:91:c3:ef:8e:
                    0c:64:b2:dd:69:a8:cb:cd:50:c0:81:a5:a1:97:cd:
                    36:71:22:e8:ca:84:54:06:99:05:d2:70:da:b2:ed:
                    7e:43:28:f8:0e:fe:e4:9b:50:cc:38:d6:4d:91:f1:
                    73:8f:51:f4:e5:4e:d5:8b:23:b2:1d:a7:b7:fb:da:
                    14:ee:fa:93:42:ba:a5:ce:7e:80:e0:66:b4:90:cc:
                    7f:c1:85:8e:f2:d6:49:59:55:20:4c:0e:06:e9:4e:
                    43:8c:04:24:74:71:9d:31:9a:bf:48:23:3e:32:15:
                    62:65:3e:4e:7a:24:4a:5e:b2:2d:dc:fd:fe:2a:31:
                    cc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:33:43:C8:89:E1:FD:B5:01:83:B5:1E:8E:0E:79:69:3B:CB:FB:74
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/hzNDyInh_bUBg7Uejg55aTvL-3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:32:c6:40:49:73:cb:63:ac:ee:8c:34:a3:c4:63:7e:0c:
         66:ff:ff:77:9a:d9:47:cf:9c:b6:2b:57:eb:a1:88:9e:38:da:
         ef:c8:07:e5:f5:8a:70:7d:fc:b0:ee:0a:60:09:e9:37:67:bf:
         af:6e:80:d1:8f:ea:28:ae:60:78:08:9d:c2:9e:c4:17:75:13:
         66:d3:0d:8b:37:ff:23:6c:11:64:21:ed:c5:61:a5:38:ff:56:
         d3:43:72:c3:e9:5f:15:e3:fc:b2:10:8d:0f:59:c1:25:b6:f4:
         74:76:21:57:1d:4b:2d:c2:61:ee:1b:4a:5e:72:f8:e7:0b:b4:
         bf:b4:cc:91:ed:1f:ea:4b:c3:88:9a:30:6e:39:c7:9e:60:22:
         e9:dc:41:45:20:8a:5b:07:be:3f:2c:7a:35:14:77:d3:36:12:
         3f:f4:94:15:4e:bd:80:4c:1b:6b:88:f3:5a:c8:52:d7:43:19:
         fb:f0:5b:1e:d8:2f:6f:19:2d:fc:e9:56:19:97:87:b0:de:9f:
         e3:7c:be:ac:eb:29:77:1f:f6:8e:72:44:15:ab:9f:67:b7:5b:
         ab:b1:12:e5:4e:51:0f:b1:3a:1e:64:64:92:52:f3:a0:45:03:
         96:8d:01:dd:d0:b2:ec:60:da:7f:be:9c:6c:ae:65:9f:94:55:
         9b:86:a3:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwOG4VVmclW0fibi2TZwK+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjYwMTMwMDg1MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMzNDNjODg5ZTFmZGI1MDE4M2I1MWU4ZTBlNzk2OTNiY2JmYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35W+TKIlyhmx/gZkUd60fBegwAFQ
NsNoTnPe2TRYH0XOwWMXw9B50o49mK4DKSYycmWRj9K91JvhUtRHFaXBe1qadtV4
CEyxhJVHgIREo3yUEKeh+Z8T+UAPIGa5VjxYLYSSN2DgLBSikhUfHOR8G1O377+i
y3tFwFDyYHRSma3gNpHD744MZLLdaajLzVDAgaWhl802cSLoyoRUBpkF0nDasu1+
Qyj4Dv7km1DMONZNkfFzj1H05U7ViyOyHae3+9oU7vqTQrqlzn6A4Ga0kMx/wYWO
8tZJWVUgTA4G6U5DjAQkdHGdMZq/SCM+MhViZT5OeiRKXrIt3P3+KjHMIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIczQ8iJ4f21AYO1Ho4OeWk7y/t0MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvaHpORHlJbmhfYlVCZzdVZWpnNTVhVHZMLTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RX4MA0G
CSqGSIb3DQEBCwUAA4IBAQBBwzLGQElzy2Os7ow0o8Rjfgxm//93mtlHz5y2K1fr
oYieONrvyAfl9Ypwffyw7gpgCek3Z7+vboDRj+oormB4CJ3CnsQXdRNm0w2LN/8j
bBFkIe3FYaU4/1bTQ3LD6V8V4/yyEI0PWcEltvR0diFXHUstwmHuG0pecvjnC7S/
tMyR7R/qS8OImjBuOceeYCLp3EFFIIpbB74/LHo1FHfTNhI/9JQVTr2ATBtriPNa
yFLXQxn78Fse2C9vGS386VYZl4ew3p/jfL6s6yl3H/aOckQVq59nt1ursRLlTlEP
sToeZGSSUvOgRQOWjQHd0LLsYNp/vpxsrmWflFWbhqPE
-----END CERTIFICATE-----