Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/nzoi5ELiYPVdX7dWLl29YPKr2do.roa
File:                     nzoi5ELiYPVdX7dWLl29YPKr2do.roa (raw, json)
Hash identifier:          XfKq9GRe31U7Cpf1qPZaJGW35vcUBv+Am8ozI+u8QQ4=
Subject key identifier:   9F:3A:22:E4:42:E2:60:F5:5D:5F:B7:56:2E:5D:BD:60:F2:AB:D9:DA
Certificate issuer:       /CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
Certificate serial:       019DB3C2E22B56826B37DA89EDCDCD9DF999
Authority key identifier: 2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/nzoi5ELiYPVdX7dWLl29YPKr2do.roa
Signing time:             Wed 22 Apr 2026 05:56:26 +0000
ROA not before:           Wed 22 Apr 2026 05:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        193.24.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:c2:e2:2b:56:82:6b:37:da:89:ed:cd:cd:9d:f9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
        Validity
            Not Before: Apr 22 05:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f3a22e442e260f55d5fb7562e5dbd60f2abd9da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2d:4b:64:3a:b8:66:1c:6c:96:6b:ac:8d:ee:
                    38:b2:0e:f3:06:b2:bb:da:01:55:97:b8:37:c2:1c:
                    1e:73:1b:c6:7b:52:de:dc:15:5c:51:79:42:43:45:
                    77:a8:2e:b7:bb:af:4c:7f:0f:44:e3:59:0e:df:69:
                    40:89:6e:c3:34:0e:a7:13:de:dc:79:31:3c:f0:20:
                    09:d9:7d:d9:a7:c6:40:e7:a8:7e:32:23:30:32:4e:
                    97:bf:37:3c:38:a5:dc:3f:9a:76:17:bb:3d:2c:f1:
                    b9:a3:43:09:59:c1:d9:3c:17:4c:63:7e:46:5a:59:
                    5b:51:77:83:ee:fa:df:e0:75:8c:cf:4f:ce:59:ca:
                    c9:c3:b5:cc:0c:9d:2b:f7:46:67:ce:a0:f0:4f:ad:
                    67:f4:42:83:9e:3e:21:5c:21:75:e6:0e:d7:78:32:
                    23:17:a2:50:71:d3:3c:89:49:25:f6:ff:ab:c8:7a:
                    6f:06:bd:32:7e:88:f6:08:fb:47:75:7e:ca:90:2f:
                    0e:f0:88:63:6a:08:4d:e3:d1:61:d5:60:34:6a:c7:
                    ec:54:09:b2:a2:ee:59:a2:18:b1:cf:b0:a1:b7:1d:
                    cf:59:07:43:b1:8f:11:a0:68:9a:3d:85:8f:bf:77:
                    9f:5d:c7:59:b6:26:4f:74:77:e4:73:18:5b:4e:73:
                    fa:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3A:22:E4:42:E2:60:F5:5D:5F:B7:56:2E:5D:BD:60:F2:AB:D9:DA
            X509v3 Authority Key Identifier:
                keyid:2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/nzoi5ELiYPVdX7dWLl29YPKr2do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:3a:9b:43:9e:50:63:5d:e8:76:b8:04:3f:4d:d1:1d:ee:f8:
         30:08:07:58:30:75:4f:a2:03:26:04:6d:ec:19:66:22:ec:70:
         63:8f:0b:4e:df:c5:a7:f1:05:26:af:0c:b3:1e:01:e7:3a:bb:
         be:96:98:a1:d7:4c:7c:a1:f7:e1:e5:29:70:73:64:6f:b4:9f:
         09:83:f0:e4:58:37:29:46:dd:d6:f0:4f:7c:47:98:5b:33:f7:
         97:d9:10:75:65:61:bb:5e:b9:33:4a:a1:cf:eb:4e:f5:9e:40:
         4d:98:dc:63:6f:73:59:fd:29:08:ec:8c:92:96:35:12:64:0e:
         94:de:67:53:6f:0a:80:c8:d5:45:34:3b:77:e4:b0:b9:c9:e6:
         40:ef:05:dc:c9:43:f2:95:72:7a:0a:58:f7:42:c5:3b:ae:e6:
         87:d7:8f:c6:fc:f9:06:4a:e6:ab:d7:f2:9b:2a:35:91:27:07:
         ce:7d:f7:a4:10:3c:39:79:e1:ef:54:86:2a:03:b0:a9:a0:4b:
         14:85:3e:0f:6a:3d:c5:a8:89:8b:b6:3a:99:ec:40:dc:61:22:
         8a:60:da:6f:3f:02:27:e5:4c:8d:64:89:03:67:59:09:3d:75:
         9a:f0:05:a9:b6:0e:7a:55:25:4d:da:d2:34:01:ca:85:a7:b2:
         72:7a:c5:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2zwuIrVoJrN9qJ7c3NnfmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYjgyODBjNmNiN2RiM2UwNzM5NTBkNTM1ZDZkOGM3MDVk
OTBiODcwHhcNMjYwNDIyMDU1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjNhMjJlNDQyZTI2MGY1NWQ1ZmI3NTYyZTVkYmQ2MGYyYWJkOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS1LZDq4Zhxslmusje44sg7zBrK7
2gFVl7g3whwecxvGe1Le3BVcUXlCQ0V3qC63u69Mfw9E41kO32lAiW7DNA6nE97c
eTE88CAJ2X3Zp8ZA56h+MiMwMk6Xvzc8OKXcP5p2F7s9LPG5o0MJWcHZPBdMY35G
WllbUXeD7vrf4HWMz0/OWcrJw7XMDJ0r90ZnzqDwT61n9EKDnj4hXCF15g7XeDIj
F6JQcdM8iUkl9v+ryHpvBr0yfoj2CPtHdX7KkC8O8IhjaghN49Fh1WA0asfsVAmy
ou5Zohixz7Chtx3PWQdDsY8RoGiaPYWPv3efXcdZtiZPdHfkcxhbTnP6TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ86IuRC4mD1XV+3Vi5dvWDyq9naMB8GA1UdIwQY
MBaAFC+4KAxst9s+BzlQ1TXW2McF2QuHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQt
OWZkYjVjNTVhZTUwLzEvbnpvaTVFTGlZUFZkWDdkV0xsMjlZUEtyMmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQtOWZkYjVjNTVhZTUw
LzEvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh5MA0G
CSqGSIb3DQEBCwUAA4IBAQBGOptDnlBjXeh2uAQ/TdEd7vgwCAdYMHVPogMmBG3s
GWYi7HBjjwtO38Wn8QUmrwyzHgHnOru+lpih10x8offh5Slwc2RvtJ8Jg/DkWDcp
Rt3W8E98R5hbM/eX2RB1ZWG7XrkzSqHP6071nkBNmNxjb3NZ/SkI7IySljUSZA6U
3mdTbwqAyNVFNDt35LC5yeZA7wXcyUPylXJ6Clj3QsU7ruaH14/G/PkGSuar1/Kb
KjWRJwfOffekEDw5eeHvVIYqA7CpoEsUhT4Paj3FqImLtjqZ7EDcYSKKYNpvPwIn
5UyNZIkDZ1kJPXWa8AWptg56VSVN2tI0AcqFp7JyesXL
-----END CERTIFICATE-----