Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/kooznEFtE-zTH2TwQlgn-RqYrzI.roa
File:                     kooznEFtE-zTH2TwQlgn-RqYrzI.roa (raw, json)
Hash identifier:          q10Tavh7vxxWZ70EOrc8P2vM6YcPD1jvPS/9n+cDLO4=
Subject key identifier:   92:8A:33:9C:41:6D:13:EC:D3:1F:64:F0:42:58:27:F9:1A:98:AF:32
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019C2D08180207FEF5E587DD24F6FF1DE2A2
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/kooznEFtE-zTH2TwQlgn-RqYrzI.roa
Signing time:             Thu 05 Feb 2026 09:00:31 +0000
ROA not before:           Thu 05 Feb 2026 09:00:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51219
IP address blocks:        193.233.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:08:18:02:07:fe:f5:e5:87:dd:24:f6:ff:1d:e2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb  5 09:00:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=928a339c416d13ecd31f64f0425827f91a98af32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:40:89:52:14:21:af:ce:16:42:36:32:d4:bd:
                    61:54:c8:54:84:3b:7a:3a:8f:5b:88:cf:72:7d:90:
                    6b:67:98:a3:6c:b2:65:93:51:92:ee:b6:d9:af:fc:
                    5e:b2:71:44:c1:f3:91:63:39:b9:e4:52:ad:7b:1a:
                    c7:37:ec:dd:5e:5c:89:58:5e:fa:75:5e:a4:a5:3b:
                    92:81:c6:0c:5e:1c:fd:e9:0e:5c:a1:92:ab:c7:7b:
                    ab:de:f9:bc:ef:67:d4:68:c4:07:18:23:46:72:bc:
                    c7:4c:45:09:76:e9:9f:75:24:59:31:f9:16:09:7d:
                    ec:21:26:fb:82:69:eb:4b:1c:08:3c:72:cc:4e:e4:
                    dd:38:bb:1b:ad:d9:19:91:ce:74:6c:9a:18:f6:6e:
                    13:bc:a4:00:15:10:d6:67:bd:4c:e4:2f:5e:b8:41:
                    4c:20:a6:3a:96:7a:95:d0:87:6e:ab:ae:ef:5e:25:
                    5a:70:2a:83:be:2f:68:a6:69:81:38:30:a4:47:45:
                    37:12:5d:e0:d6:27:1e:81:62:70:31:70:9d:e6:f7:
                    ee:fc:7b:e5:10:91:b7:89:f9:db:3e:8b:64:23:aa:
                    15:c7:89:08:ea:51:73:3d:7a:bc:66:26:d2:39:74:
                    63:93:fa:be:28:6d:fa:c9:18:86:e9:84:2d:cb:e6:
                    d3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8A:33:9C:41:6D:13:EC:D3:1F:64:F0:42:58:27:F9:1A:98:AF:32
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/kooznEFtE-zTH2TwQlgn-RqYrzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:bf:23:a0:82:b4:19:86:82:36:41:27:f4:b3:98:63:6e:b3:
         e2:b7:d2:a9:2f:45:e6:a2:13:9f:4b:b6:96:78:4d:d9:20:96:
         46:bf:80:1c:48:19:4a:1d:18:90:52:ff:c5:1d:4c:78:ee:80:
         40:67:48:14:04:dc:af:2b:e3:64:97:b7:67:0f:71:5f:5e:b7:
         8d:bf:72:55:8a:7a:f9:4e:db:0a:f5:ad:15:2d:0f:d2:8c:95:
         bf:d6:26:52:56:05:5e:78:a0:64:f2:e4:6a:2e:a7:b6:09:35:
         20:93:f8:46:78:05:64:10:d9:be:ac:e6:ab:bc:86:ce:12:43:
         78:48:29:6b:5f:55:dc:eb:91:9f:1e:0f:66:08:f3:27:38:ad:
         df:01:e0:e1:8f:3e:d3:d4:87:4c:1a:63:65:5e:f0:8d:4f:fb:
         32:0a:44:f3:7b:6f:00:63:45:f7:44:b2:45:1c:b2:98:43:18:
         de:b6:36:1b:f5:6e:e9:f4:23:2d:7d:e0:45:09:c0:e5:da:30:
         08:74:18:3f:fb:54:9d:12:a0:3d:48:47:6e:e1:1f:5a:1d:bb:
         c5:6f:c4:6f:ea:e2:59:a7:bb:19:cc:68:81:9c:2f:71:8d:ce:
         7d:d6:3f:2d:86:c3:a2:2b:11:2a:36:08:dd:a4:33:0d:04:ac:
         4d:10:c6:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwtCBgCB/715YfdJPb/HeKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMjA1MDkwMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhhMzM5YzQxNmQxM2VjZDMxZjY0ZjA0MjU4MjdmOTFhOThhZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskCJUhQhr84WQjYy1L1hVMhUhDt6
Oo9biM9yfZBrZ5ijbLJlk1GS7rbZr/xesnFEwfORYzm55FKtexrHN+zdXlyJWF76
dV6kpTuSgcYMXhz96Q5coZKrx3ur3vm872fUaMQHGCNGcrzHTEUJdumfdSRZMfkW
CX3sISb7gmnrSxwIPHLMTuTdOLsbrdkZkc50bJoY9m4TvKQAFRDWZ71M5C9euEFM
IKY6lnqV0Iduq67vXiVacCqDvi9opmmBODCkR0U3El3g1icegWJwMXCd5vfu/Hvl
EJG3ifnbPotkI6oVx4kI6lFzPXq8ZibSOXRjk/q+KG36yRiG6YQty+bTCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKKM5xBbRPs0x9k8EJYJ/kamK8yMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEva29vem5FRnRFLXpUSDJUd1FsZ24tUnFZcnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweloMA0G
CSqGSIb3DQEBCwUAA4IBAQBmvyOggrQZhoI2QSf0s5hjbrPit9KpL0XmohOfS7aW
eE3ZIJZGv4AcSBlKHRiQUv/FHUx47oBAZ0gUBNyvK+Nkl7dnD3FfXreNv3JVinr5
TtsK9a0VLQ/SjJW/1iZSVgVeeKBk8uRqLqe2CTUgk/hGeAVkENm+rOarvIbOEkN4
SClrX1Xc65GfHg9mCPMnOK3fAeDhjz7T1IdMGmNlXvCNT/syCkTze28AY0X3RLJF
HLKYQxjetjYb9W7p9CMtfeBFCcDl2jAIdBg/+1SdEqA9SEdu4R9aHbvFb8Rv6uJZ
p7sZzGiBnC9xjc591j8thsOiKxEqNgjdpDMNBKxNEMYB
-----END CERTIFICATE-----