Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/Zq2cQmDy7q3A5_xdFvl7YbbhwIc.roa
File:                     Zq2cQmDy7q3A5_xdFvl7YbbhwIc.roa (raw, json)
Hash identifier:          PgMe36er/jf5wuEzDom6ucc6sQi96pKMuPFdurESUyQ=
Subject key identifier:   66:AD:9C:42:60:F2:EE:AD:C0:E7:FC:5D:16:F9:7B:61:B6:E1:C0:87
Certificate issuer:       /CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
Certificate serial:       019B7DCAED1FF2471D3F3475AEB209C6023D
Authority key identifier: 27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/Zq2cQmDy7q3A5_xdFvl7YbbhwIc.roa
Signing time:             Fri 02 Jan 2026 08:20:09 +0000
ROA not before:           Fri 02 Jan 2026 08:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61141
IP address blocks:        217.29.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:ed:1f:f2:47:1d:3f:34:75:ae:b2:09:c6:02:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
        Validity
            Not Before: Jan  2 08:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66ad9c4260f2eeadc0e7fc5d16f97b61b6e1c087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ad:06:66:85:0d:ab:97:dd:ba:0e:de:29:c3:
                    08:8c:f9:a7:de:96:77:14:b9:0a:c5:3c:bd:52:7b:
                    91:7f:d9:8d:51:2a:54:15:ac:a8:9f:0e:88:8e:43:
                    4e:7d:c0:e7:25:b7:50:30:35:92:f4:43:b5:2d:3d:
                    32:2b:2f:e5:6f:c4:4c:0c:f7:0a:4c:77:e3:7a:86:
                    1a:9a:b4:88:6b:a5:95:0e:76:b8:b0:77:5b:0d:29:
                    99:07:06:ce:0f:2c:f4:b8:97:55:8e:35:ed:c0:f2:
                    b8:45:25:af:63:f4:1f:aa:e2:67:e9:ec:13:29:2d:
                    ef:d7:fc:dd:e8:d8:84:66:a6:9a:63:b2:00:fa:31:
                    6d:bf:0b:b1:7e:ad:2c:e7:84:78:88:da:a3:c6:4d:
                    5f:56:32:fb:3f:0b:8b:01:78:15:df:45:79:7a:c2:
                    44:d5:96:11:d1:fc:30:cd:9a:3b:3b:ad:c1:be:3d:
                    84:5e:4d:5e:8c:df:53:89:89:ec:a4:80:c7:11:2f:
                    a2:55:88:4e:2b:a9:8d:73:42:0e:9f:27:af:34:4b:
                    91:3e:c5:bc:10:5a:f4:21:ae:d6:2a:db:42:81:33:
                    35:19:c6:98:8f:d9:30:be:17:a5:29:31:6d:9f:bf:
                    8f:96:25:e3:1b:ef:4b:af:c5:ba:7d:13:44:ec:af:
                    51:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AD:9C:42:60:F2:EE:AD:C0:E7:FC:5D:16:F9:7B:61:B6:E1:C0:87
            X509v3 Authority Key Identifier:
                keyid:27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/Zq2cQmDy7q3A5_xdFvl7YbbhwIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c0:27:a0:c6:de:46:21:4e:1a:6f:86:07:a5:e8:2e:be:0a:
         28:55:0c:b6:fc:6e:94:cb:5d:35:b7:51:c1:07:37:41:e7:05:
         3b:52:f6:f8:50:89:57:c4:b5:00:5c:4b:07:09:f5:d1:d6:14:
         d1:1b:79:5d:c8:5b:2d:cb:f7:76:d1:b1:33:6b:3b:e5:0e:5a:
         16:13:96:98:48:24:76:a2:c7:8a:7a:92:a6:9e:be:a0:e9:2c:
         3c:44:4a:95:6f:44:7d:6a:46:e4:d7:d9:6e:e9:39:ee:2a:1b:
         d7:d7:77:92:db:c0:cf:ce:c9:04:c1:b5:e0:1c:99:8a:d3:7f:
         24:33:ee:9d:67:8e:a0:0f:a6:a5:d3:e7:df:99:23:49:80:00:
         a4:1b:5b:9e:41:79:8c:55:3e:ee:05:cc:07:3c:a5:b3:d8:7f:
         67:62:51:0b:ac:f8:7a:db:06:3c:51:8e:a8:84:6e:ba:8c:0e:
         1e:94:3f:e7:66:98:cd:f4:ef:70:29:68:32:6d:d9:de:72:6e:
         7f:bb:e7:24:ca:b0:37:60:7f:d9:3a:b9:2c:92:7b:d2:7b:e0:
         c1:61:fb:ef:ba:f1:d2:b1:99:d4:f6:60:66:52:08:1a:88:72:
         15:e5:74:2a:d1:7f:5d:eb:50:22:93:d5:b4:ec:e5:13:46:11:
         c9:51:91:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yu0f8kcdPzR1rrIJxgI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MjgwY2M1MzQ1MTZkMWMxZDllYTAyNGVhYWZiZDAxZmRj
NjhjOTcwHhcNMjYwMTAyMDgyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmFkOWM0MjYwZjJlZWFkYzBlN2ZjNWQxNmY5N2I2MWI2ZTFjMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0q0GZoUNq5fdug7eKcMIjPmn3pZ3
FLkKxTy9UnuRf9mNUSpUFayonw6IjkNOfcDnJbdQMDWS9EO1LT0yKy/lb8RMDPcK
THfjeoYamrSIa6WVDna4sHdbDSmZBwbODyz0uJdVjjXtwPK4RSWvY/QfquJn6ewT
KS3v1/zd6NiEZqaaY7IA+jFtvwuxfq0s54R4iNqjxk1fVjL7PwuLAXgV30V5esJE
1ZYR0fwwzZo7O63Bvj2EXk1ejN9TiYnspIDHES+iVYhOK6mNc0IOnyevNEuRPsW8
EFr0Ia7WKttCgTM1GcaYj9kwvhelKTFtn7+PliXjG+9Lr8W6fRNE7K9RTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGatnEJg8u6twOf8XRb5e2G24cCHMB8GA1UdIwQY
MBaAFCcoDMU0UW0cHZ6gJOqvvQH9xoyXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnlnTXhUUlJiUndkbnFBazZxLTlBZjNHakpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wY2M2YjUtNTQ3Ny00OTBhLWEyOTUt
MTViNzliMDI5NDNlLzEvWnEyY1FtRHk3cTNBNV94ZEZ2bDdZYmJod0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wY2M2YjUtNTQ3Ny00OTBhLWEyOTUtMTViNzliMDI5NDNl
LzEvSnlnTXhUUlJiUndkbnFBazZxLTlBZjNHakpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2R0yMA0G
CSqGSIb3DQEBCwUAA4IBAQA0wCegxt5GIU4ab4YHpeguvgooVQy2/G6Uy101t1HB
BzdB5wU7Uvb4UIlXxLUAXEsHCfXR1hTRG3ldyFsty/d20bEzazvlDloWE5aYSCR2
oseKepKmnr6g6Sw8REqVb0R9akbk19lu6TnuKhvX13eS28DPzskEwbXgHJmK038k
M+6dZ46gD6al0+ffmSNJgACkG1ueQXmMVT7uBcwHPKWz2H9nYlELrPh62wY8UY6o
hG66jA4elD/nZpjN9O9wKWgybdnecm5/u+ckyrA3YH/ZOrksknvSe+DBYfvvuvHS
sZnU9mBmUggaiHIV5XQq0X9d61Aik9W07OUTRhHJUZEp
-----END CERTIFICATE-----