Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/zTKP_H1kq1flEqrOVWNxuLx5bG8.roa
File:                     zTKP_H1kq1flEqrOVWNxuLx5bG8.roa (raw, json)
Hash identifier:          YigeoU9GxtsiPWg0wftY/5Pbx5zkTVS9wuSdHmM2YgY=
Subject key identifier:   CD:32:8F:FC:7D:64:AB:57:E5:12:AA:CE:55:63:71:B8:BC:79:6C:6F
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D8742E147DE2EDE4B609033D8F7701A46
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/zTKP_H1kq1flEqrOVWNxuLx5bG8.roa
Signing time:             Mon 13 Apr 2026 14:33:20 +0000
ROA not before:           Mon 13 Apr 2026 14:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        87.232.127.0/24 maxlen: 24
                          109.122.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 00:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:42:e1:47:de:2e:de:4b:60:90:33:d8:f7:70:1a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 13 14:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd328ffc7d64ab57e512aace556371b8bc796c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b1:2f:19:e4:0e:c8:53:2e:bb:76:30:a3:a7:
                    89:7a:3e:b7:e3:91:54:36:f6:55:d7:e7:b4:d9:90:
                    b9:64:05:e5:5d:8a:7e:c3:a6:51:7d:bb:fd:dd:6d:
                    a1:3e:b4:6a:18:dd:a0:48:57:b7:1a:f6:db:7a:3c:
                    e6:71:a9:f9:cf:c1:67:77:7b:b2:ad:31:39:34:e5:
                    eb:00:f5:bc:c2:11:ac:68:47:4a:1d:77:76:32:7f:
                    ac:97:e7:cc:4f:d8:41:69:75:b0:94:ac:e9:99:e1:
                    2b:07:eb:20:90:74:cd:6a:54:42:2d:7a:09:44:60:
                    ab:9b:db:6c:7b:83:bd:03:1a:88:f2:a3:b1:a9:29:
                    66:c1:82:ad:fb:ee:ce:b2:65:a1:bc:c2:69:3e:2e:
                    db:74:f1:ce:44:63:33:9b:9c:ff:4d:d2:6f:f7:2d:
                    88:2b:83:8a:4b:71:51:a0:39:56:af:6f:3f:aa:57:
                    04:dd:64:8d:5e:db:16:5c:55:75:99:ca:2b:d7:0c:
                    bc:11:d3:03:ff:c9:d8:6f:80:d5:f9:a9:d8:9b:c2:
                    39:41:e2:2f:6e:48:e0:42:4a:7e:c7:07:20:ee:01:
                    5c:c5:00:34:ed:28:c0:67:34:c9:a2:5f:72:d6:53:
                    80:87:f5:21:60:ce:33:bc:0e:be:8d:06:c8:3f:45:
                    f7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:32:8F:FC:7D:64:AB:57:E5:12:AA:CE:55:63:71:B8:BC:79:6C:6F
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/zTKP_H1kq1flEqrOVWNxuLx5bG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.127.0/24
                  109.122.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:98:39:48:89:57:0f:da:9a:ba:4e:82:6a:e6:ae:e5:cd:33:
         b1:b8:4c:e3:a4:e8:d1:c0:54:b8:d4:a0:b4:2a:48:a2:f2:34:
         95:6d:a5:2b:91:dd:2f:95:46:f2:c2:fd:55:a6:fd:6b:d2:21:
         76:f7:50:30:69:c3:a1:03:8d:45:a3:56:a2:92:a9:56:9f:f6:
         ce:e7:e9:61:77:b1:a1:fb:a7:59:66:40:9b:5b:50:56:bb:5a:
         6b:b6:dd:d0:0d:55:bb:c8:24:c5:41:4d:29:33:b2:9b:a9:be:
         a4:88:92:93:64:5a:9f:27:19:61:6f:24:3a:10:d6:d7:6e:17:
         0b:e2:d4:7b:62:e8:b6:98:96:c2:15:49:ac:6e:06:9e:7e:48:
         75:da:59:b6:41:cb:b1:d3:ab:04:de:9f:f7:9e:72:89:0c:d9:
         38:65:e9:cd:b8:ab:cb:35:54:88:81:b1:43:72:db:cb:e2:82:
         24:a6:c2:d6:15:89:f9:49:34:1f:36:76:99:a3:bb:79:52:80:
         70:da:1a:2a:98:b0:7e:e0:d4:27:3b:dd:98:68:fb:8d:d5:47:
         a0:72:ca:b1:2a:cd:db:e0:c5:42:ea:dc:40:b5:20:4a:0a:b5:
         8d:65:cd:1a:85:b4:a8:ca:6d:0d:6b:13:73:00:1d:49:f2:7e:
         04:cc:06:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2HQuFH3i7eS2CQM9j3cBpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDEzMTQzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDMyOGZmYzdkNjRhYjU3ZTUxMmFhY2U1NTYzNzFiOGJjNzk2YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrEvGeQOyFMuu3Ywo6eJej6345FU
NvZV1+e02ZC5ZAXlXYp+w6ZRfbv93W2hPrRqGN2gSFe3Gvbbejzmcan5z8Fnd3uy
rTE5NOXrAPW8whGsaEdKHXd2Mn+sl+fMT9hBaXWwlKzpmeErB+sgkHTNalRCLXoJ
RGCrm9tse4O9AxqI8qOxqSlmwYKt++7OsmWhvMJpPi7bdPHORGMzm5z/TdJv9y2I
K4OKS3FRoDlWr28/qlcE3WSNXtsWXFV1mcor1wy8EdMD/8nYb4DV+anYm8I5QeIv
bkjgQkp+xwcg7gFcxQA07SjAZzTJol9y1lOAh/UhYM4zvA6+jQbIP0X3ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM0yj/x9ZKtX5RKqzlVjcbi8eWxvMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvelRLUF9IMWtxMWZsRXFyT1ZXTnh1THg1Ykc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+h/AwQA
bXoVMA0GCSqGSIb3DQEBCwUAA4IBAQBbmDlIiVcP2pq6ToJq5q7lzTOxuEzjpOjR
wFS41KC0Kkii8jSVbaUrkd0vlUbywv1Vpv1r0iF291AwacOhA41Fo1aikqlWn/bO
5+lhd7Gh+6dZZkCbW1BWu1prtt3QDVW7yCTFQU0pM7Kbqb6kiJKTZFqfJxlhbyQ6
ENbXbhcL4tR7Yui2mJbCFUmsbgaefkh12lm2Qcux06sE3p/3nnKJDNk4ZenNuKvL
NVSIgbFDctvL4oIkpsLWFYn5STQfNnaZo7t5UoBw2hoqmLB+4NQnO92YaPuN1Ueg
csqxKs3b4MVC6txAtSBKCrWNZc0ahbSoym0NaxNzAB1J8n4EzAbN
-----END CERTIFICATE-----