Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/0zs7NQUOgvbtWN2nKTUbSzyzilU.roa
File:                     0zs7NQUOgvbtWN2nKTUbSzyzilU.roa (raw, json)
Hash identifier:          TSAdxSN2x/VYV3tNHxAeqz1bnqVCkQ9ZV2Px5cS15lY=
Subject key identifier:   D3:3B:3B:35:05:0E:82:F6:ED:58:DD:A7:29:35:1B:4B:3C:B3:8A:55
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019C33B6063EC9AC44C1627572D6725330AB
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/0zs7NQUOgvbtWN2nKTUbSzyzilU.roa
Signing time:             Fri 06 Feb 2026 16:08:13 +0000
ROA not before:           Fri 06 Feb 2026 16:08:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201613
IP address blocks:        185.32.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:33:b6:06:3e:c9:ac:44:c1:62:75:72:d6:72:53:30:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Feb  6 16:08:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d33b3b35050e82f6ed58dda729351b4b3cb38a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:29:9f:72:71:d2:b9:50:b7:3a:78:e9:38:14:
                    83:d8:df:0c:41:69:0d:5b:8f:75:1f:4c:48:f1:a2:
                    f6:04:9a:4d:d5:d2:da:cc:a5:d2:69:25:c1:11:d0:
                    cf:04:f9:5d:de:2e:ce:7c:ae:d6:b8:c0:cc:e5:c0:
                    09:8d:c5:2f:86:ba:2e:55:77:14:7f:7b:ec:d6:e5:
                    da:39:44:ce:5a:17:2b:e9:d0:4b:95:ef:8a:7f:a8:
                    15:68:36:66:71:b6:09:48:5a:46:46:02:ce:0a:28:
                    b7:cd:ff:0a:03:6e:4c:a3:f7:3c:1f:a3:88:2c:9c:
                    82:b8:e8:df:d2:84:2c:48:b1:8a:61:85:3b:31:aa:
                    bf:85:46:07:f9:dc:3e:a2:56:74:c1:92:0b:be:39:
                    74:d7:9f:55:a4:80:15:82:4e:31:ec:99:76:a8:8d:
                    30:44:77:ff:cf:5f:8f:b7:20:96:c3:8a:96:1a:31:
                    32:d6:61:f3:27:56:4c:66:f7:83:16:80:c6:a3:bd:
                    23:e9:d3:86:4d:8c:67:34:d6:0b:e4:89:7e:da:26:
                    05:23:bc:f3:9d:08:b5:0a:54:ae:25:33:48:a4:d8:
                    17:bd:66:93:92:fc:80:8f:7f:05:40:72:f6:d1:bf:
                    32:14:8f:19:7e:77:86:10:60:5f:35:92:80:39:cd:
                    4f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:3B:3B:35:05:0E:82:F6:ED:58:DD:A7:29:35:1B:4B:3C:B3:8A:55
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/0zs7NQUOgvbtWN2nKTUbSzyzilU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:33:0b:e1:45:2e:0d:ea:fd:43:44:37:a8:09:ec:c0:2d:30:
         aa:d8:f9:12:62:13:8a:52:d2:8a:81:37:1b:cd:32:8c:af:84:
         48:8e:df:c8:6b:12:13:5e:20:51:23:2a:9c:8c:8f:ef:c7:dc:
         0f:a6:9c:73:b2:b7:8e:5b:2a:83:be:ac:7f:0c:43:b5:f4:31:
         b1:3e:e6:1b:1d:68:86:4d:be:b8:9f:f7:ea:43:ac:45:7a:25:
         66:ca:52:29:8c:6f:a1:f0:46:1f:c6:00:4a:9a:96:4e:cc:52:
         33:7d:80:ad:c1:71:50:89:0c:17:79:fb:57:6e:c6:ec:52:f1:
         27:05:9c:f1:e5:16:f9:30:fa:fb:6f:25:5c:c3:7d:c9:3d:8f:
         34:64:f1:1a:50:ca:f7:78:84:93:de:a2:ab:c4:3f:27:9e:ce:
         77:35:a3:8f:31:f2:54:1c:1e:f0:6e:81:f5:7d:27:83:8d:2c:
         e6:a7:9a:61:06:09:ff:a3:fc:fd:dc:e3:e0:88:8f:39:dd:46:
         50:25:85:a0:6a:df:0b:d7:c0:ba:8e:ec:da:da:8e:59:9f:96:
         ee:a3:3d:ff:c4:fd:11:fa:5d:a7:93:be:ab:7f:43:5e:f5:35:
         8c:13:fb:a9:85:0c:a6:0d:6c:f9:f6:b1:43:21:2e:2c:8f:71:
         8e:87:6d:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwztgY+yaxEwWJ1ctZyUzCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwMjA2MTYwODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNiM2IzNTA1MGU4MmY2ZWQ1OGRkYTcyOTM1MWI0YjNjYjM4YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqymfcnHSuVC3OnjpOBSD2N8MQWkN
W491H0xI8aL2BJpN1dLazKXSaSXBEdDPBPld3i7OfK7WuMDM5cAJjcUvhrouVXcU
f3vs1uXaOUTOWhcr6dBLle+Kf6gVaDZmcbYJSFpGRgLOCii3zf8KA25Mo/c8H6OI
LJyCuOjf0oQsSLGKYYU7Maq/hUYH+dw+olZ0wZILvjl0159VpIAVgk4x7Jl2qI0w
RHf/z1+PtyCWw4qWGjEy1mHzJ1ZMZveDFoDGo70j6dOGTYxnNNYL5Il+2iYFI7zz
nQi1ClSuJTNIpNgXvWaTkvyAj38FQHL20b8yFI8ZfneGEGBfNZKAOc1PmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNM7OzUFDoL27Vjdpyk1G0s8s4pVMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvMHpzN05RVU9ndmJ0V04ybktUVWJTenl6aWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSC1MA0G
CSqGSIb3DQEBCwUAA4IBAQAYMwvhRS4N6v1DRDeoCezALTCq2PkSYhOKUtKKgTcb
zTKMr4RIjt/IaxITXiBRIyqcjI/vx9wPppxzsreOWyqDvqx/DEO19DGxPuYbHWiG
Tb64n/fqQ6xFeiVmylIpjG+h8EYfxgBKmpZOzFIzfYCtwXFQiQwXeftXbsbsUvEn
BZzx5Rb5MPr7byVcw33JPY80ZPEaUMr3eIST3qKrxD8nns53NaOPMfJUHB7wboH1
fSeDjSzmp5phBgn/o/z93OPgiI853UZQJYWgat8L18C6juza2o5Zn5buoz3/xP0R
+l2nk76rf0Ne9TWME/uphQymDWz59rFDIS4sj3GOh21t
-----END CERTIFICATE-----