Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/l2K815BrxnyKxX1Z80Pet8asKu0.roa
File:                     l2K815BrxnyKxX1Z80Pet8asKu0.roa (raw, json)
Hash identifier:          Eu+brIQ4UCkAdjGsx7xGNJPQX039Fdi67RknQ8veG7g=
Subject key identifier:   97:62:BC:D7:90:6B:C6:7C:8A:C5:7D:59:F3:43:DE:B7:C6:AC:2A:ED
Certificate issuer:       /CN=b7b67ba579f48a4207ac409abf4f01194046ea3a
Certificate serial:       019B7F8566CB0D16194430A85F667D8756F3
Authority key identifier: B7:B6:7B:A5:79:F4:8A:42:07:AC:40:9A:BF:4F:01:19:40:46:EA:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t7Z7pXn0ikIHrECav08BGUBG6jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/l2K815BrxnyKxX1Z80Pet8asKu0.roa
Signing time:             Fri 02 Jan 2026 16:23:27 +0000
ROA not before:           Fri 02 Jan 2026 16:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199332
IP address blocks:        79.171.192.0/21 maxlen: 24
                          185.19.236.0/22 maxlen: 24
                          2a02:fe00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/t7Z7pXn0ikIHrECav08BGUBG6jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/t7Z7pXn0ikIHrECav08BGUBG6jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t7Z7pXn0ikIHrECav08BGUBG6jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:66:cb:0d:16:19:44:30:a8:5f:66:7d:87:56:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7b67ba579f48a4207ac409abf4f01194046ea3a
        Validity
            Not Before: Jan  2 16:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9762bcd7906bc67c8ac57d59f343deb7c6ac2aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:09:1a:82:03:7c:ee:69:be:bd:b4:a0:96:63:
                    a6:f4:0b:64:5d:55:4a:2c:53:5f:59:12:6d:82:9c:
                    32:c0:38:bd:8d:b8:84:1c:27:02:57:9e:d8:05:9b:
                    2a:a9:18:1b:e9:be:b9:25:5f:1e:aa:12:38:a1:83:
                    ab:0a:60:24:3c:4f:e4:61:a4:72:10:55:28:bf:1c:
                    5d:4b:d9:4c:26:15:9e:52:a6:89:ff:6e:85:09:be:
                    46:53:1b:cd:14:74:9c:da:9f:3b:5d:86:1f:d1:d7:
                    c0:45:d9:4d:e0:a6:df:a7:49:26:86:e7:4a:80:e8:
                    c6:30:03:ca:a5:a3:28:45:4d:ef:c5:0b:3e:5c:28:
                    28:25:19:77:82:bb:f6:bf:85:a8:00:76:c9:3d:06:
                    62:35:71:b4:fe:ff:06:29:7c:cb:e9:74:16:0b:40:
                    d3:8f:29:04:46:51:d3:36:80:fc:8c:aa:81:83:d7:
                    03:9b:a7:c6:0b:98:43:d5:73:d3:45:3f:e6:1c:9e:
                    ae:41:15:9f:2a:0a:95:c2:95:a1:b5:08:32:ed:7d:
                    7c:9b:fd:6c:30:9c:ad:5a:96:a0:25:64:b9:e8:36:
                    5e:fd:4a:87:b3:56:76:0d:f3:d7:f7:47:51:4b:69:
                    b4:62:c3:b4:bf:41:58:05:f2:97:2a:0a:4b:34:01:
                    a3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:62:BC:D7:90:6B:C6:7C:8A:C5:7D:59:F3:43:DE:B7:C6:AC:2A:ED
            X509v3 Authority Key Identifier:
                keyid:B7:B6:7B:A5:79:F4:8A:42:07:AC:40:9A:BF:4F:01:19:40:46:EA:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t7Z7pXn0ikIHrECav08BGUBG6jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/l2K815BrxnyKxX1Z80Pet8asKu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/963d75-4cff-4b14-83df-b774320d997f/1/t7Z7pXn0ikIHrECav08BGUBG6jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.171.192.0/21
                  185.19.236.0/22
                IPv6:
                  2a02:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:e6:78:a5:55:06:62:8a:d7:5a:df:e2:74:00:06:fd:f7:38:
         ce:dd:fa:01:d1:9b:79:68:51:34:70:9c:2a:9e:57:48:19:5b:
         38:58:1d:83:13:55:16:3f:6f:69:e3:f4:70:46:9b:d0:0a:5e:
         f8:49:55:74:25:a2:98:8c:06:5a:8c:ee:d7:be:f4:60:f8:9f:
         44:aa:17:c8:0b:03:66:cf:ac:2f:84:28:84:af:a5:ef:4d:89:
         e4:4f:68:06:67:42:5d:e0:6f:1e:31:64:8a:05:31:ba:62:0a:
         e9:28:58:d7:1d:11:8e:da:13:83:b4:cf:13:47:f2:6d:c6:89:
         d0:ed:78:e2:8e:0c:c2:c7:1d:f8:91:90:0b:06:a8:ae:0c:c4:
         ea:c0:07:fe:fe:ce:91:52:ea:a3:42:d5:b5:fc:d8:71:81:59:
         ca:86:6e:9c:ca:d4:0a:92:15:1f:c0:47:d8:e6:cd:70:10:d4:
         0a:60:fc:4a:30:55:5e:a1:3a:59:9f:f0:3d:44:93:4d:d7:71:
         75:26:2e:f5:fe:68:f3:38:8a:6d:87:78:a9:b4:f0:fd:ea:b2:
         88:2c:92:64:77:7f:6e:4d:2c:0c:1c:44:70:05:5f:d3:78:50:
         ea:5d:16:3d:c9:96:41:d3:ae:97:e4:7b:70:00:75:7d:a2:71:
         bd:bd:34:f2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt/hWbLDRYZRDCoX2Z9h1bzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YjY3YmE1NzlmNDhhNDIwN2FjNDA5YWJmNGYwMTE5NDA0
NmVhM2EwHhcNMjYwMTAyMTYyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzYyYmNkNzkwNmJjNjdjOGFjNTdkNTlmMzQzZGViN2M2YWMyYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAkaggN87mm+vbSglmOm9AtkXVVK
LFNfWRJtgpwywDi9jbiEHCcCV57YBZsqqRgb6b65JV8eqhI4oYOrCmAkPE/kYaRy
EFUovxxdS9lMJhWeUqaJ/26FCb5GUxvNFHSc2p87XYYf0dfARdlN4Kbfp0kmhudK
gOjGMAPKpaMoRU3vxQs+XCgoJRl3grv2v4WoAHbJPQZiNXG0/v8GKXzL6XQWC0DT
jykERlHTNoD8jKqBg9cDm6fGC5hD1XPTRT/mHJ6uQRWfKgqVwpWhtQgy7X18m/1s
MJytWpagJWS56DZe/UqHs1Z2DfPX90dRS2m0YsO0v0FYBfKXKgpLNAGjcwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJdivNeQa8Z8isV9WfND3rfGrCrtMB8GA1UdIwQY
MBaAFLe2e6V59IpCB6xAmr9PARlARuo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDdaN3BYbjBpa0lIckVDYXYwOEJHVUJHNmpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85NjNkNzUtNGNmZi00YjE0LTgzZGYt
Yjc3NDMyMGQ5OTdmLzEvbDJLODE1QnJ4bnlLeFgxWjgwUGV0OGFzS3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85NjNkNzUtNGNmZi00YjE0LTgzZGYtYjc3NDMyMGQ5OTdm
LzEvdDdaN3BYbjBpa0lIckVDYXYwOEJHVUJHNmpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT6vAAwQC
uRPsMA0EAgACMAcDBQMqAv4AMA0GCSqGSIb3DQEBCwUAA4IBAQBd5nilVQZiitda
3+J0AAb99zjO3foB0Zt5aFE0cJwqnldIGVs4WB2DE1UWP29p4/RwRpvQCl74SVV0
JaKYjAZajO7XvvRg+J9EqhfICwNmz6wvhCiEr6XvTYnkT2gGZ0Jd4G8eMWSKBTG6
YgrpKFjXHRGO2hODtM8TR/JtxonQ7XjijgzCxx34kZALBqiuDMTqwAf+/s6RUuqj
QtW1/NhxgVnKhm6cytQKkhUfwEfY5s1wENQKYPxKMFVeoTpZn/A9RJNN13F1Ji71
/mjzOIpth3iptPD96rKILJJkd39uTSwMHERwBV/TeFDqXRY9yZZB066X5HtwAHV9
onG9vTTy
-----END CERTIFICATE-----