Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/AizXQSdxvaqxQjOKoTC1CSAJ_Zk.roa
File:                     AizXQSdxvaqxQjOKoTC1CSAJ_Zk.roa (raw, json)
Hash identifier:          nbKXwwuiIv4Dg7VMoaWkMfOAUJCeKpt5ADfg17OcqkY=
Subject key identifier:   02:2C:D7:41:27:71:BD:AA:B1:42:33:8A:A1:30:B5:09:20:09:FD:99
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E87214E03DD82CB20D6C36FF6B500FEB7
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/AizXQSdxvaqxQjOKoTC1CSAJ_Zk.roa
Signing time:             Tue 02 Jun 2026 06:59:27 +0000
ROA not before:           Tue 02 Jun 2026 06:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        79.172.216.0/24 maxlen: 24
                          87.229.40.0/24 maxlen: 24
                          87.229.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:21:4e:03:dd:82:cb:20:d6:c3:6f:f6:b5:00:fe:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  2 06:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=022cd7412771bdaab142338aa130b5092009fd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bf:db:29:24:cb:95:b7:ab:5a:47:5e:bb:5f:
                    e1:b2:05:ac:f3:37:c2:27:c2:aa:ef:a5:0c:aa:bf:
                    8b:2f:95:34:0e:74:9c:f5:74:ae:0a:cc:55:a1:ec:
                    43:e0:f1:85:43:eb:59:62:10:d4:db:a8:fd:9b:bf:
                    b5:d4:de:5c:6e:a5:4e:00:76:57:a1:69:9b:9f:5d:
                    c3:bb:4c:69:4c:1c:a6:5f:bc:21:ea:70:b4:3b:7e:
                    e9:1d:af:4d:62:75:c7:0f:fc:77:59:28:65:d6:5a:
                    95:0f:29:e4:c7:f1:de:1f:1d:12:49:7f:6c:53:69:
                    97:fa:17:95:36:51:64:85:de:ad:43:51:cf:1c:94:
                    85:9b:aa:b2:03:66:67:cc:d1:99:f7:90:79:2a:45:
                    31:5e:48:d0:64:68:ed:7c:a6:80:e5:4e:bd:9c:dc:
                    43:3e:c5:25:26:7f:67:08:60:09:62:de:5d:17:4b:
                    cc:1b:d0:7d:1b:d1:2c:e2:b9:b8:ee:15:64:bc:cb:
                    41:6d:82:ca:6b:3b:a6:4c:46:79:d2:8b:45:39:5c:
                    95:29:6d:da:d1:c0:f4:e6:d0:b8:63:0c:d5:a2:fa:
                    2b:eb:50:f0:29:fb:22:13:11:46:39:7c:49:1e:ed:
                    f3:b2:d6:6f:13:19:09:b8:bf:2b:54:e9:2d:49:4a:
                    04:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:2C:D7:41:27:71:BD:AA:B1:42:33:8A:A1:30:B5:09:20:09:FD:99
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/AizXQSdxvaqxQjOKoTC1CSAJ_Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.216.0/24
                  87.229.40.0/24
                  87.229.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c7:ad:c7:78:32:18:92:be:70:bb:e4:06:17:3c:5f:26:1d:
         ad:41:f8:ac:88:3c:5d:71:b7:bf:af:6b:cd:cb:ee:3f:34:b8:
         03:72:fa:74:4a:89:f6:a9:56:f5:7b:5f:68:34:c1:fa:37:40:
         4a:1b:b1:54:71:bf:8d:2f:89:11:ee:c7:68:63:62:97:b1:db:
         93:d2:ba:de:88:2c:f3:ad:8d:20:fc:e4:eb:91:d6:2f:ae:f5:
         6c:60:6f:bd:80:18:08:c9:10:44:18:70:47:22:b2:23:75:b9:
         18:87:70:b2:67:0e:ef:b6:d7:d5:73:0e:0e:12:80:55:dd:d0:
         f4:37:14:77:ac:d7:fe:88:69:fc:60:01:96:e7:71:5e:34:b6:
         6d:ba:a9:eb:81:c5:57:1e:52:b9:b5:4d:1c:3f:c6:e8:ae:d6:
         9f:6b:31:b9:65:95:9a:63:8f:7a:28:0a:7c:df:2a:b8:5e:13:
         ac:54:3a:f2:a5:d4:34:89:69:c4:4b:d4:89:f1:0a:61:42:cf:
         05:48:02:cc:d5:de:71:eb:1c:c5:8b:c6:53:0a:87:fa:b0:bd:
         56:1a:dd:a4:b4:b3:a2:2e:3b:74:08:f2:fa:34:67:c0:85:3d:
         52:eb:c5:d4:52:b0:57:7c:9d:f1:e4:76:db:7c:12:af:a9:a6:
         a9:04:67:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6HIU4D3YLLINbDb/a1AP63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNjAyMDY1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjJjZDc0MTI3NzFiZGFhYjE0MjMzOGFhMTMwYjUwOTIwMDlmZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL/bKSTLlberWkdeu1/hsgWs8zfC
J8Kq76UMqr+LL5U0DnSc9XSuCsxVoexD4PGFQ+tZYhDU26j9m7+11N5cbqVOAHZX
oWmbn13Du0xpTBymX7wh6nC0O37pHa9NYnXHD/x3WShl1lqVDynkx/HeHx0SSX9s
U2mX+heVNlFkhd6tQ1HPHJSFm6qyA2ZnzNGZ95B5KkUxXkjQZGjtfKaA5U69nNxD
PsUlJn9nCGAJYt5dF0vMG9B9G9Es4rm47hVkvMtBbYLKazumTEZ50otFOVyVKW3a
0cD05tC4YwzVovor61DwKfsiExFGOXxJHu3zstZvExkJuL8rVOktSUoEQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAIs10Encb2qsUIziqEwtQkgCf2ZMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvQWl6WFFTZHh2YXF4UWpPS29UQzFDU0FKX1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT6zYAwQA
V+UoAwQAV+UzMA0GCSqGSIb3DQEBCwUAA4IBAQBdx63HeDIYkr5wu+QGFzxfJh2t
QfisiDxdcbe/r2vNy+4/NLgDcvp0Son2qVb1e19oNMH6N0BKG7FUcb+NL4kR7sdo
Y2KXsduT0rreiCzzrY0g/OTrkdYvrvVsYG+9gBgIyRBEGHBHIrIjdbkYh3CyZw7v
ttfVcw4OEoBV3dD0NxR3rNf+iGn8YAGW53FeNLZtuqnrgcVXHlK5tU0cP8bortaf
azG5ZZWaY496KAp83yq4XhOsVDrypdQ0iWnES9SJ8QphQs8FSALM1d5x6xzFi8ZT
Cof6sL1WGt2ktLOiLjt0CPL6NGfAhT1S68XUUrBXfJ3x5HbbfBKvqaapBGcI
-----END CERTIFICATE-----