Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/zf2EQU3RjO-ZvoZBFxLB4pE_FUY.roa
File:                     zf2EQU3RjO-ZvoZBFxLB4pE_FUY.roa (raw, json)
Hash identifier:          mmpO3Wt5pzDjpOyAcCRplPOfFIH7i1B2O4HukchziVM=
Subject key identifier:   CD:FD:84:41:4D:D1:8C:EF:99:BE:86:41:17:12:C1:E2:91:3F:15:46
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019C9F6DEC0088CFFE49866604559B120F33
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/zf2EQU3RjO-ZvoZBFxLB4pE_FUY.roa
Signing time:             Fri 27 Feb 2026 14:08:27 +0000
ROA not before:           Fri 27 Feb 2026 14:08:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        87.229.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:6d:ec:00:88:cf:fe:49:86:66:04:55:9b:12:0f:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb 27 14:08:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdfd84414dd18cef99be86411712c1e2913f1546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e3:a5:53:1f:2c:19:27:e2:fb:cd:6a:ff:b0:
                    66:33:5b:6e:47:18:7e:ea:95:7f:86:04:4a:78:c6:
                    fc:2e:5d:6e:72:8d:53:ff:8c:17:2a:c0:99:de:b8:
                    88:9e:cd:1c:71:2f:33:ea:1a:84:e0:27:91:d1:27:
                    2c:99:95:0d:c0:65:7f:b0:d1:31:4b:72:96:82:d7:
                    46:d8:44:c0:a8:e9:d8:fa:15:8b:b2:bc:a0:2d:06:
                    a0:a2:ae:02:2a:a6:b2:dc:63:79:e6:d4:11:c6:15:
                    60:e0:53:c9:46:5f:86:7f:12:a5:00:7a:7e:c1:2d:
                    0a:df:92:84:3e:f2:a4:7e:77:58:d8:7a:27:71:b5:
                    ec:fc:7c:34:28:15:c2:14:8b:9e:c3:6e:fc:80:5f:
                    5f:0c:cb:41:b1:e4:31:66:8c:de:2f:0f:17:7c:2a:
                    9d:4e:63:b2:00:4c:95:2f:cc:da:3c:38:28:da:d6:
                    b6:d7:71:b7:15:7a:32:aa:b4:4b:2d:37:d6:34:f4:
                    38:4f:c0:c6:4e:90:9a:e7:8c:38:bb:59:0c:d5:51:
                    2e:37:6b:99:83:fc:fe:a3:8a:e3:bc:67:5f:6c:41:
                    46:26:d8:0f:79:f3:61:30:da:e9:f1:33:41:18:b4:
                    6e:7b:8b:18:0c:9f:e4:66:0d:49:a3:ca:f4:35:8a:
                    44:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FD:84:41:4D:D1:8C:EF:99:BE:86:41:17:12:C1:E2:91:3F:15:46
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/zf2EQU3RjO-ZvoZBFxLB4pE_FUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:ea:a7:54:ee:36:0f:37:07:c2:11:64:89:d8:4f:f1:56:6f:
         7e:77:1b:f9:6b:ee:e1:e1:70:f8:f5:3f:af:20:a4:bd:88:42:
         fd:e1:3f:62:0b:d0:53:cf:9f:ee:77:68:54:36:2d:1e:f8:70:
         4e:85:2a:f3:85:df:8a:30:44:3a:cc:6d:d9:24:ef:3c:d8:5a:
         5e:3a:71:39:40:9b:f3:9e:24:39:aa:77:62:e3:cb:6f:9d:c0:
         98:3b:e5:bc:a5:13:55:c8:15:23:08:a9:48:c9:66:a3:5c:9d:
         6a:f8:eb:60:a4:4e:f8:a7:fb:02:e1:17:79:33:eb:05:47:94:
         ab:44:3a:3d:81:b6:b3:1d:b8:f2:c8:ae:d7:61:6d:36:a7:f1:
         24:8f:a6:d7:de:d8:74:4d:5c:9d:03:f2:74:4d:ea:1b:18:3f:
         43:07:64:11:33:2f:ad:3e:8b:a4:0c:bf:b7:29:cf:a6:d4:1d:
         4e:d7:2b:39:f1:fb:3c:a6:25:3c:ed:0d:c1:7e:aa:c6:52:05:
         04:52:79:fb:41:d9:34:ac:c8:fe:d0:0d:60:d4:d0:9d:dd:47:
         9f:c2:d6:5d:26:48:fa:eb:71:c1:3e:c9:46:ef:39:ad:c8:f3:
         9f:db:c8:f3:86:81:9a:29:67:f7:ce:84:d1:33:10:8e:22:02:
         4b:6b:b7:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyfbewAiM/+SYZmBFWbEg8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMjI3MTQwODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZkODQ0MTRkZDE4Y2VmOTliZTg2NDExNzEyYzFlMjkxM2YxNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeOlUx8sGSfi+81q/7BmM1tuRxh+
6pV/hgRKeMb8Ll1uco1T/4wXKsCZ3riIns0ccS8z6hqE4CeR0ScsmZUNwGV/sNEx
S3KWgtdG2ETAqOnY+hWLsrygLQagoq4CKqay3GN55tQRxhVg4FPJRl+GfxKlAHp+
wS0K35KEPvKkfndY2HoncbXs/Hw0KBXCFIuew278gF9fDMtBseQxZozeLw8XfCqd
TmOyAEyVL8zaPDgo2ta213G3FXoyqrRLLTfWNPQ4T8DGTpCa54w4u1kM1VEuN2uZ
g/z+o4rjvGdfbEFGJtgPefNhMNrp8TNBGLRue4sYDJ/kZg1Jo8r0NYpEMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM39hEFN0Yzvmb6GQRcSweKRPxVGMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvemYyRVFVM1JqTy1adm9aQkZ4TEI0cEVfRlVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UzMA0G
CSqGSIb3DQEBCwUAA4IBAQAW6qdU7jYPNwfCEWSJ2E/xVm9+dxv5a+7h4XD49T+v
IKS9iEL94T9iC9BTz5/ud2hUNi0e+HBOhSrzhd+KMEQ6zG3ZJO882FpeOnE5QJvz
niQ5qndi48tvncCYO+W8pRNVyBUjCKlIyWajXJ1q+OtgpE74p/sC4Rd5M+sFR5Sr
RDo9gbazHbjyyK7XYW02p/Ekj6bX3th0TVydA/J0TeobGD9DB2QRMy+tPoukDL+3
Kc+m1B1O1ys58fs8piU87Q3BfqrGUgUEUnn7Qdk0rMj+0A1g1NCd3UefwtZdJkj6
63HBPslG7zmtyPOf28jzhoGaKWf3zoTRMxCOIgJLa7eZ
-----END CERTIFICATE-----