Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/tcpzIe_pjPXzHyr7azFQbFyZen0.roa
File:                     tcpzIe_pjPXzHyr7azFQbFyZen0.roa (raw, json)
Hash identifier:          +9WrVu+TeVKO3brb/4DCjwpgqdCP/iS9uN4mB6tGNMU=
Subject key identifier:   B5:CA:73:21:EF:E9:8C:F5:F3:1F:2A:FB:6B:31:50:6C:5C:99:7A:7D
Certificate issuer:       /CN=855c5d0fe25935ac91ab5aada6452600e58d25a5
Certificate serial:       019B78A333A8DA034087649E6B24522A9557
Authority key identifier: 85:5C:5D:0F:E2:59:35:AC:91:AB:5A:AD:A6:45:26:00:E5:8D:25:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/tcpzIe_pjPXzHyr7azFQbFyZen0.roa
Signing time:             Thu 01 Jan 2026 08:18:40 +0000
ROA not before:           Thu 01 Jan 2026 08:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211499
IP address blocks:        193.16.98.0/24 maxlen: 24
                          2001:678:f2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:33:a8:da:03:40:87:64:9e:6b:24:52:2a:95:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=855c5d0fe25935ac91ab5aada6452600e58d25a5
        Validity
            Not Before: Jan  1 08:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5ca7321efe98cf5f31f2afb6b31506c5c997a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c7:23:3c:6a:98:d5:80:3e:2b:5d:0f:39:0c:
                    c5:32:f8:40:fc:25:90:49:34:68:ee:25:bd:47:b1:
                    f7:e5:01:b7:fa:f6:ae:10:00:9b:6b:8c:b6:9a:2e:
                    1a:19:c7:0f:e5:e1:15:d4:ea:05:8a:05:33:13:ad:
                    64:fe:f1:d0:14:70:d8:7b:db:2d:22:04:3d:a1:06:
                    c2:8c:6d:3e:6d:eb:f0:28:ca:4d:e7:f8:1b:70:b3:
                    5d:25:82:43:3c:e4:f5:09:2e:de:c0:6c:eb:da:5f:
                    f6:d1:91:ea:bc:2f:20:53:67:d9:ab:b1:79:b8:56:
                    14:64:f7:2d:30:a0:5f:98:4b:5e:e5:6a:d4:0e:64:
                    59:9e:eb:1b:3b:ba:66:41:0e:4f:b5:af:ae:7a:68:
                    44:5f:51:99:22:e8:72:f4:d2:0f:c2:9b:7d:51:97:
                    55:e7:65:fc:d8:a7:99:b1:0e:a9:48:03:1b:d2:6f:
                    dc:34:73:18:76:76:de:b8:a3:c3:77:2d:64:d5:ec:
                    5e:4b:ab:47:01:c1:28:60:54:b3:89:73:f5:ca:4a:
                    fc:f1:ab:43:3b:34:79:fd:55:63:24:b7:46:c2:a6:
                    b9:7e:96:82:09:38:c1:35:6e:85:3f:ed:37:af:2a:
                    56:99:6c:43:ed:b6:42:b6:21:b4:7c:74:1b:93:0a:
                    21:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CA:73:21:EF:E9:8C:F5:F3:1F:2A:FB:6B:31:50:6C:5C:99:7A:7D
            X509v3 Authority Key Identifier:
                keyid:85:5C:5D:0F:E2:59:35:AC:91:AB:5A:AD:A6:45:26:00:E5:8D:25:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/tcpzIe_pjPXzHyr7azFQbFyZen0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.98.0/24
                IPv6:
                  2001:678:f2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:0e:13:5f:ec:71:c2:90:ad:30:90:db:c3:20:90:c6:46:a9:
         e3:47:f8:cc:6f:c1:6c:1a:eb:6b:1c:40:a0:4d:32:a2:2d:b6:
         4b:9a:da:a2:cc:98:c4:2f:5f:3c:9f:f6:0e:90:35:a2:cf:31:
         88:d5:95:b8:8b:2a:98:67:96:37:42:33:eb:00:8e:2b:1c:68:
         1b:de:41:74:7d:ab:3a:69:4a:9b:fb:95:47:b3:fb:d1:fa:34:
         dd:f6:d7:0f:db:72:32:78:66:45:8a:b7:b4:d8:e7:71:48:c0:
         bb:6f:c9:f5:ad:34:a5:10:08:ef:af:e8:2a:32:08:14:1e:64:
         b6:20:a7:08:6f:59:dd:3e:2a:bc:e4:3d:1e:12:4d:f7:ea:05:
         ca:a2:f6:9c:59:c1:f4:6f:59:b7:5f:16:ff:96:2b:39:1a:23:
         12:78:0e:cb:de:75:f6:e3:ac:98:72:9c:c8:ce:17:0e:9d:8a:
         f8:53:eb:49:fd:c9:30:ed:ec:f2:9b:32:3f:7d:79:77:98:bb:
         c2:28:4b:aa:aa:87:c1:8c:ed:2f:03:62:73:2a:84:a9:1e:1b:
         91:82:a5:31:36:4b:dc:09:73:dd:bb:8e:c7:e3:af:18:9d:65:
         ec:59:89:2e:84:e6:a0:06:38:ab:c9:1b:29:cc:1f:af:3e:62:
         77:af:f7:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt4ozOo2gNAh2SeayRSKpVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWM1ZDBmZTI1OTM1YWM5MWFiNWFhZGE2NDUyNjAwZTU4
ZDI1YTUwHhcNMjYwMTAxMDgxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNhNzMyMWVmZTk4Y2Y1ZjMxZjJhZmI2YjMxNTA2YzVjOTk3YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzscjPGqY1YA+K10POQzFMvhA/CWQ
STRo7iW9R7H35QG3+vauEACba4y2mi4aGccP5eEV1OoFigUzE61k/vHQFHDYe9st
IgQ9oQbCjG0+bevwKMpN5/gbcLNdJYJDPOT1CS7ewGzr2l/20ZHqvC8gU2fZq7F5
uFYUZPctMKBfmEte5WrUDmRZnusbO7pmQQ5Pta+uemhEX1GZIuhy9NIPwpt9UZdV
52X82KeZsQ6pSAMb0m/cNHMYdnbeuKPDdy1k1exeS6tHAcEoYFSziXP1ykr88atD
OzR5/VVjJLdGwqa5fpaCCTjBNW6FP+03rypWmWxD7bZCtiG0fHQbkwohWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLXKcyHv6Yz18x8q+2sxUGxcmXp9MB8GA1UdIwQY
MBaAFIVcXQ/iWTWskataraZFJgDljSWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ4ZEQtSlpOYXlScTFxdHBrVW1BT1dOSmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMmIwNTEtM2EyMy00ODM1LWIzMGQt
MmFmNDc5MWQ5NmViLzEvdGNwekllX3BqUFh6SHlyN2F6RlFiRnlaZW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMmIwNTEtM2EyMy00ODM1LWIzMGQtMmFmNDc5MWQ5NmVi
LzEvaFZ4ZEQtSlpOYXlScTFxdHBrVW1BT1dOSmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRBiMA8E
AgACMAkDBwAgAQZ4DywwDQYJKoZIhvcNAQELBQADggEBADIOE1/sccKQrTCQ28Mg
kMZGqeNH+MxvwWwa62scQKBNMqIttkua2qLMmMQvXzyf9g6QNaLPMYjVlbiLKphn
ljdCM+sAjiscaBveQXR9qzppSpv7lUez+9H6NN321w/bcjJ4ZkWKt7TY53FIwLtv
yfWtNKUQCO+v6CoyCBQeZLYgpwhvWd0+KrzkPR4STffqBcqi9pxZwfRvWbdfFv+W
KzkaIxJ4DsvedfbjrJhynMjOFw6divhT60n9yTDt7PKbMj99eXeYu8IoS6qqh8GM
7S8DYnMqhKkeG5GCpTE2S9wJc927jsfjrxidZexZiS6E5qAGOKvJGynMH68+Ynev
95M=
-----END CERTIFICATE-----