Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zQQ3up_sVp85Vu9FjrlPZdIUAo4.roa
File:                     zQQ3up_sVp85Vu9FjrlPZdIUAo4.roa (raw, json)
Hash identifier:          CoIauExbBLiSe/+TXSN+Xpl0pzQnWGj8jVHsHEggBc0=
Subject key identifier:   CD:04:37:BA:9F:EC:56:9F:39:56:EF:45:8E:B9:4F:65:D2:14:02:8E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019D9AD0FCF37B69F39400A9956BE70BD053
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zQQ3up_sVp85Vu9FjrlPZdIUAo4.roa
Signing time:             Fri 17 Apr 2026 09:41:20 +0000
ROA not before:           Fri 17 Apr 2026 09:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402044
IP address blocks:        212.16.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:d0:fc:f3:7b:69:f3:94:00:a9:95:6b:e7:0b:d0:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Apr 17 09:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd0437ba9fec569f3956ef458eb94f65d214028e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:01:7c:83:10:93:22:0b:d5:b0:c4:5c:8e:07:
                    17:57:52:f3:fd:a7:00:1d:33:ec:a0:45:27:4b:f1:
                    94:0b:5f:5e:38:03:85:0a:71:09:01:91:fe:48:35:
                    ad:5c:46:b3:7b:03:4b:a5:65:56:b5:c0:24:54:72:
                    34:a1:2c:4e:3c:03:d2:59:21:2e:81:01:a8:e7:03:
                    b9:56:fe:56:da:08:d4:fa:52:23:53:17:f4:65:71:
                    2f:1f:17:76:d6:11:4d:d6:08:93:ce:1c:2d:15:5d:
                    4b:ed:71:10:67:f8:c8:ab:88:58:38:fa:26:6b:03:
                    8f:00:11:37:6d:7a:39:cc:f2:e2:1f:bb:8b:53:6e:
                    50:a2:e0:29:12:6e:2e:98:36:d0:97:db:15:19:9b:
                    57:b9:a8:17:dd:a4:06:e6:0a:b8:0a:8c:80:30:84:
                    b3:98:43:7c:66:60:8c:53:40:39:a4:a5:c6:27:b6:
                    73:84:bc:7a:65:6a:99:18:a8:3e:bc:dd:b0:22:74:
                    9b:4e:6d:3b:4b:59:c2:cf:65:6f:53:5e:a8:2e:54:
                    49:21:93:20:3e:3f:75:bb:a1:16:ba:56:33:fa:bd:
                    9e:07:7c:08:70:b9:03:0d:48:54:01:bb:28:af:bb:
                    e2:e0:fe:fc:ec:ac:77:f9:ef:53:36:af:a8:f3:bf:
                    ea:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:04:37:BA:9F:EC:56:9F:39:56:EF:45:8E:B9:4F:65:D2:14:02:8E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zQQ3up_sVp85Vu9FjrlPZdIUAo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:3b:b6:c4:ca:ce:72:8a:29:c4:e0:93:33:e4:0d:82:0a:53:
         ed:3c:7b:71:11:bd:b1:b2:57:6e:65:45:20:26:44:24:ee:d1:
         00:b5:6e:a0:23:fe:89:7d:2d:f4:50:02:b6:d6:62:10:d7:de:
         1e:c2:b8:63:4b:c2:be:3d:f2:8f:19:9c:5a:2a:b4:b7:ec:71:
         c8:ac:5c:2f:5b:8f:21:7c:59:1d:a0:90:12:29:3d:53:64:7c:
         3e:51:df:6e:68:16:0e:74:e8:4f:ab:a5:5f:86:2c:0e:cc:11:
         4f:cd:25:17:b1:f0:f8:dd:80:4f:f8:93:12:45:a8:2e:17:ee:
         bd:d6:e7:b8:72:9d:ec:b5:04:b5:f1:74:ba:fd:b8:4d:e2:5c:
         41:e0:89:7a:8b:31:30:57:5d:f2:27:ec:7a:72:a6:b8:52:60:
         1a:bc:53:42:0b:8a:8d:48:f7:82:7e:15:b0:e9:c2:10:cd:f4:
         31:04:ae:5d:79:b1:46:b9:67:ba:60:2d:2b:96:e6:4f:43:43:
         5b:1c:54:d1:b8:6c:e8:17:92:a6:74:bb:58:74:f8:28:2e:25:
         3d:03:3a:a6:0e:62:20:40:c9:44:10:7b:4f:db:0e:e1:dd:82:
         e6:41:f8:4d:72:62:30:1c:b6:09:53:59:fa:c3:c5:3d:11:3c:
         3e:58:c5:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2a0Pzze2nzlACplWvnC9BTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwNDE3MDk0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA0MzdiYTlmZWM1NjlmMzk1NmVmNDU4ZWI5NGY2NWQyMTQwMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AF8gxCTIgvVsMRcjgcXV1Lz/acA
HTPsoEUnS/GUC19eOAOFCnEJAZH+SDWtXEazewNLpWVWtcAkVHI0oSxOPAPSWSEu
gQGo5wO5Vv5W2gjU+lIjUxf0ZXEvHxd21hFN1giTzhwtFV1L7XEQZ/jIq4hYOPom
awOPABE3bXo5zPLiH7uLU25QouApEm4umDbQl9sVGZtXuagX3aQG5gq4CoyAMISz
mEN8ZmCMU0A5pKXGJ7ZzhLx6ZWqZGKg+vN2wInSbTm07S1nCz2VvU16oLlRJIZMg
Pj91u6EWulYz+r2eB3wIcLkDDUhUAbsor7vi4P787Kx3+e9TNq+o87/qhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0EN7qf7FafOVbvRY65T2XSFAKOMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvelFRM3VwX3NWcDg1VnU5RmpybFBaZElVQW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BBPMA0G
CSqGSIb3DQEBCwUAA4IBAQCTO7bEys5yiinE4JMz5A2CClPtPHtxEb2xslduZUUg
JkQk7tEAtW6gI/6JfS30UAK21mIQ194ewrhjS8K+PfKPGZxaKrS37HHIrFwvW48h
fFkdoJASKT1TZHw+Ud9uaBYOdOhPq6VfhiwOzBFPzSUXsfD43YBP+JMSRaguF+69
1ue4cp3stQS18XS6/bhN4lxB4Il6izEwV13yJ+x6cqa4UmAavFNCC4qNSPeCfhWw
6cIQzfQxBK5debFGuWe6YC0rluZPQ0NbHFTRuGzoF5KmdLtYdPgoLiU9AzqmDmIg
QMlEEHtP2w7h3YLmQfhNcmIwHLYJU1n6w8U9ETw+WMVV
-----END CERTIFICATE-----