Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zgoJuo8jGeBT00UZtZ5LGLiITKg.roa
File:                     zgoJuo8jGeBT00UZtZ5LGLiITKg.roa (raw, json)
Hash identifier:          Ei3MS2sQFI4GdekmMoV05zmd6M5JaE8DL5ImEH8ntCY=
Subject key identifier:   CE:0A:09:BA:8F:23:19:E0:53:D3:45:19:B5:9E:4B:18:B8:88:4C:A8
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019C312597EF18B24D023FF3954FA7816D0F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zgoJuo8jGeBT00UZtZ5LGLiITKg.roa
Signing time:             Fri 06 Feb 2026 04:11:13 +0000
ROA not before:           Fri 06 Feb 2026 04:11:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206715
IP address blocks:        45.88.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:31:25:97:ef:18:b2:4d:02:3f:f3:95:4f:a7:81:6d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb  6 04:11:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce0a09ba8f2319e053d34519b59e4b18b8884ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ec:75:79:78:69:4a:8b:71:76:33:c4:89:11:
                    5a:8c:11:ba:b4:1e:47:fa:ac:9f:e3:7b:0a:0e:6c:
                    2b:f2:e3:56:8a:e1:3a:52:43:a3:5c:53:6f:15:b6:
                    7f:3c:fe:e7:46:93:27:cc:85:5e:be:3e:89:9b:e8:
                    c1:19:a8:1a:91:e3:d2:e2:f3:84:fa:67:87:d6:fa:
                    c2:49:28:1e:ba:62:c7:86:ae:bc:c4:2f:33:3d:58:
                    1f:2f:e1:f9:ac:bf:45:be:07:27:fb:d5:96:a4:52:
                    7c:be:75:64:82:f6:a1:60:74:11:f7:73:a2:56:3d:
                    3e:78:8a:46:d2:78:43:65:7c:d4:fa:60:e9:60:7b:
                    4f:5b:88:93:6e:d6:da:28:31:12:df:8a:4b:0c:3e:
                    84:80:4a:7a:d5:90:29:b9:37:e0:64:95:d9:f3:11:
                    00:68:80:60:9b:8d:1f:6e:51:97:b1:09:fb:6b:88:
                    16:7d:be:b1:62:34:9f:05:16:49:b0:42:cb:54:17:
                    80:2c:7b:21:22:b3:5b:b7:36:d0:a7:9f:ba:8a:37:
                    9e:f1:8f:f2:cc:e6:94:cd:0f:1a:4d:f6:72:51:85:
                    08:96:15:a9:5e:ac:4e:da:1d:2b:c9:1d:e7:c4:c8:
                    e1:45:f5:5f:e5:a9:c5:5e:8e:03:1a:45:33:ed:41:
                    d8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0A:09:BA:8F:23:19:E0:53:D3:45:19:B5:9E:4B:18:B8:88:4C:A8
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zgoJuo8jGeBT00UZtZ5LGLiITKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:32:6c:64:62:ba:9f:34:bf:6a:90:f7:0e:31:83:2b:32:5d:
         a4:c3:9a:a7:24:4b:cd:55:42:cc:4a:ad:de:c1:52:bb:2c:ec:
         3e:b6:af:15:fe:ec:ab:0e:71:ff:ed:fc:d0:70:46:1b:1d:ae:
         df:36:1c:f0:a3:cb:b3:04:44:17:e1:b9:49:00:e7:81:87:7f:
         d7:6b:af:a7:05:b4:2b:82:af:3f:a7:03:70:50:39:2e:88:31:
         bd:6e:3c:0f:42:ce:10:af:a8:f2:2e:c6:ee:bf:56:e9:d3:e1:
         22:02:ae:1f:af:32:0d:42:70:0b:10:9a:e3:19:d2:c3:12:8f:
         43:56:59:45:4f:7c:e6:03:07:c0:e4:34:c8:82:a5:dd:01:a6:
         f7:2c:3f:44:73:36:f2:09:6f:31:1c:f3:a6:64:b6:12:73:2c:
         60:22:65:1e:cc:e6:2d:08:fe:ec:3d:f7:13:31:6f:10:39:e4:
         2c:f1:32:35:d1:97:1e:17:9a:07:6c:13:48:98:9f:e0:63:8f:
         b5:c4:d6:46:38:7e:ae:2b:72:27:59:b0:d3:cb:7b:61:d6:b3:
         82:f2:ff:cd:33:d0:41:9d:3d:fb:8a:ed:06:00:f3:2c:bb:c7:
         0d:2a:3c:1e:35:f8:b6:66:c7:a3:6c:5a:11:cf:66:61:65:a2:
         96:d7:dc:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwxJZfvGLJNAj/zlU+ngW0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMjA2MDQxMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTBhMDliYThmMjMxOWUwNTNkMzQ1MTliNTllNGIxOGI4ODg0Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuex1eXhpSotxdjPEiRFajBG6tB5H
+qyf43sKDmwr8uNWiuE6UkOjXFNvFbZ/PP7nRpMnzIVevj6Jm+jBGagakePS4vOE
+meH1vrCSSgeumLHhq68xC8zPVgfL+H5rL9Fvgcn+9WWpFJ8vnVkgvahYHQR93Oi
Vj0+eIpG0nhDZXzU+mDpYHtPW4iTbtbaKDES34pLDD6EgEp61ZApuTfgZJXZ8xEA
aIBgm40fblGXsQn7a4gWfb6xYjSfBRZJsELLVBeALHshIrNbtzbQp5+6ijee8Y/y
zOaUzQ8aTfZyUYUIlhWpXqxO2h0ryR3nxMjhRfVf5anFXo4DGkUz7UHYCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4KCbqPIxngU9NFGbWeSxi4iEyoMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvemdvSnVvOGpHZUJUMDBVWnRaNUxHTGlJVEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVgMMA0G
CSqGSIb3DQEBCwUAA4IBAQA+MmxkYrqfNL9qkPcOMYMrMl2kw5qnJEvNVULMSq3e
wVK7LOw+tq8V/uyrDnH/7fzQcEYbHa7fNhzwo8uzBEQX4blJAOeBh3/Xa6+nBbQr
gq8/pwNwUDkuiDG9bjwPQs4Qr6jyLsbuv1bp0+EiAq4frzINQnALEJrjGdLDEo9D
VllFT3zmAwfA5DTIgqXdAab3LD9EczbyCW8xHPOmZLYScyxgImUezOYtCP7sPfcT
MW8QOeQs8TI10ZceF5oHbBNImJ/gY4+1xNZGOH6uK3InWbDTy3th1rOC8v/NM9BB
nT37iu0GAPMsu8cNKjweNfi2ZsejbFoRz2ZhZaKW19xj
-----END CERTIFICATE-----