Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/G7zbH0s176fZtCse-15mMTljv8o.roa
File:                     G7zbH0s176fZtCse-15mMTljv8o.roa (raw, json)
Hash identifier:          bng6dC4LjgT90wt4Nd1UlCg1rSNDjhq1PyJI9ymWjxk=
Subject key identifier:   1B:BC:DB:1F:4B:35:EF:A7:D9:B4:2B:1E:FB:5E:66:31:39:63:BF:CA
Certificate issuer:       /CN=af934ec694af68134b7514c10dcd13857b459e38
Certificate serial:       019B7F857DF941B14F34A0CF5F9D7B705E61
Authority key identifier: AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/G7zbH0s176fZtCse-15mMTljv8o.roa
Signing time:             Fri 02 Jan 2026 16:23:33 +0000
ROA not before:           Fri 02 Jan 2026 16:23:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61193
IP address blocks:        213.232.198.0/24 maxlen: 24
                          2a10:dc00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:7d:f9:41:b1:4f:34:a0:cf:5f:9d:7b:70:5e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af934ec694af68134b7514c10dcd13857b459e38
        Validity
            Not Before: Jan  2 16:23:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bbcdb1f4b35efa7d9b42b1efb5e66313963bfca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0e:22:4e:b4:2a:49:29:3e:19:6c:c9:ef:54:
                    a5:e5:fa:af:35:d7:a9:b0:2a:a3:d8:38:1e:60:f3:
                    f0:c2:d0:9a:6e:ba:83:b4:82:b1:d6:31:03:da:e4:
                    e1:38:fb:0e:6a:c3:04:8b:dd:d5:44:ad:61:8c:fc:
                    ed:21:f2:78:67:47:23:b4:1d:e4:02:e8:87:db:05:
                    ef:0f:03:68:08:b1:5b:e8:68:fe:3b:7a:a9:62:a3:
                    5b:de:9d:1b:cc:75:a7:3a:6c:35:89:70:3f:c5:34:
                    8b:ce:ad:e8:ab:85:2a:ff:22:c2:7a:44:72:d2:6b:
                    1e:56:39:b7:0b:df:6c:8e:4c:d2:75:71:95:0d:98:
                    49:d4:24:65:7a:ca:a5:12:29:1d:bd:a0:f4:99:31:
                    11:54:82:37:84:89:74:c6:91:ac:02:59:8d:9c:19:
                    12:7a:58:a9:ff:da:7e:f2:a4:a8:d7:ee:4a:d4:58:
                    fc:47:34:fa:f0:a7:33:f0:be:b6:ba:bd:7b:04:c0:
                    ba:6f:e3:02:e5:3e:56:f0:65:0a:04:a6:c6:80:f2:
                    e2:02:90:dd:2f:ab:17:cd:34:2a:aa:b3:6f:29:0c:
                    15:66:8e:df:1e:35:a4:72:ce:7a:6b:6b:ea:8c:41:
                    94:a6:e2:69:61:a7:ef:a0:a2:f3:51:92:d1:d3:b7:
                    43:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BC:DB:1F:4B:35:EF:A7:D9:B4:2B:1E:FB:5E:66:31:39:63:BF:CA
            X509v3 Authority Key Identifier:
                keyid:AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/G7zbH0s176fZtCse-15mMTljv8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.198.0/24
                IPv6:
                  2a10:dc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:a1:9c:7b:d9:a1:de:ed:09:12:d3:10:4d:7d:77:94:65:c2:
         f4:86:4a:60:94:a4:2d:6e:67:0a:e3:5f:e9:d8:47:e9:8d:e6:
         5f:e0:a5:43:1d:bf:73:8a:aa:87:49:a0:51:98:e4:a1:41:18:
         80:e8:9b:19:cf:f5:d3:7c:94:1a:03:8c:7e:ac:5e:43:df:83:
         29:97:b8:b5:9b:44:e8:90:84:4e:6e:63:a4:8d:44:5e:12:20:
         01:87:12:f4:72:39:c3:2c:52:25:da:2c:96:b5:b5:45:6e:46:
         f7:0d:7e:98:fe:d3:97:eb:fe:02:1d:19:e6:01:ae:c9:fe:c0:
         2b:71:2d:5b:52:07:88:1d:6b:72:aa:63:db:2f:15:19:33:94:
         08:5d:2d:59:3e:ff:a8:cb:a9:9c:fd:ad:ca:5d:b7:04:13:bf:
         a9:c1:b6:aa:00:04:26:06:54:10:8d:ec:6a:82:41:39:00:e9:
         07:cc:68:7f:8c:fd:d4:5a:7d:d6:85:ac:82:0b:99:23:60:73:
         04:80:43:f7:38:47:89:bd:d3:bd:fc:8b:5a:bd:88:f3:73:3c:
         c5:69:34:49:db:a8:ef:68:1d:60:1d:94:d7:af:73:46:14:1d:
         75:90:5a:69:96:bc:95:c0:0b:19:ab:b0:52:32:96:d7:05:d1:
         9a:06:78:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/hX35QbFPNKDPX517cF5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM0ZWM2OTRhZjY4MTM0Yjc1MTRjMTBkY2QxMzg1N2I0
NTllMzgwHhcNMjYwMTAyMTYyMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmJjZGIxZjRiMzVlZmE3ZDliNDJiMWVmYjVlNjYzMTM5NjNiZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ4iTrQqSSk+GWzJ71Sl5fqvNdep
sCqj2DgeYPPwwtCabrqDtIKx1jED2uThOPsOasMEi93VRK1hjPztIfJ4Z0cjtB3k
AuiH2wXvDwNoCLFb6Gj+O3qpYqNb3p0bzHWnOmw1iXA/xTSLzq3oq4Uq/yLCekRy
0mseVjm3C99sjkzSdXGVDZhJ1CRlesqlEikdvaD0mTERVII3hIl0xpGsAlmNnBkS
elip/9p+8qSo1+5K1Fj8RzT68Kcz8L62ur17BMC6b+MC5T5W8GUKBKbGgPLiApDd
L6sXzTQqqrNvKQwVZo7fHjWkcs56a2vqjEGUpuJpYafvoKLzUZLR07dDXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBu82x9LNe+n2bQrHvteZjE5Y7/KMB8GA1UdIwQY
MBaAFK+TTsaUr2gTS3UUwQ3NE4V7RZ44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzIt
MDcxOGFhOGRkOWE3LzEvRzd6YkgwczE3NmZadENzZS0xNW1NVGxqdjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzItMDcxOGFhOGRkOWE3
LzEvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1ejGMA0E
AgACMAcDBQMqENwAMA0GCSqGSIb3DQEBCwUAA4IBAQByoZx72aHe7QkS0xBNfXeU
ZcL0hkpglKQtbmcK41/p2EfpjeZf4KVDHb9ziqqHSaBRmOShQRiA6JsZz/XTfJQa
A4x+rF5D34Mpl7i1m0TokIRObmOkjUReEiABhxL0cjnDLFIl2iyWtbVFbkb3DX6Y
/tOX6/4CHRnmAa7J/sArcS1bUgeIHWtyqmPbLxUZM5QIXS1ZPv+oy6mc/a3KXbcE
E7+pwbaqAAQmBlQQjexqgkE5AOkHzGh/jP3UWn3WhayCC5kjYHMEgEP3OEeJvdO9
/ItavYjzczzFaTRJ26jvaB1gHZTXr3NGFB11kFpplryVwAsZq7BSMpbXBdGaBnhq
-----END CERTIFICATE-----