Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/fZAzCiUywNplLCNiRhDfKrlfG_w.roa
File:                     fZAzCiUywNplLCNiRhDfKrlfG_w.roa (raw, json)
Hash identifier:          3BGp9D7RFRPhwzgCFhMEEth9zMM9VYj+/fIdqEAt+6g=
Subject key identifier:   7D:90:33:0A:25:32:C0:DA:65:2C:23:62:46:10:DF:2A:B9:5F:1B:FC
Certificate issuer:       /CN=833e535db7e1b715ae34e9f1ddbd843692f6fefa
Certificate serial:       019B791030783E87B2BB879F0D0ED60724D2
Authority key identifier: 83:3E:53:5D:B7:E1:B7:15:AE:34:E9:F1:DD:BD:84:36:92:F6:FE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz5TXbfhtxWuNOnx3b2ENpL2_vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/fZAzCiUywNplLCNiRhDfKrlfG_w.roa
Signing time:             Thu 01 Jan 2026 10:17:42 +0000
ROA not before:           Thu 01 Jan 2026 10:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214094
IP address blocks:        64.190.76.0/24 maxlen: 24
                          2001:67c:e28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/gz5TXbfhtxWuNOnx3b2ENpL2_vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/gz5TXbfhtxWuNOnx3b2ENpL2_vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz5TXbfhtxWuNOnx3b2ENpL2_vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:30:78:3e:87:b2:bb:87:9f:0d:0e:d6:07:24:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e535db7e1b715ae34e9f1ddbd843692f6fefa
        Validity
            Not Before: Jan  1 10:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d90330a2532c0da652c23624610df2ab95f1bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:94:e2:96:8e:6c:20:10:58:bf:15:5e:f2:bd:
                    5c:09:48:45:0b:78:51:e0:0d:39:cd:da:2e:4a:14:
                    73:7f:c0:4a:90:92:82:e5:89:0a:4f:a8:eb:17:5f:
                    db:c4:ce:f9:8d:5e:14:86:7a:ba:76:20:c2:cc:cf:
                    7f:24:af:df:4b:65:44:54:5c:ba:71:15:18:21:4f:
                    a3:76:27:ef:68:8f:a5:06:7f:a9:fb:f9:9c:ce:bd:
                    ff:7c:bf:0b:b9:6a:17:06:d7:32:b3:70:85:b5:1f:
                    ab:b8:98:32:d3:1b:27:c2:92:24:66:3c:a5:49:f3:
                    58:f2:12:8b:38:19:cc:5b:3c:ab:65:06:ad:bd:50:
                    01:a0:b3:83:0b:c1:86:37:c5:d7:4f:b0:e8:67:d2:
                    ba:56:b9:2f:a8:0e:4c:6a:a6:c6:47:b4:18:7a:04:
                    09:f2:56:0b:df:66:3f:34:61:e3:65:d2:42:e6:49:
                    06:c2:92:3c:44:2e:a8:b3:d6:5b:3f:79:8b:a3:02:
                    1a:8e:ca:3b:23:09:5c:00:ca:df:b9:05:c7:a5:5a:
                    e7:09:74:94:ed:9f:fb:24:ce:a8:10:2a:64:1c:d0:
                    71:cc:7c:b9:79:97:d9:9e:0e:a4:78:23:71:54:24:
                    46:f2:9e:43:60:19:37:1c:54:d7:65:a0:23:55:f9:
                    b0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:90:33:0A:25:32:C0:DA:65:2C:23:62:46:10:DF:2A:B9:5F:1B:FC
            X509v3 Authority Key Identifier:
                keyid:83:3E:53:5D:B7:E1:B7:15:AE:34:E9:F1:DD:BD:84:36:92:F6:FE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz5TXbfhtxWuNOnx3b2ENpL2_vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/fZAzCiUywNplLCNiRhDfKrlfG_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6bdac7-62d4-4033-b9ad-31034c356fa3/1/gz5TXbfhtxWuNOnx3b2ENpL2_vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.76.0/24
                IPv6:
                  2001:67c:e28::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:1b:9e:19:e8:85:d2:dd:2f:76:6f:3b:4d:93:c6:d5:76:c0:
         db:3b:36:e6:90:7c:64:87:c4:cb:25:04:42:f9:24:e9:2a:a7:
         f4:3b:57:2f:dc:6d:f2:6e:7e:9e:ad:08:41:5e:0d:7e:24:69:
         9f:66:eb:2c:84:cc:6d:c4:dc:9f:a5:04:5c:eb:2c:e7:7a:ff:
         38:8f:50:59:8b:38:4b:ed:eb:3c:f5:1c:87:27:f4:83:3e:78:
         00:13:e1:f9:ab:32:36:93:5b:2d:34:84:87:b2:0b:78:70:00:
         5a:dc:8b:03:85:ad:b1:ce:f0:e0:ce:37:39:c2:3b:84:b2:2f:
         ff:c4:64:ac:95:35:28:52:2a:c5:15:1e:ce:89:62:19:9d:11:
         fd:d3:e2:39:4a:87:6f:f0:23:17:a0:31:18:8a:f6:30:00:ac:
         aa:79:88:06:19:48:2f:e9:eb:a5:13:38:5f:60:a2:d6:e0:4d:
         fb:ff:33:93:6d:0c:06:0d:06:33:1c:18:fb:ae:e9:96:ee:45:
         60:1c:49:bf:d2:70:aa:dd:26:53:12:b9:da:3a:66:0e:0b:76:
         43:89:8b:cb:55:92:03:a4:8f:2b:69:e5:c2:78:37:56:31:f5:
         1c:12:2c:62:07:47:cb:67:ed:ff:a8:04:89:b9:60:76:d8:df:
         ec:67:59:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt5EDB4Poeyu4efDQ7WByTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2U1MzVkYjdlMWI3MTVhZTM0ZTlmMWRkYmQ4NDM2OTJm
NmZlZmEwHhcNMjYwMTAxMTAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDkwMzMwYTI1MzJjMGRhNjUyYzIzNjI0NjEwZGYyYWI5NWYxYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65Tilo5sIBBYvxVe8r1cCUhFC3hR
4A05zdouShRzf8BKkJKC5YkKT6jrF1/bxM75jV4Uhnq6diDCzM9/JK/fS2VEVFy6
cRUYIU+jdifvaI+lBn+p+/mczr3/fL8LuWoXBtcys3CFtR+ruJgy0xsnwpIkZjyl
SfNY8hKLOBnMWzyrZQatvVABoLODC8GGN8XXT7DoZ9K6VrkvqA5MaqbGR7QYegQJ
8lYL32Y/NGHjZdJC5kkGwpI8RC6os9ZbP3mLowIajso7IwlcAMrfuQXHpVrnCXSU
7Z/7JM6oECpkHNBxzHy5eZfZng6keCNxVCRG8p5DYBk3HFTXZaAjVfmweQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH2QMwolMsDaZSwjYkYQ3yq5Xxv8MB8GA1UdIwQY
MBaAFIM+U1234bcVrjTp8d29hDaS9v76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o1VFhiZmh0eFd1Tk9ueDNiMkVOcEwyX3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82YmRhYzctNjJkNC00MDMzLWI5YWQt
MzEwMzRjMzU2ZmEzLzEvZlpBekNpVXl3TnBsTENOaVJoRGZLcmxmR193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82YmRhYzctNjJkNC00MDMzLWI5YWQtMzEwMzRjMzU2ZmEz
LzEvZ3o1VFhiZmh0eFd1Tk9ueDNiMkVOcEwyX3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAQL5MMA8E
AgACMAkDBwAgAQZ8DigwDQYJKoZIhvcNAQELBQADggEBAGwbnhnohdLdL3ZvO02T
xtV2wNs7NuaQfGSHxMslBEL5JOkqp/Q7Vy/cbfJufp6tCEFeDX4kaZ9m6yyEzG3E
3J+lBFzrLOd6/ziPUFmLOEvt6zz1HIcn9IM+eAAT4fmrMjaTWy00hIeyC3hwAFrc
iwOFrbHO8ODONznCO4SyL//EZKyVNShSKsUVHs6JYhmdEf3T4jlKh2/wIxegMRiK
9jAArKp5iAYZSC/p66UTOF9gotbgTfv/M5NtDAYNBjMcGPuu6ZbuRWAcSb/ScKrd
JlMSudo6Zg4LdkOJi8tVkgOkjytp5cJ4N1Yx9RwSLGIHR8tn7f+oBIm5YHbY3+xn
WdU=
-----END CERTIFICATE-----