Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/2AoCTJhqU5v6MlrbH3hvQy0Uf7Y.roa
File:                     2AoCTJhqU5v6MlrbH3hvQy0Uf7Y.roa (raw, json)
Hash identifier:          G3dIE6sYWPhy161h7oAdaMA3nB4HfJRUXVulVZyCG4Y=
Subject key identifier:   D8:0A:02:4C:98:6A:53:9B:FA:32:5A:DB:1F:78:6F:43:2D:14:7F:B6
Certificate issuer:       /CN=15cfcfcef82f7d1c5908a2e5a009fd1b3439817c
Certificate serial:       019B7C80C6425D22F93EA3B9EDA9BFE762CE
Authority key identifier: 15:CF:CF:CE:F8:2F:7D:1C:59:08:A2:E5:A0:09:FD:1B:34:39:81:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/2AoCTJhqU5v6MlrbH3hvQy0Uf7Y.roa
Signing time:             Fri 02 Jan 2026 02:19:32 +0000
ROA not before:           Fri 02 Jan 2026 02:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214233
IP address blocks:        194.164.98.0/24 maxlen: 24
                          194.164.99.0/24 maxlen: 24
                          2a01:f080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:c6:42:5d:22:f9:3e:a3:b9:ed:a9:bf:e7:62:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15cfcfcef82f7d1c5908a2e5a009fd1b3439817c
        Validity
            Not Before: Jan  2 02:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d80a024c986a539bfa325adb1f786f432d147fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4e:9a:76:c9:f1:7b:68:08:30:03:54:6e:1d:
                    3b:d9:0c:5e:50:5d:ea:52:74:aa:85:0b:fb:fe:7a:
                    67:b2:22:97:eb:50:03:32:06:71:e6:ef:ad:10:17:
                    74:3e:53:bd:aa:44:d3:dd:b9:e8:5d:54:ec:b7:35:
                    e3:38:8d:34:60:96:05:29:cc:75:d4:56:fa:9b:63:
                    63:5f:c1:13:fe:06:81:21:ed:8c:d6:b2:7e:56:dc:
                    b8:86:cf:9c:3d:86:bc:e5:4f:5d:70:cf:54:ed:d0:
                    30:09:8e:0b:d4:13:25:b0:f5:e3:3a:e1:58:39:98:
                    65:38:61:b9:8b:f6:9d:8e:d8:f7:fc:4c:6f:7c:9c:
                    f2:f9:8c:7c:22:c3:a4:23:59:3a:11:1c:ec:8a:1d:
                    57:3d:67:46:05:58:b4:d6:43:e9:55:e8:6d:74:e6:
                    1a:f1:2c:03:6b:46:a8:24:dc:a6:5e:00:d8:86:18:
                    ae:63:a2:fc:c2:93:6d:ac:67:2d:a7:7e:98:72:ba:
                    46:08:65:b6:b9:56:45:0c:25:8e:98:4e:d9:f8:5a:
                    9f:42:cf:01:e0:3b:c7:e6:90:2c:af:7c:a7:f5:de:
                    9f:98:14:fc:c5:97:71:8c:b7:6a:d6:42:10:d8:c1:
                    79:eb:c4:50:02:4d:67:1a:b6:eb:ce:f8:e5:c0:7f:
                    70:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:0A:02:4C:98:6A:53:9B:FA:32:5A:DB:1F:78:6F:43:2D:14:7F:B6
            X509v3 Authority Key Identifier:
                keyid:15:CF:CF:CE:F8:2F:7D:1C:59:08:A2:E5:A0:09:FD:1B:34:39:81:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/2AoCTJhqU5v6MlrbH3hvQy0Uf7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.98.0/23
                IPv6:
                  2a01:f080::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:2e:14:93:13:38:3f:08:dd:3e:85:62:d8:86:6b:48:05:39:
         19:98:9e:3b:a5:ea:12:57:23:fc:48:43:29:17:57:8f:1a:a8:
         21:7a:96:f3:fd:15:da:ab:5e:e2:45:7e:e7:1e:ba:f3:6f:5f:
         1a:57:d3:03:9b:62:04:30:9e:4a:62:50:f9:93:0a:a9:70:91:
         73:5e:18:b0:b6:d7:1f:8d:e5:ce:93:d0:3c:38:94:02:e0:52:
         67:b6:69:aa:85:16:fd:35:1c:91:1d:0b:ae:dd:ce:fa:ac:4e:
         31:cd:25:0a:8f:2f:2f:05:61:46:08:56:ef:af:3f:87:14:ce:
         7e:58:4b:9f:06:56:12:93:da:b1:e9:d0:89:23:c9:c6:45:a5:
         84:3f:8a:aa:22:53:fb:88:04:f6:bb:30:5e:83:a0:d3:14:3a:
         0c:19:4f:5c:49:18:a7:c7:73:5c:94:49:ad:ef:61:81:5b:c2:
         ae:25:57:bd:94:ff:07:cb:e6:ff:89:8b:5d:b2:2c:dc:ab:c0:
         08:80:0a:6b:e8:a3:4c:d9:e6:24:72:05:0d:5b:06:da:3c:50:
         fa:92:41:49:03:cf:25:94:63:38:c7:da:5f:1d:8a:2a:2c:e3:
         6d:e4:ef:52:f2:0c:d6:da:a4:a5:4d:39:b5:d6:69:b6:5a:c6:
         a5:b9:02:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8gMZCXSL5PqO57am/52LOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Y2ZjZmNlZjgyZjdkMWM1OTA4YTJlNWEwMDlmZDFiMzQz
OTgxN2MwHhcNMjYwMTAyMDIxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODBhMDI0Yzk4NmE1MzliZmEzMjVhZGIxZjc4NmY0MzJkMTQ3ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU6adsnxe2gIMANUbh072QxeUF3q
UnSqhQv7/npnsiKX61ADMgZx5u+tEBd0PlO9qkTT3bnoXVTstzXjOI00YJYFKcx1
1Fb6m2NjX8ET/gaBIe2M1rJ+Vty4hs+cPYa85U9dcM9U7dAwCY4L1BMlsPXjOuFY
OZhlOGG5i/adjtj3/ExvfJzy+Yx8IsOkI1k6ERzsih1XPWdGBVi01kPpVehtdOYa
8SwDa0aoJNymXgDYhhiuY6L8wpNtrGctp36YcrpGCGW2uVZFDCWOmE7Z+FqfQs8B
4DvH5pAsr3yn9d6fmBT8xZdxjLdq1kIQ2MF568RQAk1nGrbrzvjlwH9wbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNgKAkyYalOb+jJa2x94b0MtFH+2MB8GA1UdIwQY
MBaAFBXPz874L30cWQii5aAJ/Rs0OYF8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmNfUHp2Z3ZmUnhaQ0tMbG9BbjlHelE1Z1h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kMzc5MGQtOTcyMy00YjUzLWFkMTMt
NjExZWE0NDJkMmYzLzEvMkFvQ1RKaHFVNXY2TWxyYkgzaHZReTBVZjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kMzc5MGQtOTcyMy00YjUzLWFkMTMtNjExZWE0NDJkMmYz
LzEvRmNfUHp2Z3ZmUnhaQ0tMbG9BbjlHelE1Z1h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwqRiMA0E
AgACMAcDBQMqAfCAMA0GCSqGSIb3DQEBCwUAA4IBAQBLLhSTEzg/CN0+hWLYhmtI
BTkZmJ47peoSVyP8SEMpF1ePGqghepbz/RXaq17iRX7nHrrzb18aV9MDm2IEMJ5K
YlD5kwqpcJFzXhiwttcfjeXOk9A8OJQC4FJntmmqhRb9NRyRHQuu3c76rE4xzSUK
jy8vBWFGCFbvrz+HFM5+WEufBlYSk9qx6dCJI8nGRaWEP4qqIlP7iAT2uzBeg6DT
FDoMGU9cSRinx3NclEmt72GBW8KuJVe9lP8Hy+b/iYtdsizcq8AIgApr6KNM2eYk
cgUNWwbaPFD6kkFJA88llGM4x9pfHYoqLONt5O9S8gzW2qSlTTm11mm2WsaluQID
-----END CERTIFICATE-----