Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Z4u2ZuPRjtoJ1T7Bu7YaM-zHnb8.roa
File:                     Z4u2ZuPRjtoJ1T7Bu7YaM-zHnb8.roa (raw, json)
Hash identifier:          buF5g5hLeGHRRo3x/BwwzJhPSsDj5JSRKGK8mj4wcYU=
Subject key identifier:   67:8B:B6:66:E3:D1:8E:DA:09:D5:3E:C1:BB:B6:1A:33:EC:C7:9D:BF
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       019C4715B5C2B8A3BBC805AD9FF42F20B231
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Z4u2ZuPRjtoJ1T7Bu7YaM-zHnb8.roa
Signing time:             Tue 10 Feb 2026 10:25:30 +0000
ROA not before:           Tue 10 Feb 2026 10:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3491
IP address blocks:        101.60.254.0/24 maxlen: 24
                          101.60.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:15:b5:c2:b8:a3:bb:c8:05:ad:9f:f4:2f:20:b2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: Feb 10 10:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=678bb666e3d18eda09d53ec1bbb61a33ecc79dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f7:96:f3:a5:41:cb:f0:3c:12:58:56:05:ff:
                    d6:aa:2a:11:04:6b:78:a0:70:ae:99:5f:eb:4c:dc:
                    40:0c:eb:68:25:2f:77:0d:a5:4b:ff:84:0f:83:25:
                    20:00:5f:48:12:c5:77:4a:3d:c8:31:4f:f6:9d:45:
                    c3:c9:e4:1a:50:f6:a6:c0:c9:62:0c:69:f3:69:7f:
                    3b:09:4c:d5:c4:8a:d6:97:d1:fb:bd:1d:b0:82:8e:
                    dc:46:97:87:bb:ac:d4:34:40:3a:a8:b3:ab:31:05:
                    de:55:50:bf:2a:e6:08:f2:7c:27:75:c3:53:30:e9:
                    f3:da:fe:e9:f9:84:ca:57:99:dd:67:99:24:14:c1:
                    7b:fe:7a:b0:8b:08:d3:55:37:cc:44:5f:ea:34:e2:
                    22:ec:b4:0e:40:dc:cd:6e:e7:b7:f8:ca:c1:3e:cf:
                    b3:32:52:33:ec:d1:0b:31:0e:46:9a:44:e5:0e:08:
                    fe:b4:4f:bd:d9:00:5b:1e:ca:4b:cc:e7:5c:f1:9b:
                    9e:2e:7c:ef:ef:c9:c5:95:5e:c0:b7:37:95:0d:56:
                    31:6c:26:e8:12:7d:79:c9:0d:49:8d:70:43:91:b6:
                    4f:c6:57:a3:a7:19:9e:34:6e:16:cc:52:64:0b:93:
                    a1:94:11:3f:f2:11:fa:3a:b8:6c:a3:99:c7:49:88:
                    14:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:8B:B6:66:E3:D1:8E:DA:09:D5:3E:C1:BB:B6:1A:33:EC:C7:9D:BF
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Z4u2ZuPRjtoJ1T7Bu7YaM-zHnb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.60.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:16:69:2e:39:40:07:14:0e:18:07:26:87:94:ef:d1:e4:c1:
         d8:6b:c7:e9:e4:3d:77:0d:9a:0e:eb:63:e1:da:76:1a:d8:af:
         88:0c:07:bb:bf:43:d0:c1:ab:72:cf:e7:86:b0:03:86:0e:2f:
         0d:8e:fb:fe:a3:31:fa:09:66:fd:88:21:58:b2:0d:88:c4:f3:
         b1:96:cf:8e:f6:07:74:80:8d:98:db:ec:2b:4b:0d:bf:29:8e:
         6b:28:1b:d4:85:ef:1f:5b:13:b8:3d:cb:4a:d1:b6:d1:94:e7:
         47:a9:27:9b:e8:65:c9:83:a4:4a:68:be:9d:c4:65:f0:92:77:
         a6:86:b0:65:fc:0e:0e:e6:e6:72:fd:33:39:9f:ab:3b:73:cc:
         23:60:f8:78:27:f7:95:a3:f4:6d:46:4c:6c:61:9e:07:08:b9:
         51:65:2d:1b:32:b6:ea:22:2c:db:b0:3d:f2:31:4e:12:38:12:
         5e:43:7f:19:a2:8e:f9:d0:af:c8:0a:f4:83:fc:bb:22:4d:09:
         a9:f9:36:e4:3c:17:04:a3:d5:f1:82:97:0c:43:10:aa:d3:09:
         7f:e8:38:f9:81:6a:66:d7:88:ff:2e:14:bd:98:62:0d:bf:e1:
         de:13:d1:01:25:ab:17:ea:c2:ea:22:f1:40:18:b9:ba:b7:e3:
         a5:8c:dc:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHFbXCuKO7yAWtn/QvILIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjYwMjEwMTAyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzhiYjY2NmUzZDE4ZWRhMDlkNTNlYzFiYmI2MWEzM2VjYzc5ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPeW86VBy/A8ElhWBf/WqioRBGt4
oHCumV/rTNxADOtoJS93DaVL/4QPgyUgAF9IEsV3Sj3IMU/2nUXDyeQaUPamwMli
DGnzaX87CUzVxIrWl9H7vR2wgo7cRpeHu6zUNEA6qLOrMQXeVVC/KuYI8nwndcNT
MOnz2v7p+YTKV5ndZ5kkFMF7/nqwiwjTVTfMRF/qNOIi7LQOQNzNbue3+MrBPs+z
MlIz7NELMQ5GmkTlDgj+tE+92QBbHspLzOdc8ZueLnzv78nFlV7AtzeVDVYxbCbo
En15yQ1JjXBDkbZPxlejpxmeNG4WzFJkC5OhlBE/8hH6Orhso5nHSYgUewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeLtmbj0Y7aCdU+wbu2GjPsx52/MB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvWjR1Mlp1UFJqdG9KMVQ3QnU3WWFNLXpIbmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZTz+MA0G
CSqGSIb3DQEBCwUAA4IBAQC+FmkuOUAHFA4YByaHlO/R5MHYa8fp5D13DZoO62Ph
2nYa2K+IDAe7v0PQwatyz+eGsAOGDi8Njvv+ozH6CWb9iCFYsg2IxPOxls+O9gd0
gI2Y2+wrSw2/KY5rKBvUhe8fWxO4PctK0bbRlOdHqSeb6GXJg6RKaL6dxGXwknem
hrBl/A4O5uZy/TM5n6s7c8wjYPh4J/eVo/RtRkxsYZ4HCLlRZS0bMrbqIizbsD3y
MU4SOBJeQ38Zoo750K/ICvSD/LsiTQmp+TbkPBcEo9XxgpcMQxCq0wl/6Dj5gWpm
14j/LhS9mGINv+HeE9EBJasX6sLqIvFAGLm6t+OljNxD
-----END CERTIFICATE-----