Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/0pi2CRh8v5FDGjuuAyr_ynjNU4M.roa
File:                     0pi2CRh8v5FDGjuuAyr_ynjNU4M.roa (raw, json)
Hash identifier:          gEFkbWU3I4/+RhLgSRyNGP/VSE7D27H+Iby5qJquk8k=
Subject key identifier:   D2:98:B6:09:18:7C:BF:91:43:1A:3B:AE:03:2A:FF:CA:78:CD:53:83
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       019B7EA72F7BBAD70078749197FDF03D74DA
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/0pi2CRh8v5FDGjuuAyr_ynjNU4M.roa
Signing time:             Fri 02 Jan 2026 12:20:44 +0000
ROA not before:           Fri 02 Jan 2026 12:20:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209971
IP address blocks:        212.80.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:2f:7b:ba:d7:00:78:74:91:97:fd:f0:3d:74:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  2 12:20:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d298b609187cbf91431a3bae032affca78cd5383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:11:79:75:30:f8:ff:72:32:ed:4e:52:8f:9d:
                    7d:b6:38:49:c9:51:f8:38:b6:95:1c:72:e8:77:9b:
                    8a:37:c9:51:97:fa:18:04:69:00:7a:50:4e:52:2b:
                    dd:0d:e6:4d:9f:8e:6d:3a:30:14:8e:e0:aa:fd:92:
                    26:a1:fb:17:5d:18:71:27:17:28:77:28:23:c8:88:
                    45:21:c1:f4:75:b5:56:5d:9b:bc:20:f2:f2:3a:a0:
                    21:6d:10:14:24:fb:35:3e:ae:33:82:b3:1e:b1:2b:
                    c4:d9:9c:76:57:ca:7e:34:fc:e3:3e:b8:26:2b:01:
                    88:e9:80:70:25:c8:d9:eb:c8:de:6b:f4:48:12:ea:
                    6c:1d:39:89:70:bb:ea:d8:0c:b4:1d:e9:09:24:85:
                    93:73:4b:21:98:38:fa:ea:ad:49:9e:34:56:fb:85:
                    de:97:34:d8:d8:66:77:76:2a:ca:47:b0:b0:c0:a0:
                    4a:2a:c1:3f:9d:2a:1e:4e:ab:f1:9e:90:bb:4e:ce:
                    e1:f6:77:7e:1b:9e:4e:bf:8f:7f:0d:5b:ad:8a:b9:
                    63:2f:4d:5b:cd:5d:0d:95:5b:82:58:2d:b9:df:cd:
                    e5:3c:0b:59:10:c9:6b:a2:aa:6f:c2:fb:17:7c:8b:
                    ad:da:c5:4b:64:bd:9f:43:f4:f0:ba:39:9c:d8:55:
                    ff:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:98:B6:09:18:7C:BF:91:43:1A:3B:AE:03:2A:FF:CA:78:CD:53:83
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/0pi2CRh8v5FDGjuuAyr_ynjNU4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:62:6b:b5:6d:a3:71:2c:0c:ca:6c:6e:09:cf:b6:1b:4f:59:
         02:e2:61:0b:4a:44:7c:2f:01:ff:fe:f2:4e:99:80:12:b1:e9:
         86:0d:42:1e:f1:01:a2:e5:b8:58:31:f2:c3:71:01:12:e2:b4:
         34:2d:e7:a8:b2:3c:24:db:11:bc:da:0e:ad:c8:39:51:ae:40:
         18:09:ae:c9:5a:69:bf:e8:12:cb:31:1e:bb:e9:fa:e6:60:de:
         37:eb:a5:db:44:03:53:46:41:ae:59:18:1f:2f:6a:42:bc:4b:
         ff:66:03:00:d2:1a:2a:fc:a1:d4:71:06:9a:fc:85:f6:fe:7c:
         fc:61:d3:92:bf:f4:f3:e9:ca:63:3b:bc:b7:97:ea:dd:6e:12:
         1c:56:3d:4a:69:8d:64:1b:a4:3c:08:94:59:31:72:6b:1a:85:
         e4:d0:49:43:e5:86:67:a5:0c:5c:65:f4:f5:e4:ab:a1:ae:19:
         e7:f6:41:69:75:d7:91:ef:ea:b1:9d:ba:50:f2:b5:a7:64:dd:
         34:13:23:ba:03:04:cb:b4:0b:46:d3:23:f1:13:6c:d2:79:48:
         f1:2b:d0:f8:3a:de:1d:10:f6:d1:32:32:26:62:84:4c:80:7c:
         8c:08:0d:29:93:44:3a:4d:61:31:37:bc:fe:0b:3f:e8:cf:f6:
         d9:5d:76:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+py97utcAeHSRl/3wPXTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjYwMTAyMTIyMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjk4YjYwOTE4N2NiZjkxNDMxYTNiYWUwMzJhZmZjYTc4Y2Q1MzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxF5dTD4/3Iy7U5Sj519tjhJyVH4
OLaVHHLod5uKN8lRl/oYBGkAelBOUivdDeZNn45tOjAUjuCq/ZImofsXXRhxJxco
dygjyIhFIcH0dbVWXZu8IPLyOqAhbRAUJPs1Pq4zgrMesSvE2Zx2V8p+NPzjPrgm
KwGI6YBwJcjZ68jea/RIEupsHTmJcLvq2Ay0HekJJIWTc0shmDj66q1JnjRW+4Xe
lzTY2GZ3dirKR7CwwKBKKsE/nSoeTqvxnpC7Ts7h9nd+G55Ov49/DVutirljL01b
zV0NlVuCWC25383lPAtZEMlroqpvwvsXfIut2sVLZL2fQ/Twujmc2FX/hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKYtgkYfL+RQxo7rgMq/8p4zVODMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvMHBpMkNSaDh2NUZER2p1dUF5cl95bmpOVTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1FDEMA0G
CSqGSIb3DQEBCwUAA4IBAQC6Ymu1baNxLAzKbG4Jz7YbT1kC4mELSkR8LwH//vJO
mYASsemGDUIe8QGi5bhYMfLDcQES4rQ0Leeosjwk2xG82g6tyDlRrkAYCa7JWmm/
6BLLMR676frmYN4366XbRANTRkGuWRgfL2pCvEv/ZgMA0hoq/KHUcQaa/IX2/nz8
YdOSv/Tz6cpjO7y3l+rdbhIcVj1KaY1kG6Q8CJRZMXJrGoXk0ElD5YZnpQxcZfT1
5Kuhrhnn9kFpddeR7+qxnbpQ8rWnZN00EyO6AwTLtAtG0yPxE2zSeUjxK9D4Ot4d
EPbRMjImYoRMgHyMCA0pk0Q6TWExN7z+Cz/oz/bZXXbI
-----END CERTIFICATE-----