Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/tpy9FJHevA7odk2TH7YsmtN7UFs.roa
File:                     tpy9FJHevA7odk2TH7YsmtN7UFs.roa (raw, json)
Hash identifier:          HA5XrfWMN5EyPeGIHUHIkCKTU3wDBfCSNcRoSlAlDv8=
Subject key identifier:   B6:9C:BD:14:91:DE:BC:0E:E8:76:4D:93:1F:B6:2C:9A:D3:7B:50:5B
Certificate issuer:       /CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
Certificate serial:       019C9A2A8153A1BF226EEF1B2A9ADFA7396D
Authority key identifier: 2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/tpy9FJHevA7odk2TH7YsmtN7UFs.roa
Signing time:             Thu 26 Feb 2026 13:36:42 +0000
ROA not before:           Thu 26 Feb 2026 13:36:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210708
IP address blocks:        79.110.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:2a:81:53:a1:bf:22:6e:ef:1b:2a:9a:df:a7:39:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
        Validity
            Not Before: Feb 26 13:36:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b69cbd1491debc0ee8764d931fb62c9ad37b505b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:cb:19:b1:b2:16:38:ef:be:e2:ab:6a:2f:b4:
                    cb:3a:e6:ab:55:16:d6:9c:92:cf:10:04:81:05:6e:
                    05:b5:a8:57:10:c1:c3:b8:ff:32:08:4c:a3:3d:30:
                    e5:54:ef:64:dc:cc:df:21:b3:15:a4:ef:25:d9:61:
                    68:d5:65:6d:a9:22:6f:a3:01:90:81:52:16:a4:78:
                    45:81:34:17:c0:e9:b1:2d:8a:c8:c2:94:cf:5a:4d:
                    20:f1:87:97:02:e6:f8:89:89:db:d8:fe:f9:dc:fd:
                    36:a2:21:97:7a:f2:82:b5:ff:3e:9a:6a:6a:70:b3:
                    38:96:c5:74:b5:7e:d3:98:8b:34:11:6f:ff:18:bd:
                    4c:61:f1:e8:d9:95:19:bd:0c:da:a4:04:8d:9b:6c:
                    ad:dc:27:52:5c:8c:da:c4:6c:31:6a:22:ca:49:70:
                    4d:15:d9:5e:e9:68:d5:0c:e5:db:41:0e:0c:f4:b4:
                    0e:9d:ab:4c:ed:9e:46:82:fe:f2:60:a7:3e:36:0e:
                    f8:39:98:46:a2:c5:74:bb:e5:69:8b:3c:36:66:fa:
                    9a:b2:19:11:82:c0:9e:bd:8b:ab:00:ff:5b:04:a4:
                    63:bb:21:34:99:85:3b:98:d5:64:4f:f5:dc:93:cb:
                    a4:3d:20:f1:95:7e:7a:73:3c:62:9c:42:ad:26:bc:
                    fc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:9C:BD:14:91:DE:BC:0E:E8:76:4D:93:1F:B6:2C:9A:D3:7B:50:5B
            X509v3 Authority Key Identifier:
                keyid:2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/tpy9FJHevA7odk2TH7YsmtN7UFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:3f:64:ed:ed:b2:a9:36:8c:fb:6d:c2:35:28:ad:91:1f:2d:
         ea:10:1d:17:c3:2c:e2:c3:ef:c4:48:46:4f:b9:19:da:1a:a1:
         99:fc:7d:f4:17:07:41:ff:8b:1d:e1:c7:44:ff:ab:eb:3c:56:
         fe:6b:dd:5a:d3:f0:a5:c3:ca:ed:99:35:f0:9f:c6:7c:61:3c:
         35:08:c1:79:ae:7f:91:6e:7b:c5:63:75:06:dd:06:6e:da:27:
         19:24:95:6d:2e:4f:c8:1d:cb:9c:c5:18:11:d5:10:b6:18:a8:
         cb:35:0c:4b:c8:ee:17:2a:05:65:4b:4d:70:5d:01:ed:25:f2:
         f7:14:87:39:5c:c4:81:8c:c0:ae:76:24:0e:e0:92:59:51:26:
         a8:c9:f6:09:d2:c1:6b:bb:d1:f3:c3:c0:c2:04:51:91:0c:46:
         ff:ef:7e:9a:23:e0:74:50:29:20:44:0a:a6:d0:12:62:4e:de:
         e8:a8:1b:30:5a:19:41:37:ad:f9:ce:42:a3:2d:58:ce:a2:2d:
         38:c1:bc:db:c1:36:e1:0c:17:40:dc:a4:6b:97:27:bd:ae:d3:
         72:d4:a5:31:a8:03:e9:bb:8b:6e:04:e4:05:aa:5c:38:b6:af:
         0c:df:5b:54:78:98:35:23:10:25:2e:28:fa:5b:b6:1c:5b:22:
         5d:f7:34:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyaKoFTob8ibu8bKprfpzltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjc4ZjE0ZjhiMjI4OGQ0OTU1N2NhNmZiMWJkZjQ3OTM5
MjdkY2UwHhcNMjYwMjI2MTMzNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjljYmQxNDkxZGViYzBlZTg3NjRkOTMxZmI2MmM5YWQzN2I1MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38sZsbIWOO++4qtqL7TLOuarVRbW
nJLPEASBBW4FtahXEMHDuP8yCEyjPTDlVO9k3MzfIbMVpO8l2WFo1WVtqSJvowGQ
gVIWpHhFgTQXwOmxLYrIwpTPWk0g8YeXAub4iYnb2P753P02oiGXevKCtf8+mmpq
cLM4lsV0tX7TmIs0EW//GL1MYfHo2ZUZvQzapASNm2yt3CdSXIzaxGwxaiLKSXBN
Fdle6WjVDOXbQQ4M9LQOnatM7Z5Ggv7yYKc+Ng74OZhGosV0u+Vpizw2ZvqashkR
gsCevYurAP9bBKRjuyE0mYU7mNVkT/Xck8ukPSDxlX56czxinEKtJrz89QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLacvRSR3rwO6HZNkx+2LJrTe1BbMB8GA1UdIwQY
MBaAFCtnjxT4siiNSVV8pvsb30eTkn3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEt
ZjFjYzg3M2MyZTI3LzEvdHB5OUZKSGV2QTdvZGsyVEg3WXNtdE43VUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEtZjFjYzg3M2MyZTI3
LzEvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27pMA0G
CSqGSIb3DQEBCwUAA4IBAQBmP2Tt7bKpNoz7bcI1KK2RHy3qEB0Xwyziw+/ESEZP
uRnaGqGZ/H30FwdB/4sd4cdE/6vrPFb+a91a0/Clw8rtmTXwn8Z8YTw1CMF5rn+R
bnvFY3UG3QZu2icZJJVtLk/IHcucxRgR1RC2GKjLNQxLyO4XKgVlS01wXQHtJfL3
FIc5XMSBjMCudiQO4JJZUSaoyfYJ0sFru9Hzw8DCBFGRDEb/736aI+B0UCkgRAqm
0BJiTt7oqBswWhlBN635zkKjLVjOoi04wbzbwTbhDBdA3KRrlye9rtNy1KUxqAPp
u4tuBOQFqlw4tq8M31tUeJg1IxAlLij6W7YcWyJd9zRT
-----END CERTIFICATE-----