Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/zo2hj0NnUKtMIaBWQ3JzuVlOSzg.roa
File:                     zo2hj0NnUKtMIaBWQ3JzuVlOSzg.roa (raw, json)
Hash identifier:          6zDGTcy6kX8eoXilotaWx4SANOQZdA3n6MHmlx3VPN8=
Subject key identifier:   CE:8D:A1:8F:43:67:50:AB:4C:21:A0:56:43:72:73:B9:59:4E:4B:38
Certificate issuer:       /CN=c1e3a44ae8cf0243f1dffe2684e3dd5a8fc85d79
Certificate serial:       019B7C8068AA8385A614DA456F74E894E821
Authority key identifier: C1:E3:A4:4A:E8:CF:02:43:F1:DF:FE:26:84:E3:DD:5A:8F:C8:5D:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/weOkSujPAkPx3_4mhOPdWo_IXXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/zo2hj0NnUKtMIaBWQ3JzuVlOSzg.roa
Signing time:             Fri 02 Jan 2026 02:19:08 +0000
ROA not before:           Fri 02 Jan 2026 02:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202240
IP address blocks:        79.98.188.0/22 maxlen: 24
                          2a05:bc40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/weOkSujPAkPx3_4mhOPdWo_IXXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/weOkSujPAkPx3_4mhOPdWo_IXXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/weOkSujPAkPx3_4mhOPdWo_IXXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:68:aa:83:85:a6:14:da:45:6f:74:e8:94:e8:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1e3a44ae8cf0243f1dffe2684e3dd5a8fc85d79
        Validity
            Not Before: Jan  2 02:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce8da18f436750ab4c21a056437273b9594e4b38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:00:88:3e:a5:21:29:3c:8c:13:f7:ba:8e:3c:
                    eb:79:02:fa:03:9e:12:91:1c:27:d6:61:d5:2c:72:
                    8b:cc:52:ab:76:c7:94:9e:35:34:e7:60:9b:c2:17:
                    1b:a3:2d:56:9a:77:68:9e:c0:d5:13:c7:e5:92:1e:
                    13:a1:d1:6a:6d:c5:8a:43:c7:d0:91:3f:4d:c1:38:
                    46:68:2e:e0:e4:65:42:f9:0d:e3:86:97:a0:d8:3e:
                    ec:96:d8:97:39:d8:25:be:69:f5:f3:fd:c8:75:d7:
                    2d:cd:f0:d3:73:59:0c:d2:34:a8:cf:89:ef:12:c2:
                    1f:0f:c4:10:f2:74:e9:7d:a8:a3:c9:bc:00:08:83:
                    cc:c5:71:ae:bb:b0:36:69:dd:10:74:22:23:a1:15:
                    31:41:2f:0f:d2:71:ac:a1:10:89:ae:78:1c:3c:26:
                    90:88:26:dc:e4:8f:7c:50:79:1e:1b:f1:41:de:61:
                    ff:ef:b3:de:1b:75:28:d2:f9:63:55:c0:6a:10:5a:
                    8c:c7:0f:0c:b1:fc:93:fe:08:88:cc:58:03:74:27:
                    10:69:8f:f7:bd:2e:ae:30:07:12:f7:f4:82:fa:51:
                    8a:83:21:94:5e:e0:a8:4b:28:49:87:51:be:02:2e:
                    bc:fd:af:9a:4b:64:34:f4:bc:53:c5:6f:74:93:fb:
                    23:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8D:A1:8F:43:67:50:AB:4C:21:A0:56:43:72:73:B9:59:4E:4B:38
            X509v3 Authority Key Identifier:
                keyid:C1:E3:A4:4A:E8:CF:02:43:F1:DF:FE:26:84:E3:DD:5A:8F:C8:5D:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/weOkSujPAkPx3_4mhOPdWo_IXXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/zo2hj0NnUKtMIaBWQ3JzuVlOSzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/bf4a44-bb8a-4651-a0aa-38d292d0f7ec/1/weOkSujPAkPx3_4mhOPdWo_IXXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.188.0/22
                IPv6:
                  2a05:bc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:22:bc:f0:ce:97:dc:fd:68:6e:d7:ea:43:d8:c6:d4:9b:61:
         86:9e:ea:45:2c:b2:4e:2a:3a:2c:e1:e1:dc:71:57:a2:cb:d0:
         87:b6:37:fb:ea:db:d3:30:5f:0f:f7:1a:27:b1:82:53:f2:59:
         10:01:3b:bd:45:ae:6a:c8:a3:b0:47:e5:e1:6d:ce:3c:7d:f0:
         0e:92:26:4b:5d:22:af:ef:90:71:b1:74:81:49:56:cf:0d:da:
         ef:56:ab:72:14:f1:96:1e:2f:ce:8e:e6:19:68:01:1b:0d:da:
         8c:85:39:49:21:08:af:25:cd:6a:28:24:68:b2:80:1f:6e:2f:
         4d:82:af:6e:8d:09:7b:2c:de:46:9d:4e:0c:05:f3:4a:12:1e:
         8f:ca:8b:fe:9f:e6:89:fa:b7:80:23:06:f1:6e:e9:ef:dd:d3:
         07:e0:b4:82:9a:3a:e3:fc:ac:3c:3e:db:6c:f0:30:59:b9:15:
         e3:b7:ba:8f:b3:e6:4b:83:ab:0d:79:b3:5b:c4:fc:82:d1:4a:
         49:22:58:d2:56:1a:e4:c5:38:30:0a:dd:4c:07:98:8f:91:2d:
         23:fe:e4:1d:70:76:73:8f:b4:38:1c:3e:1b:16:ae:df:f4:8d:
         f3:6e:a4:4b:6c:26:4c:c4:c7:ad:5c:18:e0:c8:fc:cb:2c:b0:
         c8:dc:81:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8gGiqg4WmFNpFb3TolOghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZTNhNDRhZThjZjAyNDNmMWRmZmUyNjg0ZTNkZDVhOGZj
ODVkNzkwHhcNMjYwMTAyMDIxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThkYTE4ZjQzNjc1MGFiNGMyMWEwNTY0MzcyNzNiOTU5NGU0YjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQCIPqUhKTyME/e6jjzreQL6A54S
kRwn1mHVLHKLzFKrdseUnjU052Cbwhcboy1WmndonsDVE8flkh4TodFqbcWKQ8fQ
kT9NwThGaC7g5GVC+Q3jhpeg2D7sltiXOdglvmn18/3IddctzfDTc1kM0jSoz4nv
EsIfD8QQ8nTpfaijybwACIPMxXGuu7A2ad0QdCIjoRUxQS8P0nGsoRCJrngcPCaQ
iCbc5I98UHkeG/FB3mH/77PeG3Uo0vljVcBqEFqMxw8MsfyT/giIzFgDdCcQaY/3
vS6uMAcS9/SC+lGKgyGUXuCoSyhJh1G+Ai68/a+aS2Q09LxTxW90k/sjtwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM6NoY9DZ1CrTCGgVkNyc7lZTks4MB8GA1UdIwQY
MBaAFMHjpErozwJD8d/+JoTj3VqPyF15MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VPa1N1alBBa1B4M180bWhPUGRXb19JWFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iZjRhNDQtYmI4YS00NjUxLWEwYWEt
MzhkMjkyZDBmN2VjLzEvem8yaGowTm5VS3RNSWFCV1EzSnp1VmxPU3pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iZjRhNDQtYmI4YS00NjUxLWEwYWEtMzhkMjkyZDBmN2Vj
LzEvd2VPa1N1alBBa1B4M180bWhPUGRXb19JWFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCT2K8MA0E
AgACMAcDBQMqBbxAMA0GCSqGSIb3DQEBCwUAA4IBAQAhIrzwzpfc/Whu1+pD2MbU
m2GGnupFLLJOKjos4eHccVeiy9CHtjf76tvTMF8P9xonsYJT8lkQATu9Ra5qyKOw
R+Xhbc48ffAOkiZLXSKv75BxsXSBSVbPDdrvVqtyFPGWHi/OjuYZaAEbDdqMhTlJ
IQivJc1qKCRosoAfbi9Ngq9ujQl7LN5GnU4MBfNKEh6Pyov+n+aJ+reAIwbxbunv
3dMH4LSCmjrj/Kw8Ptts8DBZuRXjt7qPs+ZLg6sNebNbxPyC0UpJIljSVhrkxTgw
Ct1MB5iPkS0j/uQdcHZzj7Q4HD4bFq7f9I3zbqRLbCZMxMetXBjgyPzLLLDI3IGn
-----END CERTIFICATE-----