Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/ATMfOPn_iklWkDGZaU6nBEYrMIs.roa
File:                     ATMfOPn_iklWkDGZaU6nBEYrMIs.roa (raw, json)
Hash identifier:          MkgqGmH4i1AY83gSH/fJ/hLhxo7uHROhQ+deiJMJQps=
Subject key identifier:   01:33:1F:38:F9:FF:8A:49:56:90:31:99:69:4E:A7:04:46:2B:30:8B
Certificate issuer:       /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial:       019B7758D9CD011FC6270B86A2C23C74E04B
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/ATMfOPn_iklWkDGZaU6nBEYrMIs.roa
Signing time:             Thu 01 Jan 2026 02:17:50 +0000
ROA not before:           Thu 01 Jan 2026 02:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16339
IP address blocks:        212.78.79.0/24 maxlen: 24
                          212.78.81.0/24 maxlen: 24
                          212.78.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:d9:cd:01:1f:c6:27:0b:86:a2:c2:3c:74:e0:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
        Validity
            Not Before: Jan  1 02:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01331f38f9ff8a4956903199694ea704462b308b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:eb:84:55:14:cb:76:ac:b9:2c:d8:c3:d9:41:
                    e9:c7:cf:01:82:fa:ba:54:4a:ef:0f:d1:e8:29:09:
                    90:fb:17:83:ec:bb:e0:b1:88:38:3b:37:e9:16:64:
                    8f:7a:32:16:a4:26:6c:10:86:db:ad:8d:98:be:7c:
                    5e:98:b9:28:a6:5d:0a:e0:54:a1:94:1b:f6:7b:1d:
                    df:c8:3e:b9:03:3a:7d:6e:98:70:cc:d6:18:04:23:
                    32:99:d4:64:ff:0c:64:66:d9:3b:21:2d:fa:7d:8c:
                    9c:06:7e:0d:af:c6:09:fb:f0:02:ce:1d:89:1f:27:
                    37:2d:de:80:da:ac:a2:3d:bc:37:e3:5f:47:7d:fe:
                    00:09:45:6d:2c:53:91:3e:57:13:2d:33:41:6d:af:
                    51:a4:22:3c:25:8b:2f:30:8e:47:50:41:15:b1:78:
                    6c:69:a1:6f:2b:03:46:1a:66:47:d5:69:04:5b:45:
                    09:8d:4c:c4:21:15:51:f4:3d:80:b0:60:85:15:7b:
                    93:fe:b7:cf:90:ac:9f:db:c4:bc:35:1f:49:f3:7f:
                    95:b0:ee:76:91:4d:75:dd:49:39:eb:e0:cb:d9:22:
                    ea:d5:18:03:16:8d:22:8b:ac:ca:35:29:c3:b4:b1:
                    ac:75:15:c2:72:67:62:8d:6c:2a:28:6a:fd:0c:7b:
                    5b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:33:1F:38:F9:FF:8A:49:56:90:31:99:69:4E:A7:04:46:2B:30:8B
            X509v3 Authority Key Identifier:
                keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/ATMfOPn_iklWkDGZaU6nBEYrMIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.79.0/24
                  212.78.81.0/24
                  212.78.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:14:26:25:c5:a4:b5:03:b1:63:5d:24:bd:0c:d0:93:41:1d:
         b1:bd:18:8e:51:ff:59:93:a0:67:1b:84:3c:f9:e9:ce:8c:9c:
         d9:68:e9:91:28:55:9c:5c:30:ae:31:9b:f7:43:14:b0:71:52:
         4b:09:76:ce:28:bf:7c:94:5d:88:a7:94:66:36:ea:57:eb:aa:
         10:79:d5:0c:71:3a:9e:8f:ac:da:74:08:6a:e9:2e:e2:e1:0a:
         a6:fa:58:28:23:fe:77:5a:8b:2b:6c:7c:da:15:2b:b1:ba:90:
         7c:de:2e:fd:c2:86:c4:40:d2:0f:8f:1f:3c:f4:0e:9b:a6:41:
         2e:f5:6c:a0:1c:33:13:0f:5e:cd:2d:dd:4c:4b:1c:5e:e1:f2:
         e7:9c:fe:4f:29:01:83:b8:af:c7:0e:49:0d:7c:ad:38:60:78:
         3d:ca:15:0d:6f:53:86:d7:62:7a:ac:ba:b5:f3:94:92:a3:7b:
         ac:a7:54:e6:82:4e:9f:6a:ab:e6:9a:7e:13:7e:4f:5a:13:d6:
         07:3e:4e:9e:7f:07:61:be:d2:d8:18:d3:a0:6e:95:50:23:9c:
         31:15:85:53:e1:8d:bd:e4:e0:fd:9f:ec:80:e6:cd:80:15:77:
         4c:90:f6:1e:86:b3:50:44:a7:f5:e9:cc:9b:7e:6e:45:a2:ba:
         ba:04:b9:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt3WNnNAR/GJwuGosI8dOBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjYwMTAxMDIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTMzMWYzOGY5ZmY4YTQ5NTY5MDMxOTk2OTRlYTcwNDQ2MmIzMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1euEVRTLdqy5LNjD2UHpx88Bgvq6
VErvD9HoKQmQ+xeD7LvgsYg4OzfpFmSPejIWpCZsEIbbrY2YvnxemLkopl0K4FSh
lBv2ex3fyD65Azp9bphwzNYYBCMymdRk/wxkZtk7IS36fYycBn4Nr8YJ+/ACzh2J
Hyc3Ld6A2qyiPbw3419Hff4ACUVtLFORPlcTLTNBba9RpCI8JYsvMI5HUEEVsXhs
aaFvKwNGGmZH1WkEW0UJjUzEIRVR9D2AsGCFFXuT/rfPkKyf28S8NR9J83+VsO52
kU113Uk56+DL2SLq1RgDFo0ii6zKNSnDtLGsdRXCcmdijWwqKGr9DHtbIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAEzHzj5/4pJVpAxmWlOpwRGKzCLMB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvQVRNZk9Qbl9pa2xXa0RHWmFVNm5CRVlyTUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1E5PAwQA
1E5RAwQA1E5fMA0GCSqGSIb3DQEBCwUAA4IBAQBiFCYlxaS1A7FjXSS9DNCTQR2x
vRiOUf9Zk6BnG4Q8+enOjJzZaOmRKFWcXDCuMZv3QxSwcVJLCXbOKL98lF2Ip5Rm
NupX66oQedUMcTqej6zadAhq6S7i4Qqm+lgoI/53WosrbHzaFSuxupB83i79wobE
QNIPjx889A6bpkEu9WygHDMTD17NLd1MSxxe4fLnnP5PKQGDuK/HDkkNfK04YHg9
yhUNb1OG12J6rLq185SSo3usp1Tmgk6faqvmmn4Tfk9aE9YHPk6efwdhvtLYGNOg
bpVQI5wxFYVT4Y295OD9n+yA5s2AFXdMkPYehrNQRKf16cybfm5Forq6BLm1
-----END CERTIFICATE-----