Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/vnZI4Od1GtuWmbcfTmasYrA2CVc.roa
File:                     vnZI4Od1GtuWmbcfTmasYrA2CVc.roa (raw, json)
Hash identifier:          hJx0ALHEmU6KnL133ic1OuF6Y0ua/ikvZuJIZHg4VQo=
Subject key identifier:   BE:76:48:E0:E7:75:1A:DB:96:99:B7:1F:4E:66:AC:62:B0:36:09:57
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019C8F61F37108F9A854ED237ECCAD97EFE2
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/vnZI4Od1GtuWmbcfTmasYrA2CVc.roa
Signing time:             Tue 24 Feb 2026 11:21:27 +0000
ROA not before:           Tue 24 Feb 2026 11:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393942
IP address blocks:        213.145.74.0/24 maxlen: 24
                          213.145.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:61:f3:71:08:f9:a8:54:ed:23:7e:cc:ad:97:ef:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Feb 24 11:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be7648e0e7751adb9699b71f4e66ac62b0360957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:83:4f:32:b9:47:d4:7f:a9:da:e4:58:f0:ab:
                    6c:d4:52:c7:cd:3f:fd:83:5e:1f:b1:43:bd:e8:33:
                    15:d6:75:ac:5a:d1:16:45:2c:d5:49:a3:fb:b9:c1:
                    d0:8f:a9:57:82:8f:73:5c:1a:9a:79:e3:71:0d:ed:
                    7c:db:ab:5b:9e:dd:4e:78:37:31:e3:eb:ab:be:ec:
                    68:b1:a8:e6:ce:fc:33:6a:08:d5:1c:98:8c:be:46:
                    2c:a0:95:3c:fd:6c:ab:8a:86:76:75:a9:81:7e:df:
                    b2:7c:d5:4b:67:86:85:d8:3e:2f:de:4c:8f:ce:8d:
                    fd:85:1a:ce:c9:ee:c5:5c:4a:5c:2a:cd:97:05:30:
                    08:3f:07:a8:54:4e:0f:e9:a2:1c:c4:fc:93:2d:ed:
                    47:20:c4:03:f3:7c:47:20:ba:c2:48:7a:30:45:4a:
                    e0:00:4e:8d:d4:17:fd:60:c9:ce:65:44:6c:8d:67:
                    64:97:27:1c:d5:ff:f6:93:ee:f1:fa:23:da:d9:e2:
                    ae:5e:dc:02:37:69:e5:70:0f:e0:db:42:9e:c1:53:
                    16:8b:dd:05:71:46:57:5f:ee:77:6f:1b:37:db:03:
                    17:e2:9d:d4:ff:2f:39:2f:52:b9:52:66:bd:26:f1:
                    c8:ac:27:35:d8:40:ac:c8:ee:53:c9:8b:ec:98:6b:
                    f1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:76:48:E0:E7:75:1A:DB:96:99:B7:1F:4E:66:AC:62:B0:36:09:57
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/vnZI4Od1GtuWmbcfTmasYrA2CVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.74.0/24
                  213.145.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ee:2f:bc:30:4c:2b:84:4f:36:3f:2a:99:c0:ed:8e:38:fd:
         48:0d:3b:d3:aa:f2:86:12:ab:ea:b4:bb:d9:bb:55:ae:a2:14:
         97:d5:ad:a9:2d:45:64:bc:05:52:5b:ed:52:df:40:17:78:25:
         ad:6d:e7:1f:7b:7a:0a:ec:56:87:0c:a1:d7:f9:2f:eb:8f:a0:
         74:d7:bc:6e:e9:6d:27:25:1c:99:9b:b5:33:c4:ef:e2:42:86:
         d6:40:64:25:0a:76:84:23:03:89:aa:24:6a:eb:4e:98:1f:0e:
         26:41:c3:08:ce:65:6b:92:74:a4:ff:6a:ce:5b:4d:c3:0f:31:
         a1:83:92:65:5e:54:ab:e1:fe:4f:95:28:29:c1:93:b8:57:dd:
         6f:70:69:02:ac:d0:c5:11:09:e1:f8:68:76:10:1a:5a:f2:48:
         69:23:85:2d:12:a2:e5:fe:c5:04:61:f6:8d:be:aa:2b:ef:04:
         39:14:b4:07:e0:9e:d3:75:6f:c3:78:dd:73:bb:0d:8a:7a:4b:
         8f:a1:fc:2b:c1:0c:1a:3d:b4:b5:99:49:76:5e:9b:cd:4a:d6:
         f2:4d:49:1f:10:69:d3:41:c9:72:2e:c6:a6:70:b3:ce:f6:4b:
         d1:2d:09:e3:40:83:47:94:67:1b:8a:79:4a:f1:e0:6f:1c:13:
         92:c8:8e:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyPYfNxCPmoVO0jfsytl+/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwMjI0MTEyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc2NDhlMGU3NzUxYWRiOTY5OWI3MWY0ZTY2YWM2MmIwMzYwOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuINPMrlH1H+p2uRY8Kts1FLHzT/9
g14fsUO96DMV1nWsWtEWRSzVSaP7ucHQj6lXgo9zXBqaeeNxDe1826tbnt1OeDcx
4+urvuxosajmzvwzagjVHJiMvkYsoJU8/WyrioZ2damBft+yfNVLZ4aF2D4v3kyP
zo39hRrOye7FXEpcKs2XBTAIPweoVE4P6aIcxPyTLe1HIMQD83xHILrCSHowRUrg
AE6N1Bf9YMnOZURsjWdklycc1f/2k+7x+iPa2eKuXtwCN2nlcA/g20KewVMWi90F
cUZXX+53bxs32wMX4p3U/y85L1K5Uma9JvHIrCc12ECsyO5TyYvsmGvxuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL52SODndRrblpm3H05mrGKwNglXMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvdm5aSTRPZDFHdHVXbWJjZlRtYXNZckEyQ1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1ZFKAwQA
1ZFUMA0GCSqGSIb3DQEBCwUAA4IBAQBb7i+8MEwrhE82PyqZwO2OOP1IDTvTqvKG
EqvqtLvZu1WuohSX1a2pLUVkvAVSW+1S30AXeCWtbecfe3oK7FaHDKHX+S/rj6B0
17xu6W0nJRyZm7UzxO/iQobWQGQlCnaEIwOJqiRq606YHw4mQcMIzmVrknSk/2rO
W03DDzGhg5JlXlSr4f5PlSgpwZO4V91vcGkCrNDFEQnh+Gh2EBpa8khpI4UtEqLl
/sUEYfaNvqor7wQ5FLQH4J7TdW/DeN1zuw2KekuPofwrwQwaPbS1mUl2XpvNStby
TUkfEGnTQclyLsamcLPO9kvRLQnjQINHlGcbinlK8eBvHBOSyI43
-----END CERTIFICATE-----