Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vZv3FN2tJ8gWjI_-FLI812Ef6ns.roa
File:                     vZv3FN2tJ8gWjI_-FLI812Ef6ns.roa (raw, json)
Hash identifier:          QctpTFOBnHUk9XOzbJs42Weo4R/GK1yQVquh8DaiaL4=
Subject key identifier:   BD:9B:F7:14:DD:AD:27:C8:16:8C:8F:FE:14:B2:3C:D7:61:1F:EA:7B
Certificate issuer:       /CN=bf2583f32f0632f1fda2de31d4d562eeaa07d3b5
Certificate serial:       019C962E5DB5A6FFB5D985AB24F4DFEFE857
Authority key identifier: BF:25:83:F3:2F:06:32:F1:FD:A2:DE:31:D4:D5:62:EE:AA:07:D3:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyWD8y8GMvH9ot4x1NVi7qoH07U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vZv3FN2tJ8gWjI_-FLI812Ef6ns.roa
Signing time:             Wed 25 Feb 2026 19:02:26 +0000
ROA not before:           Wed 25 Feb 2026 19:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212153
IP address blocks:        178.217.94.0/24 maxlen: 32
                          2a12:56c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vyWD8y8GMvH9ot4x1NVi7qoH07U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vyWD8y8GMvH9ot4x1NVi7qoH07U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyWD8y8GMvH9ot4x1NVi7qoH07U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:96:2e:5d:b5:a6:ff:b5:d9:85:ab:24:f4:df:ef:e8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf2583f32f0632f1fda2de31d4d562eeaa07d3b5
        Validity
            Not Before: Feb 25 19:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd9bf714ddad27c8168c8ffe14b23cd7611fea7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b3:48:97:66:7e:2c:1f:36:0c:99:76:29:79:
                    d5:84:d1:cf:a0:c1:0d:07:af:f1:41:9b:b6:ff:2b:
                    3e:df:85:69:26:68:06:56:b8:e5:0c:e6:2c:8c:c3:
                    4b:94:df:66:4e:6e:6a:61:9b:83:b7:5f:ee:b0:e3:
                    6b:da:bf:18:ce:e0:32:95:10:71:f8:8b:2f:b6:de:
                    d0:10:51:88:1d:21:0a:bc:77:c7:70:51:a0:6a:59:
                    99:ca:d9:aa:f3:84:44:7d:72:1d:d7:6d:34:ec:2d:
                    6c:34:62:1b:8c:18:ff:d0:b0:47:aa:3c:61:6e:74:
                    99:d3:db:59:e0:2e:db:a2:b1:e6:bd:e6:d0:f2:e6:
                    95:6f:a2:b6:1a:5a:8c:7b:38:b9:04:34:bf:40:d9:
                    4a:0b:77:c6:96:9d:7e:8a:93:89:f6:7c:c2:85:0e:
                    a7:31:ea:e6:69:b1:b6:5f:3d:80:85:8f:70:e1:70:
                    e2:93:06:93:96:c5:45:4b:c9:e2:dc:4d:c5:f5:07:
                    2a:0e:3e:93:e4:fe:68:fd:50:cc:84:a3:38:86:9d:
                    21:df:8f:ba:03:89:71:e8:b8:6e:0b:11:fc:0e:bd:
                    19:7e:a2:40:5f:aa:65:88:d1:d9:6e:c2:32:e9:68:
                    5c:23:b7:c4:25:ae:b9:8f:02:dc:dd:f0:0d:d6:d3:
                    fc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9B:F7:14:DD:AD:27:C8:16:8C:8F:FE:14:B2:3C:D7:61:1F:EA:7B
            X509v3 Authority Key Identifier:
                keyid:BF:25:83:F3:2F:06:32:F1:FD:A2:DE:31:D4:D5:62:EE:AA:07:D3:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyWD8y8GMvH9ot4x1NVi7qoH07U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vZv3FN2tJ8gWjI_-FLI812Ef6ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8ceaf0-27f6-456c-bc7e-08538b0424eb/1/vyWD8y8GMvH9ot4x1NVi7qoH07U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.94.0/24
                IPv6:
                  2a12:56c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:26:24:2c:d4:66:3c:40:2b:3d:93:58:fe:bd:d5:25:bb:e6:
         83:5d:05:e0:55:f3:a8:04:d2:00:d4:5b:4f:2f:04:ad:be:49:
         4d:84:94:0a:b1:07:9b:2d:f3:29:16:ce:67:a3:8e:2f:df:05:
         9d:c0:a7:88:94:eb:1f:6d:ae:05:36:c9:73:86:0c:e5:8c:de:
         9e:29:c5:fc:20:9d:0a:a3:de:b2:9d:ae:a1:fd:20:f2:e3:69:
         1d:61:74:f0:e2:b1:61:71:4f:5a:7e:ab:38:c0:c6:40:ec:23:
         e4:bf:0c:5f:e8:6c:d1:fc:03:3b:57:9f:76:6f:6c:91:5a:bc:
         fb:16:ce:6e:0b:e0:ad:9c:05:38:7f:eb:15:d7:42:69:b4:ae:
         33:36:e2:b3:61:0b:44:2f:03:62:02:e0:98:42:20:a6:a2:e8:
         d6:e5:e7:7e:8a:a5:2a:5f:50:e6:3a:03:c4:f8:e4:75:2b:16:
         21:b4:79:f6:f0:fa:1c:63:4f:2b:d9:83:b3:cd:a5:79:7f:99:
         d5:e4:58:f7:a6:4e:40:1e:63:5c:9d:c8:a3:10:d1:5f:da:94:
         5d:c1:3c:4b:aa:b5:e7:90:c7:2d:8e:dd:80:4c:59:d4:eb:d4:
         ca:77:5e:1f:e2:2e:e9:51:b1:8b:d1:ac:a5:84:fc:9b:e3:ed:
         0a:b2:4a:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyWLl21pv+12YWrJPTf7+hXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjU4M2YzMmYwNjMyZjFmZGEyZGUzMWQ0ZDU2MmVlYWEw
N2QzYjUwHhcNMjYwMjI1MTkwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDliZjcxNGRkYWQyN2M4MTY4YzhmZmUxNGIyM2NkNzYxMWZlYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27NIl2Z+LB82DJl2KXnVhNHPoMEN
B6/xQZu2/ys+34VpJmgGVrjlDOYsjMNLlN9mTm5qYZuDt1/usONr2r8YzuAylRBx
+Isvtt7QEFGIHSEKvHfHcFGgalmZytmq84REfXId12007C1sNGIbjBj/0LBHqjxh
bnSZ09tZ4C7borHmvebQ8uaVb6K2GlqMezi5BDS/QNlKC3fGlp1+ipOJ9nzChQ6n
MermabG2Xz2AhY9w4XDikwaTlsVFS8ni3E3F9QcqDj6T5P5o/VDMhKM4hp0h34+6
A4lx6LhuCxH8Dr0ZfqJAX6pliNHZbsIy6WhcI7fEJa65jwLc3fAN1tP8hwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL2b9xTdrSfIFoyP/hSyPNdhH+p7MB8GA1UdIwQY
MBaAFL8lg/MvBjLx/aLeMdTVYu6qB9O1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlXRDh5OEdNdkg5b3Q0eDFOVmk3cW9IMDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84Y2VhZjAtMjdmNi00NTZjLWJjN2Ut
MDg1MzhiMDQyNGViLzEvdlp2M0ZOMnRKOGdXaklfLUZMSTgxMkVmNm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84Y2VhZjAtMjdmNi00NTZjLWJjN2UtMDg1MzhiMDQyNGVi
LzEvdnlXRDh5OEdNdkg5b3Q0eDFOVmk3cW9IMDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAstleMA0E
AgACMAcDBQAqElbAMA0GCSqGSIb3DQEBCwUAA4IBAQCoJiQs1GY8QCs9k1j+vdUl
u+aDXQXgVfOoBNIA1FtPLwStvklNhJQKsQebLfMpFs5no44v3wWdwKeIlOsfba4F
NslzhgzljN6eKcX8IJ0Ko96yna6h/SDy42kdYXTw4rFhcU9afqs4wMZA7CPkvwxf
6GzR/AM7V592b2yRWrz7Fs5uC+CtnAU4f+sV10JptK4zNuKzYQtELwNiAuCYQiCm
oujW5ed+iqUqX1DmOgPE+OR1KxYhtHn28PocY08r2YOzzaV5f5nV5Fj3pk5AHmNc
ncijENFf2pRdwTxLqrXnkMctjt2ATFnU69TKd14f4i7pUbGL0aylhPyb4+0KskrN
-----END CERTIFICATE-----