Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/zd2YY232foFztKAVe_hqygCGOBs.roa
File:                     zd2YY232foFztKAVe_hqygCGOBs.roa (raw, json)
Hash identifier:          WYlwfqh2Q7yj5vEWYIxMIxEey2q+2TK2T+nh6BP9btI=
Subject key identifier:   CD:DD:98:63:6D:F6:7E:81:73:B4:A0:15:7B:F8:6A:CA:00:86:38:1B
Certificate issuer:       /CN=b88d0342cf3e714f9c155a4d0df75ff9fb3ff73c
Certificate serial:       019B76EB24A8DD6A6122FDD67D2C3F19725B
Authority key identifier: B8:8D:03:42:CF:3E:71:4F:9C:15:5A:4D:0D:F7:5F:F9:FB:3F:F7:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uI0DQs8-cU-cFVpNDfdf-fs_9zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/zd2YY232foFztKAVe_hqygCGOBs.roa
Signing time:             Thu 01 Jan 2026 00:18:00 +0000
ROA not before:           Thu 01 Jan 2026 00:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12468
IP address blocks:        212.28.160.0/24 maxlen: 24
                          212.28.161.0/24 maxlen: 24
                          212.28.162.0/24 maxlen: 24
                          212.28.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/uI0DQs8-cU-cFVpNDfdf-fs_9zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/uI0DQs8-cU-cFVpNDfdf-fs_9zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uI0DQs8-cU-cFVpNDfdf-fs_9zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:24:a8:dd:6a:61:22:fd:d6:7d:2c:3f:19:72:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b88d0342cf3e714f9c155a4d0df75ff9fb3ff73c
        Validity
            Not Before: Jan  1 00:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cddd98636df67e8173b4a0157bf86aca0086381b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:16:69:db:f2:52:40:37:af:07:c2:fd:ee:8b:
                    2f:c8:18:fc:36:01:dd:40:5b:51:84:94:7e:98:39:
                    f5:6c:c5:7a:fc:47:35:d9:45:a9:1c:58:85:c5:8f:
                    2a:52:61:16:e8:c1:4e:56:2d:c7:fa:8a:f3:02:ee:
                    d3:23:41:a2:1c:7a:18:74:a8:05:0d:f5:b5:d1:ac:
                    a2:f4:04:bf:14:80:18:8f:bd:2f:8a:cb:74:44:bc:
                    2a:64:8a:84:01:27:82:46:ed:e4:38:2f:23:e9:9d:
                    73:96:29:12:bd:34:64:28:6a:60:b8:e1:b2:e8:04:
                    52:9d:a7:fa:90:79:87:54:c3:17:5c:28:c2:2e:36:
                    0b:5c:c1:87:a5:c8:7f:49:12:92:f9:42:46:61:b1:
                    14:b0:b7:86:7a:94:27:14:f9:9f:1f:e2:c5:9f:f1:
                    77:54:85:28:b4:73:68:9e:78:ea:b8:b5:91:2c:90:
                    f3:5a:9d:c5:33:91:09:3e:a6:78:d8:77:fb:c3:f9:
                    2c:f4:ce:ce:14:64:4d:0e:be:aa:93:d0:76:cb:bb:
                    41:e0:e4:e7:23:a3:82:42:37:ae:18:ec:3e:f9:b2:
                    25:c1:9a:f8:b5:54:d8:33:76:ba:7c:ab:90:ef:92:
                    4e:41:53:f8:51:87:a3:44:d5:b1:db:9c:9c:13:94:
                    86:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DD:98:63:6D:F6:7E:81:73:B4:A0:15:7B:F8:6A:CA:00:86:38:1B
            X509v3 Authority Key Identifier:
                keyid:B8:8D:03:42:CF:3E:71:4F:9C:15:5A:4D:0D:F7:5F:F9:FB:3F:F7:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uI0DQs8-cU-cFVpNDfdf-fs_9zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/zd2YY232foFztKAVe_hqygCGOBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/37d746-5ef9-4b74-bf6f-fe716271a2ad/1/uI0DQs8-cU-cFVpNDfdf-fs_9zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.28.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:32:ad:18:fd:b8:32:a2:8e:f6:53:61:bb:6e:82:9e:96:ff:
         12:bb:42:64:7d:25:8b:e4:19:5a:8d:92:6a:a7:25:3f:4f:af:
         bd:47:32:1c:4d:f2:3e:b6:e4:b2:18:4b:71:aa:c7:84:86:16:
         ca:de:66:35:95:04:9c:ed:11:80:f6:57:1f:bf:9d:1e:03:bb:
         13:c1:9a:f7:b6:95:94:a8:bc:3d:b4:e0:cb:c1:4f:0f:71:cd:
         d9:2b:64:94:03:a8:d3:ff:75:6f:37:98:94:9f:d8:16:ac:13:
         8a:16:6b:16:a0:3f:d6:42:cf:17:19:30:ea:ac:17:4a:68:aa:
         db:6c:76:10:cb:4a:ab:20:09:0c:ba:ef:08:ce:82:28:15:da:
         9c:bd:38:8b:13:d8:7a:1c:bf:ea:67:f5:dc:52:9f:9c:0a:66:
         e4:20:db:7c:68:3e:49:bf:b8:95:e1:d2:e5:6f:ee:d6:01:2a:
         aa:ba:13:f0:8f:a3:6d:dd:c4:26:61:d1:e0:1f:6d:61:1b:1e:
         be:62:ee:cc:4f:25:81:9b:97:35:8f:d2:57:cb:be:d1:70:86:
         d7:fe:3a:b0:20:59:cc:5e:1e:80:5a:96:ec:95:33:99:1a:7f:
         7d:2e:32:c7:b8:e0:d0:77:47:9e:c4:4d:ec:62:c7:5b:40:be:
         8b:b6:18:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26ySo3WphIv3WfSw/GXJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4OGQwMzQyY2YzZTcxNGY5YzE1NWE0ZDBkZjc1ZmY5ZmIz
ZmY3M2MwHhcNMjYwMTAxMDAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRkOTg2MzZkZjY3ZTgxNzNiNGEwMTU3YmY4NmFjYTAwODYzODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xZp2/JSQDevB8L97osvyBj8NgHd
QFtRhJR+mDn1bMV6/Ec12UWpHFiFxY8qUmEW6MFOVi3H+orzAu7TI0GiHHoYdKgF
DfW10ayi9AS/FIAYj70vist0RLwqZIqEASeCRu3kOC8j6Z1zlikSvTRkKGpguOGy
6ARSnaf6kHmHVMMXXCjCLjYLXMGHpch/SRKS+UJGYbEUsLeGepQnFPmfH+LFn/F3
VIUotHNonnjquLWRLJDzWp3FM5EJPqZ42Hf7w/ks9M7OFGRNDr6qk9B2y7tB4OTn
I6OCQjeuGOw++bIlwZr4tVTYM3a6fKuQ75JOQVP4UYejRNWx25ycE5SGTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3dmGNt9n6Bc7SgFXv4asoAhjgbMB8GA1UdIwQY
MBaAFLiNA0LPPnFPnBVaTQ33X/n7P/c8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUkwRFFzOC1jVS1jRlZwTkRmZGYtZnNfOXp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8zN2Q3NDYtNWVmOS00Yjc0LWJmNmYt
ZmU3MTYyNzFhMmFkLzEvemQyWVkyMzJmb0Z6dEtBVmVfaHF5Z0NHT0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8zN2Q3NDYtNWVmOS00Yjc0LWJmNmYtZmU3MTYyNzFhMmFk
LzEvdUkwRFFzOC1jVS1jRlZwTkRmZGYtZnNfOXp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1BygMA0G
CSqGSIb3DQEBCwUAA4IBAQAgMq0Y/bgyoo72U2G7boKelv8Su0JkfSWL5BlajZJq
pyU/T6+9RzIcTfI+tuSyGEtxqseEhhbK3mY1lQSc7RGA9lcfv50eA7sTwZr3tpWU
qLw9tODLwU8Pcc3ZK2SUA6jT/3VvN5iUn9gWrBOKFmsWoD/WQs8XGTDqrBdKaKrb
bHYQy0qrIAkMuu8IzoIoFdqcvTiLE9h6HL/qZ/XcUp+cCmbkINt8aD5Jv7iV4dLl
b+7WASqquhPwj6Nt3cQmYdHgH21hGx6+Yu7MTyWBm5c1j9JXy77RcIbX/jqwIFnM
Xh6AWpbslTOZGn99LjLHuODQd0eexE3sYsdbQL6Lthhv
-----END CERTIFICATE-----