Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/0D_NBjIXI-aivq-ZgY6qzk3IUyY.roa
File:                     0D_NBjIXI-aivq-ZgY6qzk3IUyY.roa (raw, json)
Hash identifier:          zpGjUKVXl4Ps76uJriGfeSn41V2BzAeznnUAHW6MZ4U=
Subject key identifier:   D0:3F:CD:06:32:17:23:E6:A2:BE:AF:99:81:8E:AA:CE:4D:C8:53:26
Certificate issuer:       /CN=6f6554c4d85bfd86f0a749c1ca0f5d0e9692e655
Certificate serial:       019CD7B8FD4FA66818A46010F84C4C46CC2F
Authority key identifier: 6F:65:54:C4:D8:5B:FD:86:F0:A7:49:C1:CA:0F:5D:0E:96:92:E6:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b2VUxNhb_Ybwp0nByg9dDpaS5lU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/0D_NBjIXI-aivq-ZgY6qzk3IUyY.roa
Signing time:             Tue 10 Mar 2026 12:29:10 +0000
ROA not before:           Tue 10 Mar 2026 12:29:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214460
IP address blocks:        212.47.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/b2VUxNhb_Ybwp0nByg9dDpaS5lU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/b2VUxNhb_Ybwp0nByg9dDpaS5lU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b2VUxNhb_Ybwp0nByg9dDpaS5lU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:b8:fd:4f:a6:68:18:a4:60:10:f8:4c:4c:46:cc:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f6554c4d85bfd86f0a749c1ca0f5d0e9692e655
        Validity
            Not Before: Mar 10 12:29:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d03fcd06321723e6a2beaf99818eaace4dc85326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:57:79:3e:da:94:e8:38:82:aa:98:e6:04:b4:
                    c6:50:05:80:83:e6:c8:d1:db:89:89:53:ef:9e:01:
                    ff:72:56:a8:83:d2:cf:b8:7f:88:da:46:16:8a:1e:
                    9a:f0:8f:3d:9a:9d:8c:ea:36:c0:cb:7b:fe:10:9e:
                    66:60:bf:8e:f9:11:33:4c:51:3e:96:6a:2b:d3:39:
                    4d:51:cb:8b:c4:e1:22:df:d7:45:63:ff:19:ac:dd:
                    c9:6d:b2:82:a6:41:6e:a3:1e:31:f9:8f:c0:eb:70:
                    54:10:c4:e4:d6:ab:91:0c:85:11:11:05:7d:c0:58:
                    74:2c:d1:b7:be:76:90:71:62:93:a9:1d:1f:9a:0d:
                    3c:0b:c9:02:bb:4f:e2:f3:2b:cb:90:b3:c3:77:0a:
                    74:a0:81:36:5f:28:ba:c3:1e:c2:8a:6e:83:2d:e9:
                    ed:b2:5d:41:d7:e5:00:8d:18:5c:82:29:01:ec:ea:
                    08:8f:b9:1e:d4:87:0f:ed:b4:01:d2:8d:1e:57:84:
                    ab:dc:9d:c5:1a:b8:1a:f2:88:b7:c3:f7:d4:29:84:
                    19:04:dc:54:4e:15:ad:be:48:06:8d:e5:d4:3d:08:
                    22:e8:89:be:73:11:df:69:b5:e4:b2:e5:85:dc:16:
                    59:66:c8:5e:78:e0:aa:cd:10:6e:3b:d2:fc:d2:33:
                    34:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:3F:CD:06:32:17:23:E6:A2:BE:AF:99:81:8E:AA:CE:4D:C8:53:26
            X509v3 Authority Key Identifier:
                keyid:6F:65:54:C4:D8:5B:FD:86:F0:A7:49:C1:CA:0F:5D:0E:96:92:E6:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2VUxNhb_Ybwp0nByg9dDpaS5lU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/0D_NBjIXI-aivq-ZgY6qzk3IUyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5bca60-163f-40f8-877d-873dbd12c6a2/1/b2VUxNhb_Ybwp0nByg9dDpaS5lU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.47.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:df:6f:5b:c2:27:fb:b3:41:2d:d9:1e:d0:0a:1d:13:9b:93:
         4a:68:fc:1a:5d:f7:c3:49:b9:a9:01:f6:40:4b:e1:e8:82:70:
         94:17:c8:39:bb:eb:11:57:cb:92:42:6a:b2:da:cf:a6:50:41:
         dc:0b:4d:e5:c7:50:f6:5e:29:51:07:d4:23:45:60:00:3c:9c:
         e9:63:46:02:e1:e1:36:ce:98:69:5e:ea:fb:fe:0a:be:9f:dc:
         62:09:e4:2b:31:e1:b5:5b:56:65:e6:f1:e4:d3:34:b0:65:01:
         66:af:3c:48:f5:52:91:14:ad:fc:f5:e7:93:1d:9e:33:e4:47:
         f6:4e:48:88:7b:ea:d3:10:ad:1d:c9:6c:82:cd:1e:80:16:12:
         1c:d8:4a:98:1f:54:ca:99:bf:bc:5b:0d:36:ab:51:c0:88:aa:
         31:18:42:f9:4a:f5:5f:a5:56:b7:03:43:73:d5:b2:f0:e2:b7:
         3f:88:3e:74:ac:94:a5:e6:46:69:99:ea:b6:83:ef:a1:c0:9d:
         a5:34:8c:ae:02:6a:bb:9c:bc:7f:c9:f6:c9:6e:f1:42:12:7a:
         32:c2:1f:87:d5:8a:46:ba:a5:e3:45:ef:cb:a6:79:7a:26:ca:
         6d:2b:d7:a1:bd:1c:f8:3f:59:3f:17:c5:ab:f4:6b:06:ed:55:
         1f:d7:c9:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXuP1PpmgYpGAQ+ExMRswvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNjU1NGM0ZDg1YmZkODZmMGE3NDljMWNhMGY1ZDBlOTY5
MmU2NTUwHhcNMjYwMzEwMTIyOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDNmY2QwNjMyMTcyM2U2YTJiZWFmOTk4MThlYWFjZTRkYzg1MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ld5PtqU6DiCqpjmBLTGUAWAg+bI
0duJiVPvngH/claog9LPuH+I2kYWih6a8I89mp2M6jbAy3v+EJ5mYL+O+REzTFE+
lmor0zlNUcuLxOEi39dFY/8ZrN3JbbKCpkFuox4x+Y/A63BUEMTk1quRDIUREQV9
wFh0LNG3vnaQcWKTqR0fmg08C8kCu0/i8yvLkLPDdwp0oIE2Xyi6wx7Cim6DLent
sl1B1+UAjRhcgikB7OoIj7ke1IcP7bQB0o0eV4Sr3J3FGrga8oi3w/fUKYQZBNxU
ThWtvkgGjeXUPQgi6Im+cxHfabXksuWF3BZZZsheeOCqzRBuO9L80jM0GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNA/zQYyFyPmor6vmYGOqs5NyFMmMB8GA1UdIwQY
MBaAFG9lVMTYW/2G8KdJwcoPXQ6WkuZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjJWVXhOaGJfWWJ3cDBuQnlnOWREcGFTNWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YmNhNjAtMTYzZi00MGY4LTg3N2Qt
ODczZGJkMTJjNmEyLzEvMERfTkJqSVhJLWFpdnEtWmdZNnF6azNJVXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YmNhNjAtMTYzZi00MGY4LTg3N2QtODczZGJkMTJjNmEy
LzEvYjJWVXhOaGJfWWJ3cDBuQnlnOWREcGFTNWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C8sMA0G
CSqGSIb3DQEBCwUAA4IBAQBF329bwif7s0Et2R7QCh0Tm5NKaPwaXffDSbmpAfZA
S+HognCUF8g5u+sRV8uSQmqy2s+mUEHcC03lx1D2XilRB9QjRWAAPJzpY0YC4eE2
zphpXur7/gq+n9xiCeQrMeG1W1Zl5vHk0zSwZQFmrzxI9VKRFK389eeTHZ4z5Ef2
TkiIe+rTEK0dyWyCzR6AFhIc2EqYH1TKmb+8Ww02q1HAiKoxGEL5SvVfpVa3A0Nz
1bLw4rc/iD50rJSl5kZpmeq2g++hwJ2lNIyuAmq7nLx/yfbJbvFCEnoywh+H1YpG
uqXjRe/Lpnl6JsptK9ehvRz4P1k/F8Wr9GsG7VUf18lI
-----END CERTIFICATE-----