Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/2z-c3MpGdlvNK98wFJ-FhUpQXTk.roa
File:                     2z-c3MpGdlvNK98wFJ-FhUpQXTk.roa (raw, json)
Hash identifier:          jD+P5ccWJZqhrEzl8gpwfaAxbm2916uuSP5OIhhxw0M=
Subject key identifier:   DB:3F:9C:DC:CA:46:76:5B:CD:2B:DF:30:14:9F:85:85:4A:50:5D:39
Certificate issuer:       /CN=473779e6a77c7e58213198764ce2ac0e6bee6236
Certificate serial:       019CC30BA7F12B1C2731DE6BB00FD3582A2F
Authority key identifier: 47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/2z-c3MpGdlvNK98wFJ-FhUpQXTk.roa
Signing time:             Fri 06 Mar 2026 12:07:26 +0000
ROA not before:           Fri 06 Mar 2026 12:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8893
IP address blocks:        178.254.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:0b:a7:f1:2b:1c:27:31:de:6b:b0:0f:d3:58:2a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473779e6a77c7e58213198764ce2ac0e6bee6236
        Validity
            Not Before: Mar  6 12:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db3f9cdcca46765bcd2bdf30149f85854a505d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a9:55:9d:7a:83:34:c7:bb:0c:ba:f4:c0:8e:
                    23:05:9c:73:f2:80:35:04:a8:14:b7:de:10:ba:a6:
                    c4:61:38:3e:a2:5e:32:70:c3:34:0e:00:c1:09:ca:
                    43:2b:8a:7e:8a:1f:ca:c8:91:de:7e:3b:1e:0f:31:
                    7d:eb:91:b8:47:26:26:c5:cf:c3:9a:0f:d2:c2:7e:
                    1e:fb:ac:94:b2:28:2e:5e:a2:3c:51:09:d3:43:86:
                    45:05:b0:a3:8f:32:2c:ab:71:45:d6:2f:32:c1:81:
                    25:1d:9b:4e:07:f4:e3:20:63:7a:d6:7d:9a:ce:ec:
                    6e:36:a6:c6:38:41:14:17:a3:3f:6b:46:7a:30:59:
                    1a:4a:43:1b:71:0b:d0:b8:16:cc:3d:f1:d5:a6:14:
                    91:84:e3:51:fb:8a:d2:ce:e3:62:d8:c9:fd:24:88:
                    ba:27:1d:7b:56:62:9c:d4:e3:d4:aa:3c:e1:bd:3f:
                    21:b8:8a:d0:e5:50:82:45:b8:31:4b:ee:6a:e6:53:
                    52:55:6d:73:af:d8:7a:ac:02:03:54:a2:0d:2d:27:
                    33:5e:2d:42:21:41:d4:a0:db:16:93:28:92:fd:f2:
                    60:06:f8:b7:29:dd:61:4a:eb:0e:eb:81:4a:f1:23:
                    4f:df:04:d2:5c:e9:da:59:97:50:7f:16:c2:8f:04:
                    a0:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3F:9C:DC:CA:46:76:5B:CD:2B:DF:30:14:9F:85:85:4A:50:5D:39
            X509v3 Authority Key Identifier:
                keyid:47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/2z-c3MpGdlvNK98wFJ-FhUpQXTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:5c:33:4e:22:77:0b:cc:d2:94:97:31:85:86:6b:bc:76:91:
         0b:13:c4:f1:2d:93:ff:ea:56:04:81:cf:58:11:48:9f:41:38:
         9d:ca:fc:c0:af:64:93:cf:21:2f:0e:3f:e5:a3:35:08:2d:c5:
         cb:84:a6:82:4b:0e:f3:fb:8e:4a:7b:e0:24:96:cd:e0:a7:08:
         5c:f6:a7:75:2c:0d:54:ab:6b:3f:77:c5:e1:37:94:3f:d0:89:
         3e:43:30:e3:b4:8f:ed:15:6f:d5:6a:cb:20:78:66:65:c4:40:
         1d:64:52:8a:53:79:36:70:2c:28:bf:13:70:2a:0a:a6:77:7f:
         67:71:30:e0:7f:00:f6:bc:d5:a5:7f:32:bd:87:73:08:7e:5f:
         91:8c:29:13:f3:a3:09:11:9b:f4:03:0f:b1:f1:d3:ca:fa:32:
         51:09:f8:58:52:d3:96:05:ab:a4:15:87:e2:d9:93:76:cd:34:
         ac:2f:ca:dd:3e:98:b1:be:90:ce:41:47:fc:a5:26:b7:d2:de:
         45:a5:0e:f7:94:6a:28:d7:4b:88:d7:8a:49:96:d0:bc:57:51:
         3b:5d:11:02:1c:2d:19:4a:65:ec:aa:78:69:10:47:4a:45:de:
         76:1d:a5:1e:9e:ac:7d:c8:24:09:39:f5:d7:8b:54:ed:fb:28:
         0f:bb:77:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDC6fxKxwnMd5rsA/TWCovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Mzc3OWU2YTc3YzdlNTgyMTMxOTg3NjRjZTJhYzBlNmJl
ZTYyMzYwHhcNMjYwMzA2MTIwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNmOWNkY2NhNDY3NjViY2QyYmRmMzAxNDlmODU4NTRhNTA1ZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvalVnXqDNMe7DLr0wI4jBZxz8oA1
BKgUt94QuqbEYTg+ol4ycMM0DgDBCcpDK4p+ih/KyJHefjseDzF965G4RyYmxc/D
mg/Swn4e+6yUsiguXqI8UQnTQ4ZFBbCjjzIsq3FF1i8ywYElHZtOB/TjIGN61n2a
zuxuNqbGOEEUF6M/a0Z6MFkaSkMbcQvQuBbMPfHVphSRhONR+4rSzuNi2Mn9JIi6
Jx17VmKc1OPUqjzhvT8huIrQ5VCCRbgxS+5q5lNSVW1zr9h6rAIDVKINLSczXi1C
IUHUoNsWkyiS/fJgBvi3Kd1hSusO64FK8SNP3wTSXOnaWZdQfxbCjwSgMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs/nNzKRnZbzSvfMBSfhYVKUF05MB8GA1UdIwQY
MBaAFEc3eeanfH5YITGYdkzirA5r7mI2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEt
NThkNjY0MjEwNjY5LzEvMnotYzNNcEdkbHZOSzk4d0ZKLUZoVXBRWFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEtNThkNjY0MjEwNjY5
LzEvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv4/MA0G
CSqGSIb3DQEBCwUAA4IBAQDBXDNOIncLzNKUlzGFhmu8dpELE8TxLZP/6lYEgc9Y
EUifQTidyvzAr2STzyEvDj/lozUILcXLhKaCSw7z+45Ke+Akls3gpwhc9qd1LA1U
q2s/d8XhN5Q/0Ik+QzDjtI/tFW/VassgeGZlxEAdZFKKU3k2cCwovxNwKgqmd39n
cTDgfwD2vNWlfzK9h3MIfl+RjCkT86MJEZv0Aw+x8dPK+jJRCfhYUtOWBaukFYfi
2ZN2zTSsL8rdPpixvpDOQUf8pSa30t5FpQ73lGoo10uI14pJltC8V1E7XRECHC0Z
SmXsqnhpEEdKRd52HaUenqx9yCQJOfXXi1Tt+ygPu3cU
-----END CERTIFICATE-----