Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/vzCvsJOD_uIWGn5EN7k-vrcSiXA.roa
File:                     vzCvsJOD_uIWGn5EN7k-vrcSiXA.roa (raw, json)
Hash identifier:          PxNjc56uGjg5viTOwh/Wnu/9ehDdXvtZoR0adzNgjJ8=
Subject key identifier:   BF:30:AF:B0:93:83:FE:E2:16:1A:7E:44:37:B9:3E:BE:B7:12:89:70
Certificate issuer:       /CN=950453ed485e76870617a0e4f4675144c3192cb2
Certificate serial:       019E1716E445FA19E5D74AEF5F3BCE1EBCB7
Authority key identifier: 95:04:53:ED:48:5E:76:87:06:17:A0:E4:F4:67:51:44:C3:19:2C:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQRT7UhedocGF6Dk9GdRRMMZLLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/vzCvsJOD_uIWGn5EN7k-vrcSiXA.roa
Signing time:             Mon 11 May 2026 12:50:36 +0000
ROA not before:           Mon 11 May 2026 12:50:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64096
IP address blocks:        185.26.84.0/24 maxlen: 24
                          2a0d:9fc0::/32 maxlen: 32
                          2a0d:9fc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/lQRT7UhedocGF6Dk9GdRRMMZLLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/lQRT7UhedocGF6Dk9GdRRMMZLLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQRT7UhedocGF6Dk9GdRRMMZLLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:16:e4:45:fa:19:e5:d7:4a:ef:5f:3b:ce:1e:bc:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=950453ed485e76870617a0e4f4675144c3192cb2
        Validity
            Not Before: May 11 12:50:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf30afb09383fee2161a7e4437b93ebeb7128970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:60:5f:1e:dc:5f:30:f0:60:20:b8:f7:e7:23:
                    d8:4f:10:8b:ba:9c:94:26:5a:65:19:39:cb:b8:b1:
                    0c:6c:21:b9:29:29:30:7a:61:95:d7:ee:b8:fd:fe:
                    a9:1e:b8:3b:43:a4:82:8a:a0:a6:04:27:9b:4e:73:
                    74:e5:13:25:33:6b:0c:58:7c:4a:cb:9c:89:4d:86:
                    19:c4:8d:50:66:e3:1b:f2:db:99:90:8e:04:0a:64:
                    c4:fb:0d:ec:97:0c:e8:05:e3:c2:5d:07:8b:25:4c:
                    6d:05:7b:b3:1c:cb:42:ca:48:f1:67:52:ff:43:b3:
                    4e:61:06:67:3f:de:aa:91:65:42:6f:5b:86:a5:a6:
                    5a:72:75:84:f3:d9:e1:f0:c5:61:5b:c5:5f:e6:da:
                    fb:c9:38:e0:26:5c:81:2b:60:4c:39:89:17:9e:a3:
                    2b:39:e1:3a:08:c8:cd:cf:f8:6f:89:6c:5e:db:cb:
                    99:5e:fe:f5:5b:ab:05:ce:51:94:50:10:87:f0:cf:
                    54:a5:42:3e:49:a6:23:33:d6:4d:f0:a7:bb:e6:2c:
                    00:37:77:bd:d4:9e:ed:c0:4f:3a:26:7b:12:7e:34:
                    22:88:c2:9e:ea:03:a4:34:be:f1:a1:c0:1e:12:de:
                    97:c4:58:b7:52:de:65:8b:08:d5:e9:9c:b7:61:74:
                    48:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:30:AF:B0:93:83:FE:E2:16:1A:7E:44:37:B9:3E:BE:B7:12:89:70
            X509v3 Authority Key Identifier:
                keyid:95:04:53:ED:48:5E:76:87:06:17:A0:E4:F4:67:51:44:C3:19:2C:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQRT7UhedocGF6Dk9GdRRMMZLLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/vzCvsJOD_uIWGn5EN7k-vrcSiXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d26a1c-1870-4821-bb8a-84f95d33e2c6/1/lQRT7UhedocGF6Dk9GdRRMMZLLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.84.0/24
                IPv6:
                  2a0d:9fc0::/31

    Signature Algorithm: sha256WithRSAEncryption
         3b:69:32:b4:1c:c2:45:d5:d5:d7:f0:c1:64:49:a3:98:33:1d:
         68:3d:55:6f:c7:0c:fd:f3:b9:d3:8b:0a:d2:dc:7c:e4:70:56:
         f7:54:1f:a5:b3:ed:00:bb:2a:3f:f7:0b:d6:e3:9a:b5:65:5a:
         0e:0a:a4:b7:2b:28:d4:34:00:5f:c2:50:03:39:f4:c4:ba:5a:
         95:80:f3:47:10:c5:a5:74:01:d1:1d:55:ee:42:29:f5:4d:3d:
         72:2a:db:fa:bd:13:97:a0:07:62:b4:54:8c:0d:62:c2:0a:25:
         68:04:22:b4:a2:55:ff:24:7b:4e:45:67:1e:e8:f7:75:84:6a:
         21:3e:bf:25:25:08:30:cb:a0:f6:5e:94:48:35:1b:a2:79:8d:
         84:4c:53:b1:68:ef:9c:3d:14:3f:af:53:a9:73:d0:f5:47:78:
         d8:32:c3:02:77:cd:9a:40:da:69:6c:e4:7e:1d:3f:51:97:2f:
         c4:d2:52:95:8a:fa:67:7c:49:a5:e2:15:6c:89:08:43:00:ac:
         f3:88:63:bf:74:12:6a:a1:da:b4:24:37:cf:92:ed:15:08:d9:
         d9:d2:d1:3a:7d:49:70:4c:b0:f8:39:a3:70:81:43:92:10:0d:
         62:e5:1a:e0:79:b1:7f:6e:c9:6c:73:a9:c5:73:2a:06:0c:0c:
         ba:93:f0:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4XFuRF+hnl10rvXzvOHry3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDQ1M2VkNDg1ZTc2ODcwNjE3YTBlNGY0Njc1MTQ0YzMx
OTJjYjIwHhcNMjYwNTExMTI1MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMwYWZiMDkzODNmZWUyMTYxYTdlNDQzN2I5M2ViZWI3MTI4OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGBfHtxfMPBgILj35yPYTxCLupyU
JlplGTnLuLEMbCG5KSkwemGV1+64/f6pHrg7Q6SCiqCmBCebTnN05RMlM2sMWHxK
y5yJTYYZxI1QZuMb8tuZkI4ECmTE+w3slwzoBePCXQeLJUxtBXuzHMtCykjxZ1L/
Q7NOYQZnP96qkWVCb1uGpaZacnWE89nh8MVhW8Vf5tr7yTjgJlyBK2BMOYkXnqMr
OeE6CMjNz/hviWxe28uZXv71W6sFzlGUUBCH8M9UpUI+SaYjM9ZN8Ke75iwAN3e9
1J7twE86JnsSfjQiiMKe6gOkNL7xocAeEt6XxFi3Ut5liwjV6Zy3YXRIkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL8wr7CTg/7iFhp+RDe5Pr63EolwMB8GA1UdIwQY
MBaAFJUEU+1IXnaHBheg5PRnUUTDGSyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFSVDdVaGVkb2NHRjZEazlHZFJSTU1aTExJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kMjZhMWMtMTg3MC00ODIxLWJiOGEt
ODRmOTVkMzNlMmM2LzEvdnpDdnNKT0RfdUlXR241RU43ay12cmNTaVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kMjZhMWMtMTg3MC00ODIxLWJiOGEtODRmOTVkMzNlMmM2
LzEvbFFSVDdVaGVkb2NHRjZEazlHZFJSTU1aTExJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRpUMA0E
AgACMAcDBQEqDZ/AMA0GCSqGSIb3DQEBCwUAA4IBAQA7aTK0HMJF1dXX8MFkSaOY
Mx1oPVVvxwz987nTiwrS3HzkcFb3VB+ls+0Auyo/9wvW45q1ZVoOCqS3KyjUNABf
wlADOfTEulqVgPNHEMWldAHRHVXuQin1TT1yKtv6vROXoAditFSMDWLCCiVoBCK0
olX/JHtORWce6Pd1hGohPr8lJQgwy6D2XpRINRuieY2ETFOxaO+cPRQ/r1Opc9D1
R3jYMsMCd82aQNppbOR+HT9Rly/E0lKVivpnfEml4hVsiQhDAKzziGO/dBJqodq0
JDfPku0VCNnZ0tE6fUlwTLD4OaNwgUOSEA1i5RrgebF/bslsc6nFcyoGDAy6k/DF
-----END CERTIFICATE-----