Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Rr2zhV2BMuYwAMQjOZC17bpA4NM.roa
File:                     Rr2zhV2BMuYwAMQjOZC17bpA4NM.roa (raw, json)
Hash identifier:          EMKdr17+gur82xEd8d0NLRU71QAL7ROjLErF0ye4dUQ=
Subject key identifier:   46:BD:B3:85:5D:81:32:E6:30:00:C4:23:39:90:B5:ED:BA:40:E0:D3
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019CD5623D08954543AAFF0F6A778D0DBC5C
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Rr2zhV2BMuYwAMQjOZC17bpA4NM.roa
Signing time:             Tue 10 Mar 2026 01:35:11 +0000
ROA not before:           Tue 10 Mar 2026 01:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     262287
IP address blocks:        149.126.12.0/24 maxlen: 24
                          192.145.70.0/24 maxlen: 24
                          2a0a:8f40:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d5:62:3d:08:95:45:43:aa:ff:0f:6a:77:8d:0d:bc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Mar 10 01:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46bdb3855d8132e63000c4233990b5edba40e0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1e:01:0d:71:72:da:38:b8:e1:04:47:1a:01:
                    21:31:27:f1:ae:66:02:a4:c8:d7:eb:d6:bc:cd:a8:
                    05:84:6f:5b:f2:ae:81:7d:61:e4:f0:b2:89:4c:7f:
                    0a:fa:d6:f2:ce:77:fa:d7:77:9f:7c:05:c6:a5:25:
                    11:ae:64:f4:f6:07:db:3d:e0:be:4e:fd:35:b5:4e:
                    d8:cc:0d:2a:ed:38:14:6c:3c:a4:f2:8d:32:55:ab:
                    18:b1:3b:07:5b:26:df:54:12:1f:0b:b6:e3:9b:8e:
                    c2:a1:4f:cf:bf:29:fd:92:89:f7:c0:2b:7a:9b:95:
                    df:b5:c6:8f:8f:ab:bb:e3:dc:20:33:f2:5b:23:d3:
                    51:1c:c5:a9:3e:fb:16:0e:de:59:a9:74:9e:78:c6:
                    f8:74:d7:e2:e3:8e:a8:dc:a3:f1:8d:9e:0d:b8:fb:
                    8f:e8:66:54:8b:69:9d:31:af:0e:58:57:c1:b2:37:
                    92:dd:37:45:0f:f4:2a:1a:68:9a:63:19:3b:05:7d:
                    c0:cc:b3:0b:de:e3:94:5f:6a:f2:f9:19:ef:fb:5a:
                    be:e0:19:ef:8f:0c:89:40:c4:82:ab:f9:a9:12:a8:
                    07:2b:58:6b:3b:c5:e0:31:32:b2:5f:1a:4f:aa:b6:
                    aa:f1:9c:30:e0:ab:ea:61:33:c0:ed:11:e6:b9:3f:
                    a8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BD:B3:85:5D:81:32:E6:30:00:C4:23:39:90:B5:ED:BA:40:E0:D3
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Rr2zhV2BMuYwAMQjOZC17bpA4NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.12.0/24
                  192.145.70.0/24
                IPv6:
                  2a0a:8f40:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:13:de:67:9f:f3:a8:06:bd:74:ec:8f:c9:8b:64:15:9d:3e:
         d4:97:d1:ac:a3:e3:f1:84:55:64:5a:7f:57:4c:d7:b1:42:b5:
         d3:7c:15:ac:56:69:b5:f2:84:d8:ae:d9:85:43:1b:5e:bc:b9:
         85:c2:01:cc:18:52:11:9c:dd:93:7d:a3:93:0c:ec:fe:fc:bc:
         7d:6d:61:f8:34:80:ad:e6:8d:87:fb:2a:3e:a8:64:3f:af:74:
         d3:71:37:0a:64:63:4d:38:e8:be:64:ca:6a:a0:6d:2a:55:1f:
         56:bf:79:c4:db:9e:fc:cf:35:4d:0c:8f:60:58:e9:c1:5a:de:
         3d:14:25:6a:41:86:ed:0e:3f:11:ef:19:82:de:f9:0f:c5:ff:
         11:e6:5a:9d:82:fb:3b:c0:f3:4f:6d:de:c6:ce:21:95:35:57:
         cd:61:7a:67:d1:ef:ca:8a:df:ac:22:b9:33:79:a6:ca:29:ea:
         1a:c6:63:5b:59:30:74:d6:a8:8e:fe:9e:90:cf:3c:7f:d0:77:
         39:a1:4f:4c:a6:cf:4c:48:17:c4:f5:51:32:59:4e:24:af:af:
         c7:12:bf:2c:d5:5e:b6:fe:36:ab:66:44:41:5d:a2:81:a7:7f:
         af:17:ac:b1:ac:b4:0f:56:bf:cd:2b:27:63:0e:c8:ce:8c:2b:
         3a:a9:e4:cd
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZzVYj0IlUVDqv8PaneNDbxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMzEwMDEzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmJkYjM4NTVkODEzMmU2MzAwMGM0MjMzOTkwYjVlZGJhNDBlMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR4BDXFy2ji44QRHGgEhMSfxrmYC
pMjX69a8zagFhG9b8q6BfWHk8LKJTH8K+tbyznf613effAXGpSURrmT09gfbPeC+
Tv01tU7YzA0q7TgUbDyk8o0yVasYsTsHWybfVBIfC7bjm47CoU/Pvyn9kon3wCt6
m5XftcaPj6u749wgM/JbI9NRHMWpPvsWDt5ZqXSeeMb4dNfi446o3KPxjZ4NuPuP
6GZUi2mdMa8OWFfBsjeS3TdFD/QqGmiaYxk7BX3AzLML3uOUX2ry+Rnv+1q+4Bnv
jwyJQMSCq/mpEqgHK1hrO8XgMTKyXxpPqraq8Zww4KvqYTPA7RHmuT+oFQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEa9s4VdgTLmMADEIzmQte26QODTMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvUnIyemhWMkJNdVl3QU1Rak9aQzE3YnBBNE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAlX4MAwQA
wJFGMA8EAgACMAkDBwAqCo9AAAUwDQYJKoZIhvcNAQELBQADggEBAHoT3mef86gG
vXTsj8mLZBWdPtSX0ayj4/GEVWRaf1dM17FCtdN8FaxWabXyhNiu2YVDG168uYXC
AcwYUhGc3ZN9o5MM7P78vH1tYfg0gK3mjYf7Kj6oZD+vdNNxNwpkY0046L5kymqg
bSpVH1a/ecTbnvzPNU0Mj2BY6cFa3j0UJWpBhu0OPxHvGYLe+Q/F/xHmWp2C+zvA
809t3sbOIZU1V81hemfR78qK36wiuTN5psop6hrGY1tZMHTWqI7+npDPPH/Qdzmh
T0ymz0xIF8T1UTJZTiSvr8cSvyzVXrb+NqtmREFdooGnf68XrLGstA9Wv80rJ2MO
yM6MKzqp5M0=
-----END CERTIFICATE-----