Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/mf_AZ1vDsnNkv0nHtoE1T2hjIH4.roa
File:                     mf_AZ1vDsnNkv0nHtoE1T2hjIH4.roa (raw, json)
Hash identifier:          gw1fT/9xJl2DFpGmxI3jrXwIRs8KgcauR0afwI0ggNk=
Subject key identifier:   99:FF:C0:67:5B:C3:B2:73:64:BF:49:C7:B6:81:35:4F:68:63:20:7E
Certificate issuer:       /CN=66d1233f112a4a3435575a3a219dccc021068d99
Certificate serial:       019B7F148EC766D341106DF19EE4183F711A
Authority key identifier: 66:D1:23:3F:11:2A:4A:34:35:57:5A:3A:21:9D:CC:C0:21:06:8D:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/mf_AZ1vDsnNkv0nHtoE1T2hjIH4.roa
Signing time:             Fri 02 Jan 2026 14:20:12 +0000
ROA not before:           Fri 02 Jan 2026 14:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62165
IP address blocks:        193.163.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:8e:c7:66:d3:41:10:6d:f1:9e:e4:18:3f:71:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d1233f112a4a3435575a3a219dccc021068d99
        Validity
            Not Before: Jan  2 14:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99ffc0675bc3b27364bf49c7b681354f6863207e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f0:73:9f:73:b3:86:3b:9e:36:52:5c:06:8e:
                    6a:85:68:21:14:4f:db:d5:77:47:fd:78:48:f7:32:
                    ac:d5:c4:6c:5a:f0:94:92:3a:1e:74:6b:a7:9b:af:
                    f8:65:43:f6:f6:4b:9f:6b:a3:d2:0f:ef:b6:ad:53:
                    10:48:9d:e8:fa:bc:1e:2f:d7:0b:f2:9e:a5:be:e0:
                    7a:0f:e9:9f:eb:15:a2:c5:51:7e:93:64:23:99:06:
                    13:9c:b8:31:8c:5a:bc:76:bc:2d:56:72:aa:c1:75:
                    13:c2:33:2e:e5:7d:1c:1a:80:b4:7f:c7:00:96:a6:
                    3d:f4:0c:db:fb:56:89:a0:a2:d9:d7:41:79:8e:f4:
                    56:c7:da:21:6f:81:35:b9:3c:da:63:54:b3:96:4c:
                    43:7b:04:36:9f:c8:69:cf:bf:ef:d4:df:4a:d7:fb:
                    8d:55:24:21:ee:87:a5:a5:7b:ee:f4:02:c0:35:90:
                    f9:3b:c1:05:b4:57:56:f8:4f:25:4c:b8:47:ae:e3:
                    27:b5:3d:96:ca:4c:e5:11:74:31:86:af:c1:f5:09:
                    8f:9f:f0:62:aa:01:ca:87:90:c9:8f:92:d4:de:83:
                    14:3d:13:88:40:28:7f:3a:84:3b:73:ae:25:31:79:
                    c5:c7:22:86:77:a6:b0:00:d0:24:8b:b0:f0:3d:11:
                    40:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FF:C0:67:5B:C3:B2:73:64:BF:49:C7:B6:81:35:4F:68:63:20:7E
            X509v3 Authority Key Identifier:
                keyid:66:D1:23:3F:11:2A:4A:34:35:57:5A:3A:21:9D:CC:C0:21:06:8D:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/mf_AZ1vDsnNkv0nHtoE1T2hjIH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06205d-e6a5-4d54-96e8-fe4cd2712306/1/ZtEjPxEqSjQ1V1o6IZ3MwCEGjZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:12:dd:7a:eb:1a:63:b4:57:b9:60:3f:aa:29:d0:09:bd:41:
         77:89:b4:92:87:ea:b4:8a:3d:7c:0e:f9:8b:93:42:c5:52:5d:
         7f:74:ff:28:29:f4:5f:a7:df:c4:d4:07:4f:5c:05:7b:c0:2c:
         50:1c:a1:82:7e:9e:b9:ec:d6:64:e2:33:f0:e9:bb:f0:34:40:
         60:21:a8:1c:87:01:cd:a4:e3:3b:5c:9e:13:e6:04:e2:fc:2c:
         a6:8a:fd:4d:54:19:4b:ce:aa:5d:93:c9:bd:ef:58:c7:a6:a7:
         11:a7:be:45:2f:2e:fc:94:15:a6:e0:bd:a3:c3:98:d8:50:8c:
         ce:9a:1b:58:b6:6f:e9:e4:92:f9:53:61:c9:e1:70:1b:dd:7e:
         9e:3e:59:02:5e:1b:f6:48:c0:24:00:f0:9c:e5:4f:12:19:31:
         30:95:fc:1b:23:87:c0:92:df:6a:46:dd:d2:b4:e2:0d:c5:32:
         d0:3b:2b:b4:b4:ac:41:f1:b3:b5:bf:7b:93:69:a2:0d:b9:36:
         c9:64:28:76:95:e5:3b:20:dc:93:48:92:43:a3:67:18:b7:8c:
         59:21:eb:3e:c4:73:94:b2:34:64:3e:de:21:f5:19:75:7d:58:
         4e:e8:13:9d:74:f6:82:d8:07:c3:2d:02:af:a2:71:a1:97:90:
         5b:ea:bb:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FI7HZtNBEG3xnuQYP3EaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDEyMzNmMTEyYTRhMzQzNTU3NWEzYTIxOWRjY2MwMjEw
NjhkOTkwHhcNMjYwMTAyMTQyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZmYzA2NzViYzNiMjczNjRiZjQ5YzdiNjgxMzU0ZjY4NjMyMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Bzn3OzhjueNlJcBo5qhWghFE/b
1XdH/XhI9zKs1cRsWvCUkjoedGunm6/4ZUP29kufa6PSD++2rVMQSJ3o+rweL9cL
8p6lvuB6D+mf6xWixVF+k2QjmQYTnLgxjFq8drwtVnKqwXUTwjMu5X0cGoC0f8cA
lqY99Azb+1aJoKLZ10F5jvRWx9ohb4E1uTzaY1SzlkxDewQ2n8hpz7/v1N9K1/uN
VSQh7oelpXvu9ALANZD5O8EFtFdW+E8lTLhHruMntT2WykzlEXQxhq/B9QmPn/Bi
qgHKh5DJj5LU3oMUPROIQCh/OoQ7c64lMXnFxyKGd6awANAki7DwPRFAnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn/wGdbw7JzZL9Jx7aBNU9oYyB+MB8GA1UdIwQY
MBaAFGbRIz8RKko0NVdaOiGdzMAhBo2ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRFalB4RXFTalExVjFvNklaM013Q0VHalprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNjIwNWQtZTZhNS00ZDU0LTk2ZTgt
ZmU0Y2QyNzEyMzA2LzEvbWZfQVoxdkRzbk5rdjBuSHRvRTFUMmhqSUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNjIwNWQtZTZhNS00ZDU0LTk2ZTgtZmU0Y2QyNzEyMzA2
LzEvWnRFalB4RXFTalExVjFvNklaM013Q0VHalprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaM0MA0G
CSqGSIb3DQEBCwUAA4IBAQBHEt166xpjtFe5YD+qKdAJvUF3ibSSh+q0ij18DvmL
k0LFUl1/dP8oKfRfp9/E1AdPXAV7wCxQHKGCfp657NZk4jPw6bvwNEBgIagchwHN
pOM7XJ4T5gTi/Cymiv1NVBlLzqpdk8m971jHpqcRp75FLy78lBWm4L2jw5jYUIzO
mhtYtm/p5JL5U2HJ4XAb3X6ePlkCXhv2SMAkAPCc5U8SGTEwlfwbI4fAkt9qRt3S
tOINxTLQOyu0tKxB8bO1v3uTaaINuTbJZCh2leU7INyTSJJDo2cYt4xZIes+xHOU
sjRkPt4h9Rl1fVhO6BOddPaC2AfDLQKvonGhl5Bb6rtB
-----END CERTIFICATE-----