Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Kbz4LZyLl_b9dWVbC5qT_xA41Q4.roa
File:                     Kbz4LZyLl_b9dWVbC5qT_xA41Q4.roa (raw, json)
Hash identifier:          BC+kqowFeKkgIaBkQwIlslwv3wTW0MHkYPmfQAI6N9o=
Subject key identifier:   29:BC:F8:2D:9C:8B:97:F6:FD:75:65:5B:0B:9A:93:FF:10:38:D5:0E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019CE6D42EE72F77858921A02731BC1A08D3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Kbz4LZyLl_b9dWVbC5qT_xA41Q4.roa
Signing time:             Fri 13 Mar 2026 10:53:11 +0000
ROA not before:           Fri 13 Mar 2026 10:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215017
IP address blocks:        195.133.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:d4:2e:e7:2f:77:85:89:21:a0:27:31:bc:1a:08:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 13 10:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29bcf82d9c8b97f6fd75655b0b9a93ff1038d50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e2:c7:04:6c:26:3c:18:97:b3:54:b0:22:94:
                    9b:ef:6e:20:8f:49:14:1e:91:76:44:71:fe:37:66:
                    9b:f9:a3:5c:1d:c2:ae:f5:8d:70:54:5c:88:f4:f4:
                    66:7b:44:60:05:13:3f:1f:e0:15:08:0f:54:ff:6a:
                    a2:6a:9e:ac:4d:fe:9d:b7:11:ae:dc:58:1e:7e:67:
                    b5:c1:10:c6:03:58:a2:e9:ec:ed:a8:4e:c5:0c:aa:
                    ea:d0:67:c9:95:be:50:67:de:7b:d7:ed:55:15:79:
                    0d:e0:3a:90:77:0e:20:1d:bc:da:93:f0:3a:a4:1e:
                    a7:12:02:5c:50:f9:d6:88:62:54:d9:22:c1:37:02:
                    bc:47:4b:00:a4:32:a5:79:64:dc:f2:5a:b5:8e:1b:
                    7a:fe:d9:6a:cf:2b:99:86:e1:91:b1:74:31:4d:b5:
                    b1:09:61:08:b4:81:1d:18:25:c3:df:1c:b7:b1:d0:
                    11:e8:71:09:25:a9:cc:bf:65:cc:79:a5:55:e3:bc:
                    c4:e9:bc:50:85:71:2a:31:58:9b:0c:bd:cd:3e:d7:
                    53:85:8c:53:81:45:e8:c4:0c:79:f5:45:18:75:44:
                    26:4b:fb:b3:15:98:e1:3f:be:24:ca:08:33:ff:08:
                    05:26:23:2c:fd:9a:15:e1:d7:62:23:3f:02:27:3f:
                    db:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:BC:F8:2D:9C:8B:97:F6:FD:75:65:5B:0B:9A:93:FF:10:38:D5:0E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Kbz4LZyLl_b9dWVbC5qT_xA41Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a3:21:34:03:0a:cf:28:36:88:42:09:3f:9f:dd:bc:32:6f:
         d4:d3:42:76:23:b9:c5:3c:58:ef:b8:f9:f6:8c:b3:ab:52:45:
         5b:1c:98:f6:fb:f6:ba:43:36:61:88:18:e4:dd:e7:66:80:ee:
         38:a7:20:11:f8:7f:3b:98:b6:d3:16:09:80:01:fa:78:1e:c4:
         ae:56:ac:de:40:17:35:47:6f:6a:5a:c5:d0:a8:28:ca:d0:0e:
         01:47:4b:34:15:a0:c0:9f:d5:a0:19:6a:df:88:9b:ac:d8:6e:
         c5:b4:2c:83:33:79:db:7f:63:48:68:a4:c4:11:3d:ca:0f:57:
         f4:57:0e:4f:a0:f0:9e:aa:cf:21:8d:08:a9:71:68:09:25:36:
         e8:31:a2:e9:ec:bc:6a:b2:c3:bf:60:49:17:36:94:55:5d:be:
         0c:fb:2b:f0:99:ce:20:eb:e0:c8:e5:5a:10:b9:ee:d9:8d:49:
         2f:16:68:92:4b:45:9d:23:4d:08:f2:8c:8b:30:96:76:7c:46:
         30:54:e1:f0:71:3e:5d:b8:58:9d:29:2f:3c:3d:59:3b:d9:ca:
         70:3d:44:6f:4f:de:dd:26:34:1b:52:43:cf:85:62:f2:2d:49:
         9e:e5:15:f6:bc:d2:f6:63:d5:39:c8:68:58:0d:b3:04:7b:c5:
         56:20:5e:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzm1C7nL3eFiSGgJzG8GgjTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMzEzMTA1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWJjZjgyZDljOGI5N2Y2ZmQ3NTY1NWIwYjlhOTNmZjEwMzhkNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+LHBGwmPBiXs1SwIpSb724gj0kU
HpF2RHH+N2ab+aNcHcKu9Y1wVFyI9PRme0RgBRM/H+AVCA9U/2qiap6sTf6dtxGu
3Fgefme1wRDGA1ii6eztqE7FDKrq0GfJlb5QZ9571+1VFXkN4DqQdw4gHbzak/A6
pB6nEgJcUPnWiGJU2SLBNwK8R0sApDKleWTc8lq1jht6/tlqzyuZhuGRsXQxTbWx
CWEItIEdGCXD3xy3sdAR6HEJJanMv2XMeaVV47zE6bxQhXEqMVibDL3NPtdThYxT
gUXoxAx59UUYdUQmS/uzFZjhP74kyggz/wgFJiMs/ZoV4ddiIz8CJz/bMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm8+C2ci5f2/XVlWwuak/8QONUOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS2J6NExaeUxsX2I5ZFdWYkM1cVRfeEE0MVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UhMA0G
CSqGSIb3DQEBCwUAA4IBAQA1oyE0AwrPKDaIQgk/n928Mm/U00J2I7nFPFjvuPn2
jLOrUkVbHJj2+/a6QzZhiBjk3edmgO44pyAR+H87mLbTFgmAAfp4HsSuVqzeQBc1
R29qWsXQqCjK0A4BR0s0FaDAn9WgGWrfiJus2G7FtCyDM3nbf2NIaKTEET3KD1f0
Vw5PoPCeqs8hjQipcWgJJTboMaLp7LxqssO/YEkXNpRVXb4M+yvwmc4g6+DI5VoQ
ue7ZjUkvFmiSS0WdI00I8oyLMJZ2fEYwVOHwcT5duFidKS88PVk72cpwPURvT97d
JjQbUkPPhWLyLUme5RX2vNL2Y9U5yGhYDbMEe8VWIF5T
-----END CERTIFICATE-----