Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/zlDH9CBQhEMIHbhEsO26hawSjRs.roa
File:                     zlDH9CBQhEMIHbhEsO26hawSjRs.roa (raw, json)
Hash identifier:          WLySLAR5fHiU/b0ZteEm839xylrMWUH31oeGjNZ2fRI=
Subject key identifier:   CE:50:C7:F4:20:50:84:43:08:1D:B8:44:B0:ED:BA:85:AC:12:8D:1B
Certificate issuer:       /CN=44f56ecd3f4b1d6e8d669ead0e033fdaf0be4f40
Certificate serial:       019E1C867EB2362E23B6988E763BD0A32922
Authority key identifier: 44:F5:6E:CD:3F:4B:1D:6E:8D:66:9E:AD:0E:03:3F:DA:F0:BE:4F:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPVuzT9LHW6NZp6tDgM_2vC-T0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/zlDH9CBQhEMIHbhEsO26hawSjRs.roa
Signing time:             Tue 12 May 2026 14:10:36 +0000
ROA not before:           Tue 12 May 2026 14:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41129
IP address blocks:        193.107.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/RPVuzT9LHW6NZp6tDgM_2vC-T0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/RPVuzT9LHW6NZp6tDgM_2vC-T0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPVuzT9LHW6NZp6tDgM_2vC-T0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:86:7e:b2:36:2e:23:b6:98:8e:76:3b:d0:a3:29:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f56ecd3f4b1d6e8d669ead0e033fdaf0be4f40
        Validity
            Not Before: May 12 14:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce50c7f420508443081db844b0edba85ac128d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e9:e5:08:63:25:8f:6d:24:1d:87:fe:12:1b:
                    ab:30:54:e6:98:60:65:9d:68:0a:b8:8d:99:a4:41:
                    70:02:4e:2e:41:48:7c:70:80:77:af:99:f9:19:1b:
                    5d:2d:89:6c:a5:3b:07:28:ef:b8:b2:72:f6:7e:21:
                    93:b5:31:db:49:9a:41:d1:f4:21:a3:81:e5:49:2c:
                    c7:ab:f8:0f:56:cc:4c:86:81:bf:e9:41:88:f2:5c:
                    e8:e2:bf:6f:97:22:bc:94:e9:3e:93:b9:d1:4f:2e:
                    2f:f4:13:b5:5c:e4:1c:30:fe:52:80:dc:27:a5:1e:
                    dd:32:59:23:4a:02:22:11:36:d2:73:d8:5f:23:d4:
                    58:9c:28:9e:79:5e:f6:b2:e5:af:90:7d:69:49:61:
                    a5:cd:6c:4e:ac:d4:18:af:4b:c9:11:f9:77:a5:99:
                    48:98:92:b9:8f:17:ff:a1:d5:47:87:84:e7:52:4c:
                    56:46:36:74:ef:46:a3:25:9f:28:56:b7:e5:cf:56:
                    35:53:b5:8e:4f:ce:20:6d:bc:4f:57:0d:ce:ad:e1:
                    4f:93:0e:7a:5e:62:ea:1e:fc:ab:6e:57:14:11:6d:
                    7a:14:82:d9:6b:63:eb:85:90:ad:2d:42:20:2e:82:
                    4b:10:19:05:df:a4:1d:25:95:6e:d5:a4:2c:27:e6:
                    39:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:50:C7:F4:20:50:84:43:08:1D:B8:44:B0:ED:BA:85:AC:12:8D:1B
            X509v3 Authority Key Identifier:
                keyid:44:F5:6E:CD:3F:4B:1D:6E:8D:66:9E:AD:0E:03:3F:DA:F0:BE:4F:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPVuzT9LHW6NZp6tDgM_2vC-T0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/zlDH9CBQhEMIHbhEsO26hawSjRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/0e01de-cde3-447f-b5dc-036354a2c22f/1/RPVuzT9LHW6NZp6tDgM_2vC-T0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:de:e3:17:94:41:86:a9:df:97:00:c3:7d:5d:c6:93:24:28:
         78:d7:8c:2e:c1:98:33:62:b4:42:7b:bc:e3:5a:7a:d6:46:dd:
         4f:23:c6:5e:ca:65:56:79:98:4c:dc:5e:ea:fe:f5:dd:db:73:
         01:5a:3a:28:ba:dc:b8:9e:bb:2f:b7:49:a5:bd:74:b0:c8:6a:
         6a:ce:0a:ec:29:c8:8b:df:92:9c:51:e4:20:e8:aa:d4:d6:19:
         e2:9c:45:a7:d4:25:11:8d:e7:7c:5a:74:52:42:5a:63:9d:76:
         1b:54:21:c2:26:81:4e:51:70:7b:ae:11:ea:eb:46:75:4a:bd:
         b4:ea:7a:a2:3c:0c:cd:09:f7:8c:98:5c:cd:78:54:a7:fb:41:
         d1:f4:2a:a5:4b:ec:61:cf:3d:5c:8c:6e:32:df:7b:1f:8c:9f:
         f5:36:be:a8:50:51:93:7f:7e:7f:fe:84:12:70:ba:c7:16:c0:
         d3:9e:49:ce:7a:26:cb:02:2e:08:e4:1d:c4:bb:85:9d:01:1f:
         be:ac:c9:d7:17:b2:59:30:42:85:78:7b:e3:d5:0a:b2:f8:f8:
         56:c4:4b:4a:86:7a:16:de:d3:2d:e8:a3:9c:10:16:df:4f:11:
         ef:9f:43:53:63:24:fb:44:8a:a3:05:83:b9:80:8b:68:24:db:
         db:a3:5c:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4chn6yNi4jtpiOdjvQoykiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZjU2ZWNkM2Y0YjFkNmU4ZDY2OWVhZDBlMDMzZmRhZjBi
ZTRmNDAwHhcNMjYwNTEyMTQxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTUwYzdmNDIwNTA4NDQzMDgxZGI4NDRiMGVkYmE4NWFjMTI4ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwunlCGMlj20kHYf+EhurMFTmmGBl
nWgKuI2ZpEFwAk4uQUh8cIB3r5n5GRtdLYlspTsHKO+4snL2fiGTtTHbSZpB0fQh
o4HlSSzHq/gPVsxMhoG/6UGI8lzo4r9vlyK8lOk+k7nRTy4v9BO1XOQcMP5SgNwn
pR7dMlkjSgIiETbSc9hfI9RYnCieeV72suWvkH1pSWGlzWxOrNQYr0vJEfl3pZlI
mJK5jxf/odVHh4TnUkxWRjZ070ajJZ8oVrflz1Y1U7WOT84gbbxPVw3OreFPkw56
XmLqHvyrblcUEW16FILZa2PrhZCtLUIgLoJLEBkF36QdJZVu1aQsJ+Y5uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5Qx/QgUIRDCB24RLDtuoWsEo0bMB8GA1UdIwQY
MBaAFET1bs0/Sx1ujWaerQ4DP9rwvk9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBWdXpUOUxIVzZOWnA2dERnTV8ydkMtVDBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8wZTAxZGUtY2RlMy00NDdmLWI1ZGMt
MDM2MzU0YTJjMjJmLzEvemxESDlDQlFoRU1JSGJoRXNPMjZoYXdTalJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8wZTAxZGUtY2RlMy00NDdmLWI1ZGMtMDM2MzU0YTJjMjJm
LzEvUlBWdXpUOUxIVzZOWnA2dERnTV8ydkMtVDBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWuHMA0G
CSqGSIb3DQEBCwUAA4IBAQB63uMXlEGGqd+XAMN9XcaTJCh414wuwZgzYrRCe7zj
WnrWRt1PI8ZeymVWeZhM3F7q/vXd23MBWjoouty4nrsvt0mlvXSwyGpqzgrsKciL
35KcUeQg6KrU1hninEWn1CURjed8WnRSQlpjnXYbVCHCJoFOUXB7rhHq60Z1Sr20
6nqiPAzNCfeMmFzNeFSn+0HR9CqlS+xhzz1cjG4y33sfjJ/1Nr6oUFGTf35//oQS
cLrHFsDTnknOeibLAi4I5B3Eu4WdAR++rMnXF7JZMEKFeHvj1Qqy+PhWxEtKhnoW
3tMt6KOcEBbfTxHvn0NTYyT7RIqjBYO5gItoJNvbo1yJ
-----END CERTIFICATE-----