Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZSIuTwmYgVcQgO6LO0MnL_67E1E.roa
File:                     ZSIuTwmYgVcQgO6LO0MnL_67E1E.roa (raw, json)
Hash identifier:          oy/YErxqFRT8VyOcydqK3d11iP1CeKQirD3giIZVXPc=
Subject key identifier:   65:22:2E:4F:09:98:81:57:10:80:EE:8B:3B:43:27:2F:FE:BB:13:51
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019CC7E7DB8B61FE7885685554B0C4A208E7
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZSIuTwmYgVcQgO6LO0MnL_67E1E.roa
Signing time:             Sat 07 Mar 2026 10:46:26 +0000
ROA not before:           Sat 07 Mar 2026 10:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207359
IP address blocks:        185.36.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c7:e7:db:8b:61:fe:78:85:68:55:54:b0:c4:a2:08:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Mar  7 10:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65222e4f099881571080ee8b3b43272ffebb1351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:31:6c:08:1b:d8:9c:cf:d3:43:91:37:b6:96:
                    1f:fc:c7:df:3b:0b:26:32:51:8b:a8:52:4f:bd:87:
                    1e:9b:ec:98:c4:f9:59:58:27:e4:d6:8a:c1:b1:fc:
                    a8:00:c9:67:73:ca:b7:5d:77:3d:ad:72:92:4c:d3:
                    fe:77:35:a4:cb:c6:07:ba:af:a1:d2:6a:c0:63:ec:
                    26:c5:aa:dd:38:c4:a9:a4:12:12:13:15:af:cd:8c:
                    83:49:cf:b9:74:2b:9f:a8:22:92:b4:45:e9:30:f8:
                    9e:b1:8b:11:42:d0:14:25:08:02:3f:33:12:94:8f:
                    60:ee:94:d4:a1:84:a8:52:81:a3:b6:81:4d:61:b0:
                    69:72:77:5e:f4:20:2f:e6:73:7e:62:b1:4b:cf:9a:
                    cd:76:51:53:6c:80:61:7c:37:cb:b3:b8:fd:1e:18:
                    e8:34:3c:3b:26:81:90:9b:60:fe:97:ea:44:48:2b:
                    e3:c9:7f:19:a5:85:15:c6:a2:da:21:33:6e:88:5c:
                    50:8e:a3:e3:0f:06:31:dc:4a:f8:43:b5:0f:0e:71:
                    10:3c:6d:1b:97:07:d9:bd:8d:d9:4a:fa:9c:50:fa:
                    71:ea:b0:8c:a1:22:4f:a8:a4:14:a5:23:0b:d3:44:
                    3e:03:df:b6:dd:33:dd:72:7a:c8:2a:c8:62:d1:e0:
                    8f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:22:2E:4F:09:98:81:57:10:80:EE:8B:3B:43:27:2F:FE:BB:13:51
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZSIuTwmYgVcQgO6LO0MnL_67E1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:18:a6:26:58:d8:77:6b:c2:46:b7:1e:ba:df:b3:41:cc:1c:
         67:07:9c:e1:7d:39:52:f7:7c:92:ed:71:fc:e4:e7:05:9b:3f:
         47:8a:d3:36:94:91:fe:14:df:e4:95:b9:79:0c:c5:12:72:1a:
         99:c0:ea:eb:a3:2d:56:a7:29:09:28:e2:02:c8:65:c2:d1:d2:
         3e:8b:90:68:9d:fd:50:88:e1:81:43:b3:ae:1e:e6:ba:65:09:
         39:9d:2e:69:cf:23:07:41:2b:10:f0:29:d1:3e:4c:81:cc:25:
         c8:d4:69:cc:92:32:57:7c:65:df:11:a9:32:ce:3b:22:db:73:
         10:43:73:68:5e:9d:8c:00:e7:4d:0b:b3:0f:16:9c:18:81:03:
         53:64:08:65:ce:a0:f5:d9:e5:d6:0f:8f:a5:ac:28:18:dd:8c:
         9f:40:6e:d3:4e:81:fa:aa:36:e6:f6:4f:0e:b2:20:38:2b:e8:
         e5:d9:c0:c1:96:53:f5:2e:f9:c5:24:6d:d3:1d:5d:2a:c9:8e:
         e2:65:0c:e9:88:7d:bc:77:9f:4b:8b:71:e5:50:ea:b4:23:be:
         50:f6:bb:fe:20:e3:4a:8b:d9:0d:68:53:3a:c9:ae:ad:04:5b:
         c6:d2:07:50:41:ab:a4:4e:07:3c:d1:1e:14:ab:15:40:2f:90:
         60:b9:1a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzH59uLYf54hWhVVLDEogjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjYwMzA3MTA0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTIyMmU0ZjA5OTg4MTU3MTA4MGVlOGIzYjQzMjcyZmZlYmIxMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9zFsCBvYnM/TQ5E3tpYf/MffOwsm
MlGLqFJPvYcem+yYxPlZWCfk1orBsfyoAMlnc8q3XXc9rXKSTNP+dzWky8YHuq+h
0mrAY+wmxardOMSppBISExWvzYyDSc+5dCufqCKStEXpMPiesYsRQtAUJQgCPzMS
lI9g7pTUoYSoUoGjtoFNYbBpcnde9CAv5nN+YrFLz5rNdlFTbIBhfDfLs7j9Hhjo
NDw7JoGQm2D+l+pESCvjyX8ZpYUVxqLaITNuiFxQjqPjDwYx3Er4Q7UPDnEQPG0b
lwfZvY3ZSvqcUPpx6rCMoSJPqKQUpSML00Q+A9+23TPdcnrIKshi0eCP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUiLk8JmIFXEIDuiztDJy/+uxNRMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvWlNJdVR3bVlnVmNRZ082TE8wTW5MXzY3RTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR/MA0G
CSqGSIb3DQEBCwUAA4IBAQAwGKYmWNh3a8JGtx6637NBzBxnB5zhfTlS93yS7XH8
5OcFmz9HitM2lJH+FN/klbl5DMUSchqZwOrroy1WpykJKOICyGXC0dI+i5Bonf1Q
iOGBQ7OuHua6ZQk5nS5pzyMHQSsQ8CnRPkyBzCXI1GnMkjJXfGXfEakyzjsi23MQ
Q3NoXp2MAOdNC7MPFpwYgQNTZAhlzqD12eXWD4+lrCgY3YyfQG7TToH6qjbm9k8O
siA4K+jl2cDBllP1LvnFJG3THV0qyY7iZQzpiH28d59Li3HlUOq0I75Q9rv+IONK
i9kNaFM6ya6tBFvG0gdQQaukTgc80R4UqxVAL5BguRr5
-----END CERTIFICATE-----