Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Z9annEhNXJRKB9imLkUdPhT85Nc.roa
File:                     Z9annEhNXJRKB9imLkUdPhT85Nc.roa (raw, json)
Hash identifier:          oy85S0enUEY7wVVeRJQ4+FT2oH5OrnRX3IvS0Tb+dKo=
Subject key identifier:   67:D6:A7:9C:48:4D:5C:94:4A:07:D8:A6:2E:45:1D:3E:14:FC:E4:D7
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019E143150A1814FFEECA5C44F29589FB011
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Z9annEhNXJRKB9imLkUdPhT85Nc.roa
Signing time:             Sun 10 May 2026 23:20:36 +0000
ROA not before:           Sun 10 May 2026 23:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214861
IP address blocks:        83.147.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:14:31:50:a1:81:4f:fe:ec:a5:c4:4f:29:58:9f:b0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: May 10 23:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67d6a79c484d5c944a07d8a62e451d3e14fce4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:43:28:23:3b:3a:b6:c9:ec:90:5f:2d:95:1d:
                    84:c7:c8:05:4a:b0:d6:07:ed:0f:13:fa:15:d4:99:
                    c2:84:2c:1e:35:31:82:f6:a1:40:0f:76:3a:4c:23:
                    1e:b3:c4:fa:ca:cd:c3:3a:ae:82:2e:2c:03:d3:6d:
                    dd:42:73:10:b0:d5:c9:98:a4:81:61:45:de:48:f3:
                    a7:ac:cf:e3:75:a7:e6:48:0f:04:d4:ec:8e:6d:33:
                    48:eb:76:8d:05:9c:06:5f:59:82:5d:18:2e:1f:ab:
                    2e:bd:f4:fe:e9:c9:88:20:8b:4d:63:88:a0:9e:b3:
                    90:02:1a:dd:0e:6e:e5:3c:99:38:ad:f1:6b:1b:73:
                    5f:32:69:36:60:18:90:6f:3d:8e:82:5d:fa:aa:b7:
                    9d:78:20:bd:e0:ef:9f:a1:c7:cf:d4:a6:9c:87:8b:
                    a3:c2:0b:c6:5c:98:41:1c:13:69:d9:8f:c0:68:80:
                    05:fc:76:19:f2:24:ff:35:f7:77:e1:b9:e2:11:91:
                    2b:f5:62:cc:69:f5:a0:49:39:c1:c1:84:eb:8b:d8:
                    5d:40:12:67:98:53:5f:a5:2d:8d:7a:c4:da:bc:c8:
                    f8:10:e7:5a:19:37:32:1a:33:61:e3:e4:14:40:21:
                    4b:55:33:cf:57:02:64:63:f5:91:61:9b:1d:d3:52:
                    11:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D6:A7:9C:48:4D:5C:94:4A:07:D8:A6:2E:45:1D:3E:14:FC:E4:D7
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Z9annEhNXJRKB9imLkUdPhT85Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f7:f9:22:b0:ee:ef:9d:34:54:b0:21:e7:37:cc:25:8f:d1:
         5c:cb:44:02:9d:8a:31:da:61:93:7b:e6:7c:4d:94:49:ae:47:
         4f:9a:26:2f:7f:b8:50:59:2b:29:b8:65:bb:67:3e:b1:a5:fe:
         2a:26:bc:e5:7c:ec:ee:89:08:b7:4d:13:c7:bc:d4:ac:00:05:
         26:a6:15:af:f1:e8:53:e7:1d:79:55:e4:47:f5:1c:5b:7d:13:
         c5:14:49:7a:97:0e:a3:72:f6:cd:67:f6:34:b2:8f:a5:d2:48:
         8d:a4:a0:51:95:fb:2f:05:53:61:51:ce:3a:70:c4:c2:b3:ce:
         54:dc:df:4a:50:04:ed:7e:77:f5:67:21:0e:02:09:30:e5:0b:
         8a:36:2e:8e:31:a5:8e:7b:49:e5:5e:c3:28:e6:a9:40:aa:d5:
         21:d7:e0:5f:a1:78:0e:88:fc:8f:8e:52:57:88:35:e1:9e:46:
         9f:8d:f3:c6:12:87:79:30:f4:83:7b:9c:b5:db:c7:5a:71:b6:
         52:5a:ee:82:75:89:a7:c1:3d:7e:ca:31:2e:12:08:15:7b:42:
         41:e5:e0:4f:7e:cf:d0:50:24:2f:72:03:3a:14:39:5d:b5:78:
         04:ff:70:f1:78:e6:d4:80:97:c9:3e:c4:99:9f:f8:b6:09:eb:
         9d:22:67:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4UMVChgU/+7KXETylYn7ARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNTEwMjMyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q2YTc5YzQ4NGQ1Yzk0NGEwN2Q4YTYyZTQ1MWQzZTE0ZmNlNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUMoIzs6tsnskF8tlR2Ex8gFSrDW
B+0PE/oV1JnChCweNTGC9qFAD3Y6TCMes8T6ys3DOq6CLiwD023dQnMQsNXJmKSB
YUXeSPOnrM/jdafmSA8E1OyObTNI63aNBZwGX1mCXRguH6suvfT+6cmIIItNY4ig
nrOQAhrdDm7lPJk4rfFrG3NfMmk2YBiQbz2Ogl36qredeCC94O+focfP1Kach4uj
wgvGXJhBHBNp2Y/AaIAF/HYZ8iT/Nfd34bniEZEr9WLMafWgSTnBwYTri9hdQBJn
mFNfpS2NesTavMj4EOdaGTcyGjNh4+QUQCFLVTPPVwJkY/WRYZsd01IRfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfWp5xITVyUSgfYpi5FHT4U/OTXMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvWjlhbm5FaE5YSlJLQjlpbUxrVWRQaFQ4NU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PZMA0G
CSqGSIb3DQEBCwUAA4IBAQAf9/kisO7vnTRUsCHnN8wlj9Fcy0QCnYox2mGTe+Z8
TZRJrkdPmiYvf7hQWSspuGW7Zz6xpf4qJrzlfOzuiQi3TRPHvNSsAAUmphWv8ehT
5x15VeRH9RxbfRPFFEl6lw6jcvbNZ/Y0so+l0kiNpKBRlfsvBVNhUc46cMTCs85U
3N9KUATtfnf1ZyEOAgkw5QuKNi6OMaWOe0nlXsMo5qlAqtUh1+BfoXgOiPyPjlJX
iDXhnkafjfPGEod5MPSDe5y128dacbZSWu6CdYmnwT1+yjEuEggVe0JB5eBPfs/Q
UCQvcgM6FDldtXgE/3DxeObUgJfJPsSZn/i2CeudImfz
-----END CERTIFICATE-----