Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Z5PF9klylgspdllB9sJrDtynvwU.roa
File:                     Z5PF9klylgspdllB9sJrDtynvwU.roa (raw, json)
Hash identifier:          qTqz8G8jL0tEsCWYC2s7WecelJJAJA5ykXR74GyOU4Q=
Subject key identifier:   67:93:C5:F6:49:72:96:0B:29:76:59:41:F6:C2:6B:0E:DC:A7:BF:05
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019E170EA6E9A16CCF075104122BFE940042
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Z5PF9klylgspdllB9sJrDtynvwU.roa
Signing time:             Mon 11 May 2026 12:41:36 +0000
ROA not before:           Mon 11 May 2026 12:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        195.238.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:0e:a6:e9:a1:6c:cf:07:51:04:12:2b:fe:94:00:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: May 11 12:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6793c5f64972960b29765941f6c26b0edca7bf05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2b:00:13:30:3a:d4:ab:b4:c5:fa:ac:3f:45:
                    a3:4b:35:21:2e:b3:d6:4b:1c:41:d9:b2:3a:cc:8b:
                    4f:d5:89:61:ed:93:34:eb:ca:3a:0d:84:95:8a:35:
                    77:2a:36:74:67:e1:23:5b:8b:3a:73:8f:79:28:52:
                    66:f9:bb:8f:8e:a2:d4:91:04:68:ec:9e:7a:84:a2:
                    4d:57:3c:50:43:6d:fe:90:04:63:f7:9f:a4:40:48:
                    fd:95:ba:8b:c6:8b:3e:df:45:0f:45:90:b2:f0:63:
                    b7:34:a9:58:54:f4:3d:88:db:3b:34:76:79:7f:a8:
                    91:3e:3b:a1:ed:cd:b6:dc:79:75:3e:b3:6c:91:65:
                    55:02:82:dc:28:bc:8f:1d:36:c0:79:8b:3a:f7:56:
                    c5:96:06:69:12:2e:92:5f:b8:fa:50:3a:e7:16:07:
                    0c:0a:2f:11:cc:ab:16:90:2c:1b:2c:63:17:28:62:
                    29:58:60:3c:06:90:27:52:68:88:d2:6c:f7:d2:ea:
                    88:ca:7c:e7:7c:3c:1d:e2:9c:b7:80:2e:b8:5b:5c:
                    5e:00:73:ad:e9:8c:21:8e:7f:21:b2:61:3e:be:c5:
                    88:19:cd:a2:4f:32:c3:9e:14:c0:93:a6:e5:93:2a:
                    6b:f7:e1:55:74:e9:10:ca:11:c2:5c:25:e4:6b:dd:
                    b1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:93:C5:F6:49:72:96:0B:29:76:59:41:F6:C2:6B:0E:DC:A7:BF:05
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Z5PF9klylgspdllB9sJrDtynvwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:ec:5d:c6:c9:41:43:43:f2:05:ec:0b:13:f5:9e:03:bb:06:
         e7:67:4b:46:a6:5c:04:5d:0a:44:8b:a4:d5:8f:a5:51:07:9b:
         1b:a6:f9:86:62:ce:56:5c:16:bf:77:1f:26:1d:5f:df:27:27:
         79:85:8c:37:2f:be:64:d2:71:cf:be:cd:80:39:55:c0:e1:98:
         2c:34:c0:eb:17:90:46:d5:5f:51:f5:99:69:28:ce:f0:b0:cf:
         4a:16:3d:96:b2:fa:7b:9b:32:7b:ef:15:60:0a:e7:4a:7a:f3:
         a6:d2:ce:85:3a:4f:89:5e:7d:79:1e:fa:97:66:3f:00:16:86:
         45:3e:37:5f:87:dc:50:27:b0:51:9e:4d:fe:f8:07:cf:6b:63:
         b9:0f:fa:50:45:e7:72:b2:f6:99:74:05:66:d8:79:5d:5d:61:
         31:34:6b:85:cc:eb:2f:69:61:39:e3:14:51:bf:2b:39:a0:9f:
         49:bf:12:df:d0:ae:56:df:d3:ae:c6:82:da:ed:73:3b:e2:10:
         29:aa:18:a9:c5:18:ec:f4:54:92:f6:e3:40:52:5a:56:a4:78:
         38:f5:20:cf:17:86:a9:83:54:c9:bc:f4:18:c0:41:40:ad:6b:
         4f:9e:ff:39:06:85:0a:7d:25:47:f9:f7:e8:27:ce:f7:13:91:
         36:de:fe:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4XDqbpoWzPB1EEEiv+lABCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNTExMTI0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzkzYzVmNjQ5NzI5NjBiMjk3NjU5NDFmNmMyNmIwZWRjYTdiZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnisAEzA61Ku0xfqsP0WjSzUhLrPW
SxxB2bI6zItP1Ylh7ZM068o6DYSVijV3KjZ0Z+EjW4s6c495KFJm+buPjqLUkQRo
7J56hKJNVzxQQ23+kARj95+kQEj9lbqLxos+30UPRZCy8GO3NKlYVPQ9iNs7NHZ5
f6iRPjuh7c223Hl1PrNskWVVAoLcKLyPHTbAeYs691bFlgZpEi6SX7j6UDrnFgcM
Ci8RzKsWkCwbLGMXKGIpWGA8BpAnUmiI0mz30uqIynznfDwd4py3gC64W1xeAHOt
6Ywhjn8hsmE+vsWIGc2iTzLDnhTAk6blkypr9+FVdOkQyhHCXCXka92xEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeTxfZJcpYLKXZZQfbCaw7cp78FMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvWjVQRjlrbHlsZ3NwZGxsQjlzSnJEdHludndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+5hMA0G
CSqGSIb3DQEBCwUAA4IBAQC/7F3GyUFDQ/IF7AsT9Z4DuwbnZ0tGplwEXQpEi6TV
j6VRB5sbpvmGYs5WXBa/dx8mHV/fJyd5hYw3L75k0nHPvs2AOVXA4ZgsNMDrF5BG
1V9R9ZlpKM7wsM9KFj2Wsvp7mzJ77xVgCudKevOm0s6FOk+JXn15HvqXZj8AFoZF
Pjdfh9xQJ7BRnk3++AfPa2O5D/pQRedysvaZdAVm2HldXWExNGuFzOsvaWE54xRR
vys5oJ9JvxLf0K5W39OuxoLa7XM74hApqhipxRjs9FSS9uNAUlpWpHg49SDPF4ap
g1TJvPQYwEFArWtPnv85BoUKfSVH+ffoJ873E5E23v44
-----END CERTIFICATE-----