Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/zKma2lZxd28aMOIa5GKySj7K3F4.roa
File:                     zKma2lZxd28aMOIa5GKySj7K3F4.roa (raw, json)
Hash identifier:          z2dVlW8SWBq0rqcswBgsfVdqo5mJ3Cgdk6gd4jQUscA=
Subject key identifier:   CC:A9:9A:DA:56:71:77:6F:1A:30:E2:1A:E4:62:B2:4A:3E:CA:DC:5E
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019DB080D6221F6FF08A811C44DCAB687D40
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/zKma2lZxd28aMOIa5GKySj7K3F4.roa
Signing time:             Tue 21 Apr 2026 14:45:26 +0000
ROA not before:           Tue 21 Apr 2026 14:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199393
IP address blocks:        85.155.92.0/23 maxlen: 24
                          141.226.241.0/24 maxlen: 24
                          141.226.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:80:d6:22:1f:6f:f0:8a:81:1c:44:dc:ab:68:7d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Apr 21 14:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cca99ada5671776f1a30e21ae462b24a3ecadc5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3e:78:03:7a:f1:39:9c:5b:18:a6:1d:e5:98:
                    72:cb:b7:51:22:5c:ee:91:0d:98:66:f3:46:b3:49:
                    84:3c:74:d6:d7:d8:60:19:dd:d9:76:24:03:3c:e6:
                    5b:ff:ed:48:a7:84:cb:be:5e:7a:3a:92:8b:92:85:
                    4f:41:5b:73:0d:7d:12:14:0c:ef:a8:f2:83:f7:0e:
                    7c:61:d3:03:d7:d2:93:2d:6e:c2:5a:84:ec:2e:93:
                    67:0a:c7:db:c8:67:a7:ac:d4:57:ee:73:50:8e:10:
                    93:38:d1:17:2d:af:f5:9d:fe:b4:1e:70:2b:94:f7:
                    d7:d2:97:4f:4f:8b:52:71:cc:ed:69:d2:c8:00:ad:
                    b9:4e:b3:e4:8b:2b:f8:9e:e8:f3:f7:72:57:3d:36:
                    84:77:1e:1b:02:e5:80:89:3d:f8:49:b3:f2:9a:59:
                    c2:6d:70:fa:82:c8:fc:b5:08:b3:f4:0f:26:0b:f0:
                    f4:b4:af:1d:15:1e:7a:a0:f0:20:cc:ae:39:3b:8e:
                    b8:f2:66:db:1b:32:fd:d9:70:0d:3a:3b:6b:4f:5f:
                    7f:d6:93:63:71:5a:c8:74:64:e7:51:98:bf:a4:c2:
                    0a:4f:13:14:73:94:69:0f:ad:a1:fc:b3:f5:62:c7:
                    7b:3c:92:b3:6e:f6:1e:2f:1c:95:fe:fe:12:c8:11:
                    66:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A9:9A:DA:56:71:77:6F:1A:30:E2:1A:E4:62:B2:4A:3E:CA:DC:5E
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/zKma2lZxd28aMOIa5GKySj7K3F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.92.0/23
                  141.226.241.0-141.226.242.255

    Signature Algorithm: sha256WithRSAEncryption
         b5:96:bb:cc:bc:d4:74:15:87:c7:99:8f:6c:6e:1b:88:7f:05:
         01:fb:49:31:9b:ca:69:c0:28:d9:fb:fb:30:b7:c2:46:35:bf:
         77:60:ac:8a:04:31:a2:b9:1b:23:27:f3:3e:f5:9b:21:ae:31:
         8a:6e:68:ad:c6:f6:e9:2f:a5:62:ed:ce:e6:80:51:f3:8c:0d:
         15:45:14:60:44:ee:94:06:04:51:b1:ff:14:15:f0:f2:c9:bd:
         ad:e6:a9:0e:4e:1d:ef:7d:ec:2e:e2:22:64:fb:0e:28:3e:82:
         aa:3b:65:ce:17:8a:30:39:28:f6:07:eb:27:d0:e3:55:ce:d6:
         e1:0d:9e:8f:02:b3:38:d8:35:3f:8e:04:a5:9c:72:ef:e9:fa:
         3f:cc:da:cd:43:60:f8:4d:b7:4d:59:8b:d4:3c:23:50:94:7d:
         c8:d2:db:98:d3:8c:cb:96:aa:8f:f4:90:bd:9d:cc:2c:01:e4:
         b3:81:b3:13:d4:73:8c:b2:ef:13:60:01:f8:c8:5a:05:d2:47:
         eb:f8:41:0f:2b:7e:6e:41:56:ef:89:8f:6b:83:b0:db:ea:6d:
         34:21:fc:09:00:0d:62:c8:c8:4a:dd:14:dc:40:ec:a0:51:55:
         84:2c:0f:a8:38:d7:f6:36:73:eb:27:49:c2:63:0d:aa:3d:00:
         d3:7b:59:c0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2wgNYiH2/wioEcRNyraH1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjYwNDIxMTQ0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E5OWFkYTU2NzE3NzZmMWEzMGUyMWFlNDYyYjI0YTNlY2FkYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1z54A3rxOZxbGKYd5Zhyy7dRIlzu
kQ2YZvNGs0mEPHTW19hgGd3ZdiQDPOZb/+1Ip4TLvl56OpKLkoVPQVtzDX0SFAzv
qPKD9w58YdMD19KTLW7CWoTsLpNnCsfbyGenrNRX7nNQjhCTONEXLa/1nf60HnAr
lPfX0pdPT4tSccztadLIAK25TrPkiyv4nujz93JXPTaEdx4bAuWAiT34SbPymlnC
bXD6gsj8tQiz9A8mC/D0tK8dFR56oPAgzK45O4648mbbGzL92XANOjtrT19/1pNj
cVrIdGTnUZi/pMIKTxMUc5RpD62h/LP1Ysd7PJKzbvYeLxyV/v4SyBFmawIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMypmtpWcXdvGjDiGuRisko+ytxeMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvekttYTJsWnhkMjhhTU9JYTVHS3lTajdLM0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBVZtcMAwD
BACN4vEDBACN4vIwDQYJKoZIhvcNAQELBQADggEBALWWu8y81HQVh8eZj2xuG4h/
BQH7STGbymnAKNn7+zC3wkY1v3dgrIoEMaK5GyMn8z71myGuMYpuaK3G9ukvpWLt
zuaAUfOMDRVFFGBE7pQGBFGx/xQV8PLJva3mqQ5OHe997C7iImT7Dig+gqo7Zc4X
ijA5KPYH6yfQ41XO1uENno8CszjYNT+OBKWccu/p+j/M2s1DYPhNt01Zi9Q8I1CU
fcjS25jTjMuWqo/0kL2dzCwB5LOBsxPUc4yy7xNgAfjIWgXSR+v4QQ8rfm5BVu+J
j2uDsNvqbTQh/AkADWLIyErdFNxA7KBRVYQsD6g41/Y2c+snScJjDao9ANN7WcA=
-----END CERTIFICATE-----