Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/ZTOkVo51zjkueJP-_jF8sE0dlwI.roa
File:                     ZTOkVo51zjkueJP-_jF8sE0dlwI.roa (raw, json)
Hash identifier:          qWI1aXm7aJOa2gqUSo121mJhm0HQWb9xB4CjBEm9B2Y=
Subject key identifier:   65:33:A4:56:8E:75:CE:39:2E:78:93:FE:FE:31:7C:B0:4D:1D:97:02
Certificate issuer:       /CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
Certificate serial:       019CD832C1A0B3668AFF890F9F4B12439EF2
Authority key identifier: 4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/ZTOkVo51zjkueJP-_jF8sE0dlwI.roa
Signing time:             Tue 10 Mar 2026 14:42:10 +0000
ROA not before:           Tue 10 Mar 2026 14:42:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208673
IP address blocks:        185.53.88.0/24 maxlen: 24
                          185.53.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 14:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d8:32:c1:a0:b3:66:8a:ff:89:0f:9f:4b:12:43:9e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
        Validity
            Not Before: Mar 10 14:42:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6533a4568e75ce392e7893fefe317cb04d1d9702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8e:4a:a3:a7:10:06:ff:72:b1:58:8d:28:8a:
                    b0:6f:95:1b:ab:09:7b:c8:2f:f6:84:9c:a7:4e:e7:
                    4d:58:39:f4:6f:a4:e1:d0:51:26:17:71:f8:9c:1d:
                    8b:ad:9f:e6:25:bd:e7:ef:82:2f:20:f5:c1:e4:16:
                    bb:33:94:9e:c8:9a:f5:4b:69:09:c7:fa:58:cd:d8:
                    89:e2:d0:42:3e:bf:70:03:18:55:b4:5d:79:e9:03:
                    2a:84:1b:da:93:a6:7d:fd:db:76:f2:33:1c:75:4c:
                    9c:05:44:ed:a8:f7:9c:c3:2c:35:ca:d1:7c:de:9e:
                    3b:b3:72:a3:a8:11:3a:92:f8:66:6c:c2:24:be:db:
                    3a:4b:5e:5e:2a:41:5a:88:b8:63:09:fe:c0:91:36:
                    8e:ae:e3:61:ec:10:cb:0c:2c:b0:5f:26:f2:8e:b1:
                    80:b2:97:4c:73:f8:1b:95:c4:6b:f5:9b:cf:c5:6d:
                    e0:e3:63:82:de:34:02:0d:64:74:71:18:00:ba:01:
                    5d:5f:b5:64:d0:53:86:0a:51:4c:48:b5:d4:fe:05:
                    41:9a:e0:4f:05:84:9f:85:d3:82:21:d3:dd:44:41:
                    d9:14:04:5f:77:6d:a4:d0:d0:e7:3f:2c:64:a5:ab:
                    fb:b6:f7:26:e8:9e:8d:e4:ca:1e:56:a9:82:a5:7c:
                    f0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:33:A4:56:8E:75:CE:39:2E:78:93:FE:FE:31:7C:B0:4D:1D:97:02
            X509v3 Authority Key Identifier:
                keyid:4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/ZTOkVo51zjkueJP-_jF8sE0dlwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:0c:0d:15:00:6c:92:eb:75:15:a3:d7:5e:f3:7f:f5:2f:d1:
         96:cc:d8:16:af:ab:03:d4:66:49:0f:f8:5b:b9:46:41:75:60:
         cf:68:d9:ba:82:86:2a:e1:72:25:d8:87:cb:8d:f8:74:43:e9:
         11:19:c5:6c:8a:24:70:33:6a:4d:d7:ae:56:ad:7f:8b:d8:80:
         d5:27:3e:ed:2f:23:ec:63:ad:ca:e0:fa:42:04:61:4d:33:58:
         c3:15:b1:a6:7f:05:e5:f6:a6:c0:55:3b:b3:b0:62:cb:c6:2c:
         df:6c:9f:34:3b:85:e5:9d:6a:1e:c5:59:42:0c:fa:27:32:90:
         e2:85:1d:dc:d1:43:f1:ea:7a:53:da:b5:12:83:b8:47:94:bd:
         08:39:5d:a3:d6:73:e7:be:53:f5:3b:21:60:c1:4f:fe:df:2c:
         0b:e6:1a:44:dc:85:80:af:ab:40:1b:12:52:0c:cc:b1:7e:7f:
         41:62:74:ee:cd:e9:13:c0:f7:91:77:bf:32:f3:38:f1:f2:68:
         df:98:0d:6e:19:24:cc:02:64:0a:d3:77:56:08:7c:1b:15:fa:
         e5:46:3d:58:2f:37:fe:e9:58:1b:74:b3:89:21:1b:c5:45:54:
         95:14:5c:e5:7b:0d:ae:46:41:8e:ab:b0:bf:fd:8a:89:32:b9:
         68:bf:ec:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzYMsGgs2aK/4kPn0sSQ57yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY0MjEwMmViZGQ3ZjIyNjhjMTRjMjdlM2ViYmYyNmI0
Y2FmZWIwHhcNMjYwMzEwMTQ0MjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTMzYTQ1NjhlNzVjZTM5MmU3ODkzZmVmZTMxN2NiMDRkMWQ5NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI5Ko6cQBv9ysViNKIqwb5Ubqwl7
yC/2hJynTudNWDn0b6Th0FEmF3H4nB2LrZ/mJb3n74IvIPXB5Ba7M5SeyJr1S2kJ
x/pYzdiJ4tBCPr9wAxhVtF156QMqhBvak6Z9/dt28jMcdUycBUTtqPecwyw1ytF8
3p47s3KjqBE6kvhmbMIkvts6S15eKkFaiLhjCf7AkTaOruNh7BDLDCywXybyjrGA
spdMc/gblcRr9ZvPxW3g42OC3jQCDWR0cRgAugFdX7Vk0FOGClFMSLXU/gVBmuBP
BYSfhdOCIdPdREHZFARfd22k0NDnPyxkpav7tvcm6J6N5MoeVqmCpXzwGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUzpFaOdc45LniT/v4xfLBNHZcCMB8GA1UdIwQY
MBaAFE/WQhAuvdfyJowUwn4+u/JrTK/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQt
Zjk0MWNjMzlhNzFlLzEvWlRPa1ZvNTF6amt1ZUpQLV9qRjhzRTBkbHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQtZjk0MWNjMzlhNzFl
LzEvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTVYMA0G
CSqGSIb3DQEBCwUAA4IBAQAKDA0VAGyS63UVo9de83/1L9GWzNgWr6sD1GZJD/hb
uUZBdWDPaNm6goYq4XIl2IfLjfh0Q+kRGcVsiiRwM2pN165WrX+L2IDVJz7tLyPs
Y63K4PpCBGFNM1jDFbGmfwXl9qbAVTuzsGLLxizfbJ80O4XlnWoexVlCDPonMpDi
hR3c0UPx6npT2rUSg7hHlL0IOV2j1nPnvlP1OyFgwU/+3ywL5hpE3IWAr6tAGxJS
DMyxfn9BYnTuzekTwPeRd78y8zjx8mjfmA1uGSTMAmQK03dWCHwbFfrlRj1YLzf+
6VgbdLOJIRvFRVSVFFzlew2uRkGOq7C//YqJMrlov+zi
-----END CERTIFICATE-----