Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/TZb0pwqKAULgiO7MxUXFvu2eCDY.roa
File:                     TZb0pwqKAULgiO7MxUXFvu2eCDY.roa (raw, json)
Hash identifier:          xx3QLAhALsGor/waOfuSlLQuXwnX4zFtt11tExzIAAg=
Subject key identifier:   4D:96:F4:A7:0A:8A:01:42:E0:88:EE:CC:C5:45:C5:BE:ED:9E:08:36
Certificate issuer:       /CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
Certificate serial:       019DE8240ACB9E7A8DD818A5F8B83188FBC3
Authority key identifier: F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/TZb0pwqKAULgiO7MxUXFvu2eCDY.roa
Signing time:             Sat 02 May 2026 10:02:49 +0000
ROA not before:           Sat 02 May 2026 10:02:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205196
IP address blocks:        176.53.16.0/24 maxlen: 24
                          176.53.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e8:24:0a:cb:9e:7a:8d:d8:18:a5:f8:b8:31:88:fb:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
        Validity
            Not Before: May  2 10:02:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d96f4a70a8a0142e088eeccc545c5beed9e0836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5e:14:2d:56:e6:84:c0:44:3c:71:75:8b:76:
                    98:db:5a:a8:d9:3b:7b:98:1d:95:23:13:34:ba:7f:
                    90:13:4c:2b:11:cd:00:18:e1:15:fc:95:b5:57:36:
                    d7:46:46:a1:4d:d2:23:4c:36:59:e9:f7:8b:04:97:
                    fb:66:d4:66:4e:02:67:78:8c:40:ef:37:bf:25:fe:
                    c0:62:bf:b4:6d:68:9b:4c:26:bc:1e:43:5c:6d:a3:
                    6d:47:88:93:8b:f0:6a:82:38:3b:27:5f:90:9d:63:
                    0e:1d:81:7d:12:c1:4e:6d:ab:30:ac:fb:f1:ec:0a:
                    25:a3:a4:14:0e:80:d0:12:cd:c8:5a:76:a7:82:97:
                    16:a2:30:57:e9:5c:62:06:ce:a6:15:30:5f:f8:e7:
                    62:e7:49:0a:02:d7:b0:22:76:a5:2c:01:c9:55:f8:
                    f5:b6:97:43:eb:7d:10:66:0a:d9:e3:c9:bf:bf:ce:
                    17:4d:e2:74:02:58:32:ac:53:af:e9:c3:2b:0b:e9:
                    fe:3b:64:fc:8a:6c:a3:7d:44:04:1c:eb:f9:f5:11:
                    16:6d:8b:15:ee:f7:32:25:55:1a:c7:a2:f3:dc:64:
                    6a:ed:12:f3:49:4c:f1:76:08:85:42:3b:f5:29:0a:
                    dc:ed:c4:c8:a3:5c:b5:a4:a6:bb:d6:c9:46:e7:a4:
                    a1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:96:F4:A7:0A:8A:01:42:E0:88:EE:CC:C5:45:C5:BE:ED:9E:08:36
            X509v3 Authority Key Identifier:
                keyid:F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/TZb0pwqKAULgiO7MxUXFvu2eCDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:90:1a:5a:60:99:66:9c:8c:64:32:36:b7:c8:a9:a6:67:d6:
         e7:2a:83:d7:31:32:6c:3c:88:c3:08:0e:32:b1:ac:73:00:9e:
         56:35:63:1c:53:d6:3e:73:2c:1d:e3:14:ae:fd:94:b9:aa:c2:
         6d:8c:99:92:fe:bf:64:71:35:ef:3f:3b:4a:29:61:64:85:3a:
         ca:dc:b1:88:99:12:e9:71:b6:bd:1a:fe:72:a9:a7:d2:22:55:
         a9:8c:0c:c5:c7:f3:ef:af:a5:5e:21:25:ce:6f:9e:1a:ee:83:
         3b:69:75:8b:f0:e7:cf:47:af:b3:57:f5:af:58:8e:0e:31:53:
         c9:71:27:be:02:37:8a:a8:a1:66:bf:c0:33:06:b4:86:91:95:
         bb:6b:ff:13:1b:27:b0:d1:41:54:cc:2a:37:be:3b:a9:2b:87:
         50:30:4e:a8:9c:0c:82:c5:3c:1a:30:a0:6b:22:06:e5:e8:0d:
         1c:cf:48:41:88:0b:9a:24:8f:33:ff:cd:5c:29:65:9d:4c:c2:
         6f:d8:c3:1d:c0:f8:96:92:af:41:bc:07:0d:b1:9a:91:b9:08:
         6f:3f:e5:4e:9f:78:1d:58:44:51:ab:f2:11:e5:24:95:a0:3b:
         2b:b7:f5:be:3f:1d:b4:65:1b:04:a2:c7:8d:f7:41:20:f8:e7:
         4a:74:77:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3oJArLnnqN2Bil+LgxiPvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzFiYmYxZDNkM2MwZWZlMzZkZTExMDM5MmJlMGM3YWM0
NDdhODQwHhcNMjYwNTAyMTAwMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk2ZjRhNzBhOGEwMTQyZTA4OGVlY2NjNTQ1YzViZWVkOWUwODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn14ULVbmhMBEPHF1i3aY21qo2Tt7
mB2VIxM0un+QE0wrEc0AGOEV/JW1VzbXRkahTdIjTDZZ6feLBJf7ZtRmTgJneIxA
7ze/Jf7AYr+0bWibTCa8HkNcbaNtR4iTi/Bqgjg7J1+QnWMOHYF9EsFObaswrPvx
7Aolo6QUDoDQEs3IWnangpcWojBX6VxiBs6mFTBf+Odi50kKAtewInalLAHJVfj1
tpdD630QZgrZ48m/v84XTeJ0AlgyrFOv6cMrC+n+O2T8imyjfUQEHOv59REWbYsV
7vcyJVUax6Lz3GRq7RLzSUzxdgiFQjv1KQrc7cTIo1y1pKa71slG56Sh7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2W9KcKigFC4IjuzMVFxb7tngg2MB8GA1UdIwQY
MBaAFPVxu/HT08Dv423hEDkr4MesRHqEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYt
YTk2NTdlYjFmOGQ3LzEvVFpiMHB3cUtBVUxnaU83TXhVWEZ2dTJlQ0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYtYTk2NTdlYjFmOGQ3
LzEvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsDUQMA0G
CSqGSIb3DQEBCwUAA4IBAQAikBpaYJlmnIxkMja3yKmmZ9bnKoPXMTJsPIjDCA4y
saxzAJ5WNWMcU9Y+cywd4xSu/ZS5qsJtjJmS/r9kcTXvPztKKWFkhTrK3LGImRLp
cba9Gv5yqafSIlWpjAzFx/Pvr6VeISXOb54a7oM7aXWL8OfPR6+zV/WvWI4OMVPJ
cSe+AjeKqKFmv8AzBrSGkZW7a/8TGyew0UFUzCo3vjupK4dQME6onAyCxTwaMKBr
Igbl6A0cz0hBiAuaJI8z/81cKWWdTMJv2MMdwPiWkq9BvAcNsZqRuQhvP+VOn3gd
WERRq/IR5SSVoDsrt/W+Px20ZRsEoseN90Eg+OdKdHcn
-----END CERTIFICATE-----