Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ZAkzvDuShqbgdA4si8lgDBLLYcM.roa
File:                     ZAkzvDuShqbgdA4si8lgDBLLYcM.roa (raw, json)
Hash identifier:          gpLWb00jmi2CBQgo9H2EFZ0+OdBOrkyQzKyxnR7pVDU=
Subject key identifier:   64:09:33:BC:3B:92:86:A6:E0:74:0E:2C:8B:C9:60:0C:12:CB:61:C3
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019DFE88F9310FECF47662EFD76D9C81938B
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ZAkzvDuShqbgdA4si8lgDBLLYcM.roa
Signing time:             Wed 06 May 2026 18:24:42 +0000
ROA not before:           Wed 06 May 2026 18:24:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        88.214.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:88:f9:31:0f:ec:f4:76:62:ef:d7:6d:9c:81:93:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: May  6 18:24:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=640933bc3b9286a6e0740e2c8bc9600c12cb61c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:88:cb:f9:6b:17:33:c9:9f:c5:b2:e4:7f:c9:
                    fd:b3:d2:a3:1a:0b:a6:e3:46:5a:b3:7b:77:f4:e2:
                    5b:d6:c8:06:b5:2e:c3:1f:55:63:fe:64:bf:9a:99:
                    c2:bd:63:be:41:c0:17:9a:f4:29:30:c7:ae:f2:5c:
                    62:4f:ff:78:4c:5d:68:b8:fa:0f:08:91:c6:43:95:
                    d0:a5:de:22:69:ce:e0:15:f5:da:3a:58:62:80:27:
                    01:b4:7e:79:cb:fc:3f:c5:b5:d4:3e:eb:8d:60:e8:
                    23:e1:93:f5:5f:fc:31:ae:19:28:61:c1:28:2c:d9:
                    59:8b:6b:ed:c7:ac:63:28:e1:4f:bd:d8:ba:27:1f:
                    de:74:a7:20:96:e4:59:f5:37:7e:09:8f:66:96:db:
                    42:c3:99:e5:78:73:91:35:cd:89:18:2d:76:58:28:
                    4a:73:96:a7:09:3b:11:78:61:83:b5:84:9e:2a:be:
                    55:b6:73:8e:cf:f7:e9:28:17:98:b0:31:56:e7:b5:
                    56:a1:82:ca:7b:2e:2d:9a:13:da:6e:bd:19:fc:ba:
                    ea:7b:9e:64:90:75:a3:ec:fe:34:97:c6:69:3b:db:
                    69:1a:52:10:a0:82:58:d1:37:83:e6:ea:50:34:04:
                    7f:0b:b0:71:1e:e7:d0:c0:08:ca:10:fa:91:4a:f3:
                    17:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:09:33:BC:3B:92:86:A6:E0:74:0E:2C:8B:C9:60:0C:12:CB:61:C3
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ZAkzvDuShqbgdA4si8lgDBLLYcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7b:bc:b3:b9:45:68:ef:f3:f9:65:38:f6:7e:e1:28:61:f6:
         3f:6f:10:4f:56:e0:e1:9f:60:f7:6f:a4:5b:87:78:e9:8a:d9:
         a6:6a:5f:08:54:32:0a:b8:32:d7:66:bb:0f:b2:f7:97:f9:54:
         4d:39:b6:26:e0:ab:9f:72:87:08:00:43:39:a4:03:7b:9c:9c:
         3f:75:72:ad:2e:cf:c3:0f:57:cc:5c:6a:ae:68:49:e9:0b:82:
         b9:a1:02:73:11:51:2f:57:61:7a:33:ba:85:53:9b:ce:f4:41:
         4e:d7:cc:cd:63:23:e1:73:59:b2:82:7a:db:c6:b4:ff:59:db:
         da:3f:c3:5e:42:71:a6:12:35:61:65:d5:ab:00:71:09:33:56:
         0f:98:0c:8c:51:5e:b4:3f:83:61:e7:0a:c1:39:fd:29:9b:dd:
         9b:e9:23:33:c0:f9:87:6c:7e:6d:c8:6a:aa:1d:c8:ee:43:bd:
         39:ac:45:80:f9:56:aa:10:6d:17:e2:04:38:a7:29:fd:53:7f:
         3f:5f:15:b2:70:fe:4b:b3:9b:0c:bc:48:6f:48:f6:ce:b0:d4:
         61:31:d2:7f:db:0e:95:18:a0:83:f8:7f:44:6e:e2:ad:f7:93:
         2f:d0:78:08:7c:1d:76:50:a1:1b:16:26:3f:cc:fa:cd:e0:0c:
         4c:fe:23:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+iPkxD+z0dmLv122cgZOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwNTA2MTgyNDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA5MzNiYzNiOTI4NmE2ZTA3NDBlMmM4YmM5NjAwYzEyY2I2MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlojL+WsXM8mfxbLkf8n9s9KjGgum
40Zas3t39OJb1sgGtS7DH1Vj/mS/mpnCvWO+QcAXmvQpMMeu8lxiT/94TF1ouPoP
CJHGQ5XQpd4iac7gFfXaOlhigCcBtH55y/w/xbXUPuuNYOgj4ZP1X/wxrhkoYcEo
LNlZi2vtx6xjKOFPvdi6Jx/edKcgluRZ9Td+CY9mlttCw5nleHORNc2JGC12WChK
c5anCTsReGGDtYSeKr5VtnOOz/fpKBeYsDFW57VWoYLKey4tmhPabr0Z/Lrqe55k
kHWj7P40l8ZpO9tpGlIQoIJY0TeD5upQNAR/C7BxHufQwAjKEPqRSvMXMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQJM7w7koam4HQOLIvJYAwSy2HDMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvWkFrenZEdVNocWJnZEE0c2k4bGdEQkxMWWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNY3MA0G
CSqGSIb3DQEBCwUAA4IBAQACe7yzuUVo7/P5ZTj2fuEoYfY/bxBPVuDhn2D3b6Rb
h3jpitmmal8IVDIKuDLXZrsPsveX+VRNObYm4KufcocIAEM5pAN7nJw/dXKtLs/D
D1fMXGquaEnpC4K5oQJzEVEvV2F6M7qFU5vO9EFO18zNYyPhc1mygnrbxrT/Wdva
P8NeQnGmEjVhZdWrAHEJM1YPmAyMUV60P4Nh5wrBOf0pm92b6SMzwPmHbH5tyGqq
HcjuQ705rEWA+VaqEG0X4gQ4pyn9U38/XxWycP5Ls5sMvEhvSPbOsNRhMdJ/2w6V
GKCD+H9EbuKt95Mv0HgIfB12UKEbFiY/zPrN4AxM/iON
-----END CERTIFICATE-----