Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/zFeGQFAvAw6aATxlal8JSV3VnqA.roa
File:                     zFeGQFAvAw6aATxlal8JSV3VnqA.roa (raw, json)
Hash identifier:          097ilzQL9LW0Bc1l2A3VV39iVVLt++EbcMo7JQEiFFA=
Subject key identifier:   CC:57:86:40:50:2F:03:0E:9A:01:3C:65:6A:5F:09:49:5D:D5:9E:A0
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       019D2A6D940C026A2779D0943F7B69C697D2
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/zFeGQFAvAw6aATxlal8JSV3VnqA.roa
Signing time:             Thu 26 Mar 2026 13:55:17 +0000
ROA not before:           Thu 26 Mar 2026 13:55:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6461
IP address blocks:        91.235.84.0/22 maxlen: 22
                          185.110.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:6d:94:0c:02:6a:27:79:d0:94:3f:7b:69:c6:97:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Mar 26 13:55:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc578640502f030e9a013c656a5f09495dd59ea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:34:45:68:c6:4c:59:7f:08:c4:32:b5:40:4b:
                    c4:77:1a:35:3c:aa:28:9a:9a:4d:2f:07:94:d8:50:
                    dd:26:68:97:7a:be:e0:92:21:57:43:54:b1:5a:ed:
                    4c:fc:9a:0a:ab:45:5f:a8:2e:01:69:24:43:cc:9e:
                    e8:e4:e1:a2:0a:1f:a5:17:1b:65:00:95:21:cc:14:
                    aa:2c:88:d2:dc:6e:da:fc:4a:4a:ab:0c:65:f0:2b:
                    89:de:72:28:96:ce:15:df:b3:b0:ed:5d:e4:41:bf:
                    0b:f2:87:e1:df:ee:51:9d:7d:3a:8b:b3:d3:b7:60:
                    5e:7e:86:59:0c:2b:c3:d9:c7:0b:c3:19:38:cc:4e:
                    28:4b:7b:dd:84:45:c4:b5:75:e5:26:e0:bd:41:95:
                    cb:20:81:7c:ad:de:57:2c:62:bd:76:f9:b3:97:c4:
                    3a:c1:4d:cd:e8:0e:c5:05:af:cf:7f:07:4d:a7:78:
                    b6:49:91:88:f6:76:33:ca:87:07:2b:12:3d:aa:46:
                    b0:23:ae:cf:9a:ee:ae:01:eb:1a:0c:74:f7:94:99:
                    8d:21:d9:d3:f0:6a:17:7a:ca:a2:0f:dc:6e:ce:27:
                    ec:d2:57:56:61:e9:ab:d4:5b:50:5f:ef:5c:91:f1:
                    37:25:54:00:89:94:7b:04:48:4f:f5:db:4a:e4:06:
                    28:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:57:86:40:50:2F:03:0E:9A:01:3C:65:6A:5F:09:49:5D:D5:9E:A0
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/zFeGQFAvAw6aATxlal8JSV3VnqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.84.0/22
                  185.110.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:1d:58:5d:c4:4f:2c:ea:71:46:b7:f4:b8:e1:b5:ca:8c:22:
         cc:b5:ee:c2:47:73:a0:a4:e2:b1:1a:99:94:5b:1a:13:be:29:
         35:16:f0:9d:85:dc:95:51:2f:83:02:7f:0e:50:b0:2d:42:00:
         a6:87:ca:53:4c:cc:78:2f:57:44:ad:7a:13:ee:13:c3:8e:d6:
         de:e5:f3:d4:ba:6e:91:7c:1d:1f:cb:22:6e:8a:ec:24:9e:05:
         6e:6a:48:18:ef:ca:df:07:43:5c:44:6b:e0:4a:f0:25:ac:89:
         d5:e3:2f:1f:04:36:a1:d3:5c:2c:38:8a:55:94:0b:32:2c:3e:
         a3:f9:ef:9b:35:68:41:51:d4:7a:4a:cb:74:ea:9a:5a:6a:ad:
         4d:1d:c5:ad:2b:28:2f:88:99:26:fe:e5:06:9a:77:22:04:16:
         5e:78:8a:75:9e:28:23:50:af:35:58:c0:c9:6b:78:ca:88:14:
         34:f4:ac:e2:e2:c5:80:2f:78:14:4e:6f:15:1c:be:12:36:61:
         99:77:96:98:bc:a8:f4:a1:49:0d:20:bd:2e:35:a3:1a:e7:99:
         08:f2:31:da:d8:e7:c6:50:dd:20:1e:63:bc:59:6b:e2:5f:e1:
         42:31:fe:36:83:42:1e:1e:ae:6e:25:a2:31:04:77:73:7b:57:
         5f:01:6c:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0qbZQMAmonedCUP3tpxpfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjYwMzI2MTM1NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzU3ODY0MDUwMmYwMzBlOWEwMTNjNjU2YTVmMDk0OTVkZDU5ZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDRFaMZMWX8IxDK1QEvEdxo1PKoo
mppNLweU2FDdJmiXer7gkiFXQ1SxWu1M/JoKq0VfqC4BaSRDzJ7o5OGiCh+lFxtl
AJUhzBSqLIjS3G7a/EpKqwxl8CuJ3nIols4V37Ow7V3kQb8L8ofh3+5RnX06i7PT
t2BefoZZDCvD2ccLwxk4zE4oS3vdhEXEtXXlJuC9QZXLIIF8rd5XLGK9dvmzl8Q6
wU3N6A7FBa/PfwdNp3i2SZGI9nYzyocHKxI9qkawI67Pmu6uAesaDHT3lJmNIdnT
8GoXesqiD9xuzifs0ldWYemr1FtQX+9ckfE3JVQAiZR7BEhP9dtK5AYoWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMxXhkBQLwMOmgE8ZWpfCUld1Z6gMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvekZlR1FGQXZBdzZhQVR4bGFsOEpTVjNWbnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+tUAwQC
uW4IMA0GCSqGSIb3DQEBCwUAA4IBAQA8HVhdxE8s6nFGt/S44bXKjCLMte7CR3Og
pOKxGpmUWxoTvik1FvCdhdyVUS+DAn8OULAtQgCmh8pTTMx4L1dErXoT7hPDjtbe
5fPUum6RfB0fyyJuiuwkngVuakgY78rfB0NcRGvgSvAlrInV4y8fBDah01wsOIpV
lAsyLD6j+e+bNWhBUdR6Sst06ppaaq1NHcWtKygviJkm/uUGmnciBBZeeIp1nigj
UK81WMDJa3jKiBQ09Kzi4sWAL3gUTm8VHL4SNmGZd5aYvKj0oUkNIL0uNaMa55kI
8jHa2OfGUN0gHmO8WWviX+FCMf42g0IeHq5uJaIxBHdze1dfAWwM
-----END CERTIFICATE-----