Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/CZU0k_zzWDnACuwxEN2WSub1YTI.roa
File:                     CZU0k_zzWDnACuwxEN2WSub1YTI.roa (raw, json)
Hash identifier:          78vQg7roZ5l5cTS1ZqVQewjxV+/HUZjsE2UCphhS6P0=
Subject key identifier:   09:95:34:93:FC:F3:58:39:C0:0A:EC:31:10:DD:96:4A:E6:F5:61:32
Certificate issuer:       /CN=fc18ab34c5a2128ac4ae55c1af6def6534b3811d
Certificate serial:       019B79ECEBCB6E12C98D01029AF1F49B6DC1
Authority key identifier: FC:18:AB:34:C5:A2:12:8A:C4:AE:55:C1:AF:6D:EF:65:34:B3:81:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/CZU0k_zzWDnACuwxEN2WSub1YTI.roa
Signing time:             Thu 01 Jan 2026 14:18:48 +0000
ROA not before:           Thu 01 Jan 2026 14:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203742
IP address blocks:        185.125.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:eb:cb:6e:12:c9:8d:01:02:9a:f1:f4:9b:6d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc18ab34c5a2128ac4ae55c1af6def6534b3811d
        Validity
            Not Before: Jan  1 14:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09953493fcf35839c00aec3110dd964ae6f56132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:32:4a:eb:02:f4:58:f1:25:e0:43:10:c4:a2:
                    40:a7:af:8e:be:fd:87:15:f9:a2:54:51:01:44:f2:
                    ea:62:df:63:43:67:c5:28:75:25:6d:2e:7c:08:66:
                    ff:30:0c:49:8d:95:23:3d:3c:8d:24:72:ad:4d:27:
                    47:ee:9a:b3:3d:44:b9:54:98:d0:ba:ad:af:ed:c0:
                    2e:7e:ec:5b:93:c5:7f:e6:3e:81:5b:5a:ff:58:e9:
                    f1:d5:3d:97:cf:57:a8:e6:11:3b:69:a8:77:2e:59:
                    e6:bd:32:7f:f7:59:00:a3:d9:1b:03:de:8b:9a:48:
                    38:0d:40:6c:1a:58:f7:77:d7:ab:0b:93:88:eb:6d:
                    bf:b9:95:3c:fe:f4:1a:4e:f0:22:f6:44:5c:66:3a:
                    35:58:c4:6c:57:09:3d:aa:49:f1:5b:61:a3:58:83:
                    1e:9d:79:d5:24:32:ae:87:13:1d:9a:31:f1:b5:b4:
                    ea:5e:3b:ca:89:c9:b8:db:5e:df:d8:e3:ce:51:7b:
                    da:05:99:7e:9c:20:78:b0:27:f5:f4:5a:38:bd:a6:
                    d0:8d:d9:ea:76:02:66:06:dd:42:f6:6c:8c:9c:ef:
                    ec:5b:cb:e9:f9:e1:ed:91:74:c0:a7:43:f6:8f:49:
                    84:1b:db:d8:1e:af:dc:c5:32:05:32:7d:5e:69:0f:
                    c1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:95:34:93:FC:F3:58:39:C0:0A:EC:31:10:DD:96:4A:E6:F5:61:32
            X509v3 Authority Key Identifier:
                keyid:FC:18:AB:34:C5:A2:12:8A:C4:AE:55:C1:AF:6D:EF:65:34:B3:81:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/CZU0k_zzWDnACuwxEN2WSub1YTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:bc:71:c8:3f:3a:99:1e:87:f1:c2:2d:95:a2:24:f9:8e:62:
         b8:64:fe:b8:5b:c5:08:d7:81:06:07:62:2f:20:19:a3:13:d9:
         c1:f8:89:42:a4:e8:f7:80:f6:4d:6d:97:e5:d3:a0:1a:4d:84:
         9f:9d:a0:ed:9e:95:ec:ef:f9:39:4a:ba:e5:c4:56:8b:97:74:
         61:41:01:88:5d:04:80:db:ab:49:a9:74:84:6b:f3:ad:19:d7:
         2c:9b:01:45:90:fb:51:f0:4b:dd:b4:db:59:17:de:92:d2:e8:
         a3:e4:b1:47:ed:3b:ba:a7:09:66:60:87:5a:88:10:9b:22:c5:
         76:f4:bb:c3:15:7a:a0:54:c9:82:48:9d:85:59:96:60:ed:46:
         1e:44:6f:8e:ed:c2:d4:58:a7:bf:73:0b:a7:41:4e:bc:9a:71:
         0e:80:8d:67:c4:b0:c5:92:d3:ef:40:f6:14:a2:ca:23:f1:e6:
         44:e6:f9:4e:1a:4a:50:98:ce:2c:f5:90:bd:07:5a:4b:30:3f:
         ee:3f:44:19:bf:e2:13:7e:7f:c6:c3:1c:98:37:5f:f5:05:ee:
         fc:56:9f:46:46:c2:0f:27:50:0f:ba:22:d4:27:ad:62:f9:6f:
         22:43:5e:fc:af:68:58:b3:0f:f3:bf:bc:c1:60:c1:73:ab:82:
         6e:01:89:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57OvLbhLJjQECmvH0m23BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMThhYjM0YzVhMjEyOGFjNGFlNTVjMWFmNmRlZjY1MzRi
MzgxMWQwHhcNMjYwMTAxMTQxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTk1MzQ5M2ZjZjM1ODM5YzAwYWVjMzExMGRkOTY0YWU2ZjU2MTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzJK6wL0WPEl4EMQxKJAp6+Ovv2H
FfmiVFEBRPLqYt9jQ2fFKHUlbS58CGb/MAxJjZUjPTyNJHKtTSdH7pqzPUS5VJjQ
uq2v7cAufuxbk8V/5j6BW1r/WOnx1T2Xz1eo5hE7aah3LlnmvTJ/91kAo9kbA96L
mkg4DUBsGlj3d9erC5OI622/uZU8/vQaTvAi9kRcZjo1WMRsVwk9qknxW2GjWIMe
nXnVJDKuhxMdmjHxtbTqXjvKicm4217f2OPOUXvaBZl+nCB4sCf19Fo4vabQjdnq
dgJmBt1C9myMnO/sW8vp+eHtkXTAp0P2j0mEG9vYHq/cxTIFMn1eaQ/BVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmVNJP881g5wArsMRDdlkrm9WEyMB8GA1UdIwQY
MBaAFPwYqzTFohKKxK5Vwa9t72U0s4EdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0Jpck5NV2lFb3JFcmxYQnIyM3ZaVFN6Z1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83NjY3YmUtOTY3MC00NzAxLTk5ZjAt
YTc4MTRmYzQ2ZTY1LzEvQ1pVMGtfenpXRG5BQ3V3eEVOMldTdWIxWVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83NjY3YmUtOTY3MC00NzAxLTk5ZjAtYTc4MTRmYzQ2ZTY1
LzEvX0Jpck5NV2lFb3JFcmxYQnIyM3ZaVFN6Z1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX2EMA0G
CSqGSIb3DQEBCwUAA4IBAQCdvHHIPzqZHofxwi2VoiT5jmK4ZP64W8UI14EGB2Iv
IBmjE9nB+IlCpOj3gPZNbZfl06AaTYSfnaDtnpXs7/k5SrrlxFaLl3RhQQGIXQSA
26tJqXSEa/OtGdcsmwFFkPtR8EvdtNtZF96S0uij5LFH7Tu6pwlmYIdaiBCbIsV2
9LvDFXqgVMmCSJ2FWZZg7UYeRG+O7cLUWKe/cwunQU68mnEOgI1nxLDFktPvQPYU
osoj8eZE5vlOGkpQmM4s9ZC9B1pLMD/uP0QZv+ITfn/GwxyYN1/1Be78Vp9GRsIP
J1APuiLUJ61i+W8iQ178r2hYsw/zv7zBYMFzq4JuAYk5
-----END CERTIFICATE-----