Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/A_mkzIEnEpz9WHJ6sBYtcPziHnM.roa
File:                     A_mkzIEnEpz9WHJ6sBYtcPziHnM.roa (raw, json)
Hash identifier:          IkCl1Un54u/G2EbgGGSpCdlDfdCqID7BmUK3v/PN75k=
Subject key identifier:   03:F9:A4:CC:81:27:12:9C:FD:58:72:7A:B0:16:2D:70:FC:E2:1E:73
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019D209449BF354B34BD1FC1D93A486A242B
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/A_mkzIEnEpz9WHJ6sBYtcPziHnM.roa
Signing time:             Tue 24 Mar 2026 16:01:22 +0000
ROA not before:           Tue 24 Mar 2026 16:01:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215938
IP address blocks:        85.133.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:94:49:bf:35:4b:34:bd:1f:c1:d9:3a:48:6a:24:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Mar 24 16:01:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03f9a4cc8127129cfd58727ab0162d70fce21e73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b6:db:8b:9f:e7:4f:9b:cb:1c:6c:b6:eb:20:
                    21:db:4d:7d:74:d5:ad:bd:db:22:20:df:97:c7:54:
                    ee:d2:9e:b5:db:ab:a8:76:56:13:af:83:d2:86:7e:
                    76:35:71:48:7c:5c:5a:62:25:7a:07:99:07:d3:d5:
                    63:05:5c:62:40:fa:26:a5:b8:64:15:27:2d:af:f2:
                    82:24:c8:95:66:f3:83:66:f4:68:8e:06:ca:73:57:
                    9a:58:15:aa:c3:39:8c:db:05:74:b8:52:df:07:32:
                    ea:f8:42:c2:19:a5:01:1d:96:26:cc:26:45:63:51:
                    b7:53:e7:22:ea:e5:3a:38:c6:46:04:2e:6d:8a:de:
                    7d:31:f9:6c:af:e2:b4:7c:62:b0:a7:05:62:be:41:
                    19:84:b3:10:5e:6e:b8:2e:b6:21:2e:49:29:6b:94:
                    ed:1d:09:1c:9b:e9:31:30:43:8a:5a:06:e7:a8:24:
                    84:88:16:22:00:d5:a6:d1:d7:a5:bf:56:24:c5:6f:
                    47:dc:a5:8d:55:fe:52:d1:e5:c2:0e:cc:46:7e:53:
                    41:e9:0e:21:0e:4a:9c:27:75:88:8d:1d:f1:fd:26:
                    11:90:bb:90:40:d9:62:00:58:c2:00:bf:ad:82:ea:
                    e2:34:82:44:e8:fd:38:6f:a5:a5:b5:dd:d8:28:05:
                    e7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F9:A4:CC:81:27:12:9C:FD:58:72:7A:B0:16:2D:70:FC:E2:1E:73
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/A_mkzIEnEpz9WHJ6sBYtcPziHnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:dd:62:d0:40:f7:30:49:e0:a5:5c:ba:ff:4d:19:08:6a:fb:
         e0:bf:11:59:08:06:bd:e1:ab:28:47:3c:2c:cb:38:62:56:7c:
         3c:4e:f1:33:6f:30:38:3e:ef:a7:b6:66:1f:3e:71:17:f3:c5:
         ca:35:f0:11:8d:2d:2b:8e:53:5b:0c:a0:98:5f:4c:4a:e7:a0:
         d9:8e:12:dd:c9:4e:61:3c:69:b7:17:ff:87:1c:e7:04:7d:13:
         fb:97:d8:fa:d3:fd:36:ee:8a:06:73:82:01:e5:34:ed:36:54:
         ba:db:2a:4d:f6:a3:fa:c2:fc:32:70:e9:b9:80:1f:17:45:aa:
         d0:3a:4a:38:c1:cc:c7:e5:4b:20:d8:21:32:cb:f3:3a:d8:12:
         32:7b:dc:68:0c:41:84:ad:0f:e2:05:82:ea:b3:79:97:f3:ea:
         47:9e:a3:5f:6c:ce:60:e4:c0:48:81:af:e9:12:61:93:52:c3:
         dc:c4:91:3b:97:f2:f0:ed:0b:87:88:45:fd:40:2a:96:12:af:
         ad:7d:63:53:47:7f:52:e7:e5:40:3e:cf:26:a1:fc:45:fc:8e:
         35:0f:60:ff:d6:17:6d:6c:8f:6c:55:c0:40:b6:4b:50:11:1e:
         4a:4e:a6:80:d0:de:72:97:1f:59:dd:d8:d9:1f:df:ae:d8:7f:
         24:ea:67:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0glEm/NUs0vR/B2TpIaiQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMzI0MTYwMTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Y5YTRjYzgxMjcxMjljZmQ1ODcyN2FiMDE2MmQ3MGZjZTIxZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLbbi5/nT5vLHGy26yAh2019dNWt
vdsiIN+Xx1Tu0p6126uodlYTr4PShn52NXFIfFxaYiV6B5kH09VjBVxiQPompbhk
FSctr/KCJMiVZvODZvRojgbKc1eaWBWqwzmM2wV0uFLfBzLq+ELCGaUBHZYmzCZF
Y1G3U+ci6uU6OMZGBC5tit59Mflsr+K0fGKwpwVivkEZhLMQXm64LrYhLkkpa5Tt
HQkcm+kxMEOKWgbnqCSEiBYiANWm0delv1YkxW9H3KWNVf5S0eXCDsxGflNB6Q4h
DkqcJ3WIjR3x/SYRkLuQQNliAFjCAL+tguriNIJE6P04b6Wltd3YKAXnaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAP5pMyBJxKc/VhyerAWLXD84h5zMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvQV9ta3pJRW5FcHo5V0hKNnNCWXRjUHppSG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYWZMA0G
CSqGSIb3DQEBCwUAA4IBAQBb3WLQQPcwSeClXLr/TRkIavvgvxFZCAa94asoRzws
yzhiVnw8TvEzbzA4Pu+ntmYfPnEX88XKNfARjS0rjlNbDKCYX0xK56DZjhLdyU5h
PGm3F/+HHOcEfRP7l9j60/027ooGc4IB5TTtNlS62ypN9qP6wvwycOm5gB8XRarQ
Oko4wczH5Usg2CEyy/M62BIye9xoDEGErQ/iBYLqs3mX8+pHnqNfbM5g5MBIga/p
EmGTUsPcxJE7l/Lw7QuHiEX9QCqWEq+tfWNTR39S5+VAPs8mofxF/I41D2D/1hdt
bI9sVcBAtktQER5KTqaA0N5ylx9Z3djZH9+u2H8k6mdx
-----END CERTIFICATE-----