Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XVuJp7ALAXytVwSk0zaqxxzUAno.roa
File:                     XVuJp7ALAXytVwSk0zaqxxzUAno.roa (raw, json)
Hash identifier:          NqxrsMUQO+pc1G0DVIfP8opMJHuo3MUxN1e9ARpPw3E=
Subject key identifier:   5D:5B:89:A7:B0:0B:01:7C:AD:57:04:A4:D3:36:AA:C7:1C:D4:02:7A
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019D20944935E19B7D17356F68D625C5DB84
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XVuJp7ALAXytVwSk0zaqxxzUAno.roa
Signing time:             Tue 24 Mar 2026 16:01:22 +0000
ROA not before:           Tue 24 Mar 2026 16:01:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215350
IP address blocks:        85.133.207.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:94:49:35:e1:9b:7d:17:35:6f:68:d6:25:c5:db:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Mar 24 16:01:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d5b89a7b00b017cad5704a4d336aac71cd4027a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a2:0c:e7:1c:75:6b:64:0b:c1:6a:a5:32:0e:
                    3c:e2:c8:fd:d3:fc:45:ea:96:32:9b:32:91:d2:ee:
                    41:90:2a:ad:7b:c5:03:f6:38:00:44:0a:91:1d:e5:
                    45:8a:4b:5e:a9:17:14:8c:6a:5a:bb:8e:6b:65:c2:
                    d4:1c:3f:6e:bb:a8:fa:96:f0:32:5b:24:ae:cf:99:
                    10:6a:8d:13:4d:df:c7:91:42:80:9c:3d:8a:19:e6:
                    e5:16:ca:54:08:8e:7a:71:87:c5:6a:db:2d:4b:16:
                    0b:ea:37:4e:a7:e5:47:32:7e:dc:78:8e:f7:37:bd:
                    6b:4c:e6:5f:6d:73:5f:c8:58:c4:1b:85:65:41:e6:
                    8b:21:c4:1b:9a:06:12:9f:09:d3:ea:ac:2e:35:1b:
                    2b:06:db:1f:6c:7b:02:a9:6e:c9:d1:7a:e4:f3:f6:
                    88:0b:50:80:59:88:62:56:7a:79:29:b7:35:96:23:
                    c5:2b:94:5f:7e:57:13:ae:81:a1:77:ab:c5:a5:6b:
                    5a:f1:d6:ef:09:52:b8:20:12:a0:8f:b7:d4:b4:55:
                    d2:10:1f:ff:64:65:04:d0:8a:03:cd:22:ba:72:87:
                    c6:58:02:1c:7e:07:94:72:ce:a3:68:52:7e:56:a6:
                    b9:27:ec:94:ab:78:cc:b9:7c:ec:a8:3f:52:aa:5c:
                    08:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5B:89:A7:B0:0B:01:7C:AD:57:04:A4:D3:36:AA:C7:1C:D4:02:7A
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XVuJp7ALAXytVwSk0zaqxxzUAno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.207.0/24
                  85.133.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:fb:77:70:57:7c:bf:d7:9b:0a:6e:7d:56:fd:30:26:b8:49:
         56:39:3e:b8:73:9f:df:39:f1:74:5e:ee:20:56:1c:af:42:07:
         95:85:96:cd:0e:a9:60:22:9d:c3:17:e0:9c:d3:44:f2:ed:e4:
         ae:99:c6:8a:1b:1a:f0:a2:9d:b9:4f:7e:08:0c:d1:26:df:81:
         81:b5:5b:e4:5a:3d:10:5d:0c:60:76:15:f7:e2:6a:f3:98:37:
         41:2d:4c:7d:83:68:e0:b0:3e:3b:54:57:57:b8:7e:77:07:d1:
         d0:8c:80:f7:35:cf:25:d4:5e:ad:c7:f3:67:81:1e:a5:1f:58:
         a7:79:b1:fb:f8:ec:f1:64:90:e8:97:28:27:4d:fe:f2:81:a1:
         ef:fe:22:d2:f0:05:79:df:d6:ef:6e:24:e8:b9:f9:ad:a1:d8:
         9a:11:39:a7:8b:52:6e:6a:2c:fd:8e:24:e1:38:74:90:ea:79:
         7b:8d:c3:0f:a9:47:30:54:ee:52:65:60:96:34:8e:17:de:0d:
         52:96:ef:72:22:ce:08:51:1b:df:ab:96:e8:d4:02:cc:6c:a8:
         ef:16:2b:d3:c7:24:c6:b2:08:13:23:5e:ef:5b:1d:81:71:05:
         48:12:85:99:c2:0d:44:0a:82:25:ba:6d:93:84:a2:48:64:07:
         e7:22:32:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0glEk14Zt9FzVvaNYlxduEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMzI0MTYwMTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDViODlhN2IwMGIwMTdjYWQ1NzA0YTRkMzM2YWFjNzFjZDQwMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KIM5xx1a2QLwWqlMg484sj90/xF
6pYymzKR0u5BkCqte8UD9jgARAqRHeVFikteqRcUjGpau45rZcLUHD9uu6j6lvAy
WySuz5kQao0TTd/HkUKAnD2KGeblFspUCI56cYfFatstSxYL6jdOp+VHMn7ceI73
N71rTOZfbXNfyFjEG4VlQeaLIcQbmgYSnwnT6qwuNRsrBtsfbHsCqW7J0Xrk8/aI
C1CAWYhiVnp5Kbc1liPFK5RfflcTroGhd6vFpWta8dbvCVK4IBKgj7fUtFXSEB//
ZGUE0IoDzSK6cofGWAIcfgeUcs6jaFJ+Vqa5J+yUq3jMuXzsqD9SqlwI2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF1biaewCwF8rVcEpNM2qscc1AJ6MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvWFZ1SnA3QUxBWHl0VndTazB6YXF4eHpVQW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXPAwQA
VYXXMA0GCSqGSIb3DQEBCwUAA4IBAQCi+3dwV3y/15sKbn1W/TAmuElWOT64c5/f
OfF0Xu4gVhyvQgeVhZbNDqlgIp3DF+Cc00Ty7eSumcaKGxrwop25T34IDNEm34GB
tVvkWj0QXQxgdhX34mrzmDdBLUx9g2jgsD47VFdXuH53B9HQjID3Nc8l1F6tx/Nn
gR6lH1inebH7+OzxZJDolygnTf7ygaHv/iLS8AV539bvbiToufmtodiaETmni1Ju
aiz9jiThOHSQ6nl7jcMPqUcwVO5SZWCWNI4X3g1Slu9yIs4IURvfq5bo1ALMbKjv
FivTxyTGsggTI17vWx2BcQVIEoWZwg1ECoIlum2ThKJIZAfnIjKV
-----END CERTIFICATE-----