Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/ZCzBAKCBRfQCNfF6i55cmMnjJrs.roa
File:                     ZCzBAKCBRfQCNfF6i55cmMnjJrs.roa (raw, json)
Hash identifier:          QiD+ABZA45afba3sbHjRUZrXE+YSuA8LnCZHvOEsoVg=
Subject key identifier:   64:2C:C1:00:A0:81:45:F4:02:35:F1:7A:8B:9E:5C:98:C9:E3:26:BB
Certificate issuer:       /CN=34f4fb7d6a8cb87dd9da06d766a0838cf3560402
Certificate serial:       019B7EA50BFBEA7496389F4EB47A486A4AF7
Authority key identifier: 34:F4:FB:7D:6A:8C:B8:7D:D9:DA:06:D7:66:A0:83:8C:F3:56:04:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/ZCzBAKCBRfQCNfF6i55cmMnjJrs.roa
Signing time:             Fri 02 Jan 2026 12:18:24 +0000
ROA not before:           Fri 02 Jan 2026 12:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57447
IP address blocks:        185.161.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:0b:fb:ea:74:96:38:9f:4e:b4:7a:48:6a:4a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f4fb7d6a8cb87dd9da06d766a0838cf3560402
        Validity
            Not Before: Jan  2 12:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=642cc100a08145f40235f17a8b9e5c98c9e326bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:16:54:ec:77:88:19:44:76:92:29:e9:5b:
                    f6:db:cf:91:b1:ba:01:b6:f2:9c:39:2e:51:92:48:
                    87:7d:fd:38:8d:c0:b3:a0:62:f6:ce:33:3e:83:cf:
                    c7:f1:55:28:33:8a:81:e1:f6:d8:70:b9:8c:ed:b6:
                    5f:01:3d:0f:e4:04:f7:e8:a1:da:2a:bc:35:fc:f4:
                    3e:d5:86:80:77:ee:06:c1:08:70:26:5d:7b:ad:3e:
                    7d:41:65:7a:f5:a7:d2:5f:56:9a:00:00:10:1a:95:
                    d1:9a:f6:5f:76:4e:71:6b:d0:0c:df:e5:bf:a4:38:
                    94:c3:e2:17:a9:b9:87:1c:05:2e:31:9a:e8:f6:ae:
                    f0:a6:fb:3c:7e:5d:d6:c1:77:b4:86:f7:47:2a:03:
                    37:7c:aa:3c:6c:40:22:78:1f:79:97:ee:ee:e8:d6:
                    1b:7e:b6:6b:71:4b:74:45:68:5c:df:43:5e:45:72:
                    15:b9:0c:a2:6f:ac:12:30:94:cf:48:a3:33:70:24:
                    43:4f:71:0e:8a:7e:19:8a:eb:60:ea:25:45:80:9c:
                    47:0b:ba:c4:1c:f4:6d:75:ef:5a:05:66:4c:29:0b:
                    bc:e4:71:91:e2:3c:d2:8b:e6:6a:c2:7a:fa:fc:48:
                    35:82:ec:07:38:3d:46:bc:d7:99:c0:44:2c:88:d2:
                    de:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2C:C1:00:A0:81:45:F4:02:35:F1:7A:8B:9E:5C:98:C9:E3:26:BB
            X509v3 Authority Key Identifier:
                keyid:34:F4:FB:7D:6A:8C:B8:7D:D9:DA:06:D7:66:A0:83:8C:F3:56:04:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/ZCzBAKCBRfQCNfF6i55cmMnjJrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/acbc65-811a-4209-b6b0-ae355b2ae6ef/1/NPT7fWqMuH3Z2gbXZqCDjPNWBAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:18:8b:95:1b:5d:4a:44:d1:38:2f:c0:44:7b:de:58:18:44:
         bd:c4:06:4a:35:49:7b:1c:53:8a:7d:60:88:7c:8b:25:3c:93:
         79:d0:80:8d:3b:da:77:23:45:17:29:97:df:0c:2a:12:80:76:
         46:d6:98:60:ef:db:bd:14:c4:fb:4f:c1:1b:6b:bf:71:72:3c:
         1d:f2:4b:c5:7a:3c:98:8b:a3:b2:46:e4:a9:38:d4:f6:08:76:
         77:d4:1e:9b:5e:e4:2e:44:a5:57:c2:16:0d:b0:e7:d1:75:98:
         28:49:52:70:56:55:d2:f6:9f:ae:1b:5d:a0:7e:03:c6:6f:60:
         99:87:c5:27:3e:b5:db:8a:0c:7a:96:07:a8:90:d2:f9:96:ca:
         59:e8:ba:aa:98:4a:a1:d4:de:5e:e3:c4:0a:bb:7f:91:6b:81:
         15:52:0e:9b:6a:ca:f5:3b:3b:44:f6:48:21:6e:5f:31:5b:6b:
         87:f3:6b:14:1f:97:53:16:88:26:62:f2:86:b5:2f:a5:5b:48:
         22:29:69:2e:4f:4b:de:e3:d0:e2:29:ce:22:4a:e9:ff:79:9c:
         37:c1:b1:68:7a:61:59:a9:46:d9:7a:25:09:96:f7:43:2f:e2:
         a0:a9:13:dd:aa:95:d6:65:56:8b:09:8d:89:23:a5:85:71:5e:
         f0:9a:cf:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pQv76nSWOJ9OtHpIakr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjRmYjdkNmE4Y2I4N2RkOWRhMDZkNzY2YTA4MzhjZjM1
NjA0MDIwHhcNMjYwMTAyMTIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJjYzEwMGEwODE0NWY0MDIzNWYxN2E4YjllNWM5OGM5ZTMyNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFkWVOx3iBlEdpIp6Vv228+RsboB
tvKcOS5RkkiHff04jcCzoGL2zjM+g8/H8VUoM4qB4fbYcLmM7bZfAT0P5AT36KHa
Krw1/PQ+1YaAd+4GwQhwJl17rT59QWV69afSX1aaAAAQGpXRmvZfdk5xa9AM3+W/
pDiUw+IXqbmHHAUuMZro9q7wpvs8fl3WwXe0hvdHKgM3fKo8bEAieB95l+7u6NYb
frZrcUt0RWhc30NeRXIVuQyib6wSMJTPSKMzcCRDT3EOin4Ziutg6iVFgJxHC7rE
HPRtde9aBWZMKQu85HGR4jzSi+Zqwnr6/Eg1guwHOD1GvNeZwEQsiNLeeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQswQCggUX0AjXxeoueXJjJ4ya7MB8GA1UdIwQY
MBaAFDT0+31qjLh92doG12agg4zzVgQCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBUN2ZXcU11SDNaMmdiWFpxQ0RqUE5XQkFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hY2JjNjUtODExYS00MjA5LWI2YjAt
YWUzNTViMmFlNmVmLzEvWkN6QkFLQ0JSZlFDTmZGNmk1NWNtTW5qSnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hY2JjNjUtODExYS00MjA5LWI2YjAtYWUzNTViMmFlNmVm
LzEvTlBUN2ZXcU11SDNaMmdiWFpxQ0RqUE5XQkFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF6MA0G
CSqGSIb3DQEBCwUAA4IBAQAiGIuVG11KRNE4L8BEe95YGES9xAZKNUl7HFOKfWCI
fIslPJN50ICNO9p3I0UXKZffDCoSgHZG1phg79u9FMT7T8Eba79xcjwd8kvFejyY
i6OyRuSpONT2CHZ31B6bXuQuRKVXwhYNsOfRdZgoSVJwVlXS9p+uG12gfgPGb2CZ
h8UnPrXbigx6lgeokNL5lspZ6LqqmEqh1N5e48QKu3+Ra4EVUg6basr1OztE9kgh
bl8xW2uH82sUH5dTFogmYvKGtS+lW0giKWkuT0ve49DiKc4iSun/eZw3wbFoemFZ
qUbZeiUJlvdDL+KgqRPdqpXWZVaLCY2JI6WFcV7wms+E
-----END CERTIFICATE-----