Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/Zu-ElV4uUmsS8N-T5zbcqTuwkyg.roa
File:                     Zu-ElV4uUmsS8N-T5zbcqTuwkyg.roa (raw, json)
Hash identifier:          3I4QEhvQK0en7UHCJ9hltNJw37O1fUahnvRcDgraIJI=
Subject key identifier:   66:EF:84:95:5E:2E:52:6B:12:F0:DF:93:E7:36:DC:A9:3B:B0:93:28
Certificate issuer:       /CN=b55343aa21c74a39fcd5183f4fdf55dc4679e83d
Certificate serial:       019B7C8066C2AE1A697CD306E6238299FDA2
Authority key identifier: B5:53:43:AA:21:C7:4A:39:FC:D5:18:3F:4F:DF:55:DC:46:79:E8:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVNDqiHHSjn81Rg_T99V3EZ56D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/Zu-ElV4uUmsS8N-T5zbcqTuwkyg.roa
Signing time:             Fri 02 Jan 2026 02:19:08 +0000
ROA not before:           Fri 02 Jan 2026 02:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214335
IP address blocks:        213.163.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/tVNDqiHHSjn81Rg_T99V3EZ56D0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/tVNDqiHHSjn81Rg_T99V3EZ56D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVNDqiHHSjn81Rg_T99V3EZ56D0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:66:c2:ae:1a:69:7c:d3:06:e6:23:82:99:fd:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55343aa21c74a39fcd5183f4fdf55dc4679e83d
        Validity
            Not Before: Jan  2 02:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66ef84955e2e526b12f0df93e736dca93bb09328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:a2:c3:01:29:ba:3d:b6:12:be:e1:4b:44:
                    58:19:a2:6a:b4:42:52:71:02:9f:8c:05:e4:fd:93:
                    e7:eb:37:5b:37:0a:f3:e6:14:fc:a9:01:4b:d6:f5:
                    aa:fc:c1:ed:1a:6b:47:e4:7e:a9:3c:c4:62:e3:8c:
                    68:b7:38:f3:2d:4c:72:ac:d2:9e:f8:ef:83:19:71:
                    bf:60:52:48:12:75:b2:6f:11:d5:73:28:47:e6:fc:
                    0b:7d:91:21:65:80:bd:cf:04:c6:67:d9:aa:72:7c:
                    55:00:c9:ba:46:eb:34:44:81:0f:15:21:0f:d2:66:
                    6c:95:15:cf:5f:8e:fc:c1:7a:66:d8:0d:2e:f8:ca:
                    b9:7b:12:45:1b:12:e6:59:9b:9b:ab:3e:9d:3e:3e:
                    62:ef:c0:90:79:06:8c:61:ce:bc:c8:73:d1:81:ad:
                    58:e1:dd:6e:6a:02:8b:82:04:af:d7:e2:3e:2f:99:
                    9d:ac:65:1d:06:ef:3d:49:e4:44:be:1c:d4:7c:e5:
                    8c:2e:ad:14:30:d9:13:21:5c:9a:83:95:ae:a9:73:
                    0d:37:b8:8b:43:a8:46:ae:b6:a2:41:ea:14:51:a1:
                    77:5f:2e:b6:91:97:bb:bb:c5:58:10:3e:92:08:8c:
                    8e:e8:4e:97:5d:3d:18:57:27:28:1b:7b:24:6c:91:
                    76:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EF:84:95:5E:2E:52:6B:12:F0:DF:93:E7:36:DC:A9:3B:B0:93:28
            X509v3 Authority Key Identifier:
                keyid:B5:53:43:AA:21:C7:4A:39:FC:D5:18:3F:4F:DF:55:DC:46:79:E8:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVNDqiHHSjn81Rg_T99V3EZ56D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/Zu-ElV4uUmsS8N-T5zbcqTuwkyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c49c08-92ab-4cb1-809b-4ec7b5efae37/1/tVNDqiHHSjn81Rg_T99V3EZ56D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.163.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b8:4d:9f:e4:37:2b:1b:8a:f2:ed:55:de:a6:a2:e0:ac:30:
         48:aa:b6:e6:a3:97:21:72:60:c6:aa:8d:22:04:8f:c6:c2:0c:
         6a:3a:58:e9:06:2f:7e:46:73:77:68:bc:1e:8f:c0:9c:36:bb:
         90:bf:d8:db:e8:b0:17:03:cd:0f:8a:b1:0e:5a:89:a1:99:a0:
         4e:fd:89:99:37:88:f9:c3:52:67:a4:d3:7a:35:b3:d6:46:85:
         09:7b:9d:57:9c:6b:1c:45:ce:a2:85:c2:b8:c6:bc:8e:62:f9:
         78:bc:b7:14:e8:85:4b:35:79:1f:ea:d4:46:83:55:31:a2:e5:
         9d:dd:87:ee:69:bf:28:d3:f5:18:a9:da:90:1d:52:d4:f7:35:
         e6:6d:e4:f9:a9:a0:2e:14:b4:d1:cc:4c:fa:7c:22:5f:5b:a4:
         ac:33:51:53:fa:81:0d:80:02:2a:b6:ec:4b:76:f3:c8:81:fc:
         3f:01:b2:d6:1b:82:ee:92:c5:bc:04:b2:63:91:fe:a1:8b:81:
         e8:1c:da:ae:ea:a0:78:cc:de:fb:6c:70:f9:c6:cf:5b:28:32:
         91:93:56:60:43:3e:48:f3:c3:fe:57:68:25:d2:40:bd:ee:ee:
         3f:39:7a:5a:6c:7d:5c:62:3e:55:24:cc:04:fd:c7:df:56:7d:
         62:c7:28:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gGbCrhppfNMG5iOCmf2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTM0M2FhMjFjNzRhMzlmY2Q1MTgzZjRmZGY1NWRjNDY3
OWU4M2QwHhcNMjYwMTAyMDIxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmVmODQ5NTVlMmU1MjZiMTJmMGRmOTNlNzM2ZGNhOTNiYjA5MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqseiwwEpuj22Er7hS0RYGaJqtEJS
cQKfjAXk/ZPn6zdbNwrz5hT8qQFL1vWq/MHtGmtH5H6pPMRi44xotzjzLUxyrNKe
+O+DGXG/YFJIEnWybxHVcyhH5vwLfZEhZYC9zwTGZ9mqcnxVAMm6Rus0RIEPFSEP
0mZslRXPX478wXpm2A0u+Mq5exJFGxLmWZubqz6dPj5i78CQeQaMYc68yHPRga1Y
4d1uagKLggSv1+I+L5mdrGUdBu89SeREvhzUfOWMLq0UMNkTIVyag5WuqXMNN7iL
Q6hGrraiQeoUUaF3Xy62kZe7u8VYED6SCIyO6E6XXT0YVycoG3skbJF2kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbvhJVeLlJrEvDfk+c23Kk7sJMoMB8GA1UdIwQY
MBaAFLVTQ6ohx0o5/NUYP0/fVdxGeeg9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZORHFpSEhTam44MVJnX1Q5OVYzRVo1NkQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9jNDljMDgtOTJhYi00Y2IxLTgwOWIt
NGVjN2I1ZWZhZTM3LzEvWnUtRWxWNHVVbXNTOE4tVDV6YmNxVHV3a3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9jNDljMDgtOTJhYi00Y2IxLTgwOWItNGVjN2I1ZWZhZTM3
LzEvdFZORHFpSEhTam44MVJnX1Q5OVYzRVo1NkQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aPsMA0G
CSqGSIb3DQEBCwUAA4IBAQAzuE2f5DcrG4ry7VXepqLgrDBIqrbmo5chcmDGqo0i
BI/GwgxqOljpBi9+RnN3aLwej8CcNruQv9jb6LAXA80PirEOWomhmaBO/YmZN4j5
w1JnpNN6NbPWRoUJe51XnGscRc6ihcK4xryOYvl4vLcU6IVLNXkf6tRGg1UxouWd
3Yfuab8o0/UYqdqQHVLU9zXmbeT5qaAuFLTRzEz6fCJfW6SsM1FT+oENgAIqtuxL
dvPIgfw/AbLWG4LuksW8BLJjkf6hi4HoHNqu6qB4zN77bHD5xs9bKDKRk1ZgQz5I
88P+V2gl0kC97u4/OXpabH1cYj5VJMwE/cffVn1ixyiE
-----END CERTIFICATE-----