Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/za_rDahfHz6O2bElMaN9SIImhOw.roa
File:                     za_rDahfHz6O2bElMaN9SIImhOw.roa (raw, json)
Hash identifier:          AI5PG6PYxUKG/YuNfI0eKINeA92axtisn+k86oa3aYg=
Subject key identifier:   CD:AF:EB:0D:A8:5F:1F:3E:8E:D9:B1:25:31:A3:7D:48:82:26:84:EC
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CC2BC0222B31A674FE84A2677270CEC24
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/za_rDahfHz6O2bElMaN9SIImhOw.roa
Signing time:             Fri 06 Mar 2026 10:40:26 +0000
ROA not before:           Fri 06 Mar 2026 10:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207043
IP address blocks:        85.239.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:bc:02:22:b3:1a:67:4f:e8:4a:26:77:27:0c:ec:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar  6 10:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdafeb0da85f1f3e8ed9b12531a37d48822684ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ff:6b:30:81:c7:6a:f7:a5:1b:83:94:37:3d:
                    38:7d:4b:04:6b:04:3d:9c:62:94:24:bc:bd:78:c8:
                    62:4d:fd:80:c8:bf:42:24:c3:37:6d:75:72:bb:dc:
                    1f:16:bd:c9:a0:39:4b:ba:4a:1c:9f:fe:f5:80:b3:
                    9f:bc:cd:c3:47:7c:80:5c:74:7b:64:56:8f:ae:db:
                    b2:54:91:9b:59:39:b5:2b:d6:c8:d0:c7:ab:f2:47:
                    50:b1:3e:b6:6a:fb:d7:bd:f4:63:6a:04:77:38:6b:
                    33:3b:d2:b1:82:80:44:c6:f9:22:7f:f7:f6:d9:c2:
                    ff:f9:4e:c2:2b:d2:95:47:e0:11:a0:da:da:a1:f5:
                    f6:8e:f0:bc:82:db:06:74:bb:21:7e:f6:1a:aa:90:
                    d5:78:ad:6b:94:20:f0:5c:34:c2:b6:1e:02:81:1b:
                    02:81:13:db:7f:6e:70:82:2b:ad:e0:b0:f5:4e:41:
                    22:4b:92:1d:a1:bc:a0:62:b8:ed:2b:7e:60:dd:bb:
                    ff:e3:4d:4a:a2:a6:96:75:f6:48:05:39:c2:9c:e1:
                    57:79:8a:ce:30:9c:f4:8d:63:54:21:cd:6c:34:78:
                    79:68:2d:20:a7:b9:27:6c:31:64:f3:dd:6c:25:cd:
                    2d:3f:e0:7f:48:2e:db:91:13:93:c5:a2:e8:8b:a4:
                    f3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AF:EB:0D:A8:5F:1F:3E:8E:D9:B1:25:31:A3:7D:48:82:26:84:EC
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/za_rDahfHz6O2bElMaN9SIImhOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:89:da:14:be:b9:25:17:9a:3b:a8:6c:73:92:be:5a:72:34:
         b9:3b:a0:59:ac:38:22:e0:ce:49:dc:48:a5:f4:f9:77:7c:06:
         b8:dc:bf:36:e5:78:29:e2:f7:37:c7:80:0f:13:77:4f:6b:ee:
         57:98:af:33:33:5f:a2:b9:10:05:bc:42:19:a0:98:46:19:f2:
         4f:7e:e1:f0:32:bf:16:e5:55:2a:52:34:73:14:e8:65:46:a5:
         ab:7a:e4:e9:90:f5:45:97:86:58:bd:89:54:4d:ef:d1:1a:9f:
         37:f4:88:cd:85:67:87:4a:4f:fd:4a:20:59:77:81:9a:5c:18:
         b3:5a:a2:ee:54:92:90:46:49:82:a5:f5:4a:41:76:5d:dc:d4:
         60:02:dd:ff:75:c7:43:76:29:30:a5:c4:59:16:d8:37:32:63:
         9e:5b:06:87:f1:80:18:17:57:a3:0c:98:59:83:ee:f5:82:df:
         39:11:fb:db:2d:ce:15:78:ab:c4:4a:54:c4:08:40:53:30:d4:
         d7:97:be:c0:97:15:67:5a:73:7d:de:a9:bc:f8:0d:ea:2d:0f:
         8c:c7:40:f3:ec:fc:93:4b:ae:51:5a:f3:eb:b0:e1:51:3b:2e:
         a8:01:d4:87:7d:8e:ae:a2:4a:4a:f8:6d:ca:d8:94:3e:9e:a2:
         e0:99:f6:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCvAIisxpnT+hKJncnDOwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzA2MTA0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFmZWIwZGE4NWYxZjNlOGVkOWIxMjUzMWEzN2Q0ODgyMjY4NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/9rMIHHavelG4OUNz04fUsEawQ9
nGKUJLy9eMhiTf2AyL9CJMM3bXVyu9wfFr3JoDlLukocn/71gLOfvM3DR3yAXHR7
ZFaPrtuyVJGbWTm1K9bI0Mer8kdQsT62avvXvfRjagR3OGszO9KxgoBExvkif/f2
2cL/+U7CK9KVR+ARoNraofX2jvC8gtsGdLshfvYaqpDVeK1rlCDwXDTCth4CgRsC
gRPbf25wgiut4LD1TkEiS5IdobygYrjtK35g3bv/401KoqaWdfZIBTnCnOFXeYrO
MJz0jWNUIc1sNHh5aC0gp7knbDFk891sJc0tP+B/SC7bkROTxaLoi6TzfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2v6w2oXx8+jtmxJTGjfUiCJoTsMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvemFfckRhaGZIejZPMmJFbE1hTjlTSUltaE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+QMA0G
CSqGSIb3DQEBCwUAA4IBAQAIidoUvrklF5o7qGxzkr5acjS5O6BZrDgi4M5J3Eil
9Pl3fAa43L825Xgp4vc3x4APE3dPa+5XmK8zM1+iuRAFvEIZoJhGGfJPfuHwMr8W
5VUqUjRzFOhlRqWreuTpkPVFl4ZYvYlUTe/RGp839IjNhWeHSk/9SiBZd4GaXBiz
WqLuVJKQRkmCpfVKQXZd3NRgAt3/dcdDdikwpcRZFtg3MmOeWwaH8YAYF1ejDJhZ
g+71gt85EfvbLc4VeKvESlTECEBTMNTXl77AlxVnWnN93qm8+A3qLQ+Mx0Dz7PyT
S65RWvPrsOFROy6oAdSHfY6uokpK+G3K2JQ+nqLgmfaq
-----END CERTIFICATE-----