Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/zbPHBRrSSTxxm5GjBesQOmg5BOU.roa
File:                     zbPHBRrSSTxxm5GjBesQOmg5BOU.roa (raw, json)
Hash identifier:          2nuGIy4NdEBraXqbAUjxFu75DMqgnt0PJMHdEvGwETc=
Subject key identifier:   CD:B3:C7:05:1A:D2:49:3C:71:9B:91:A3:05:EB:10:3A:68:39:04:E5
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       019C03FBAA3BBA901FAB70E7ECDF86FE6565
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/zbPHBRrSSTxxm5GjBesQOmg5BOU.roa
Signing time:             Wed 28 Jan 2026 09:42:30 +0000
ROA not before:           Wed 28 Jan 2026 09:42:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205009
IP address blocks:        91.200.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:03:fb:aa:3b:ba:90:1f:ab:70:e7:ec:df:86:fe:65:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Jan 28 09:42:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdb3c7051ad2493c719b91a305eb103a683904e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ae:ff:f3:0a:49:bf:87:5f:b9:bd:96:40:ea:
                    68:da:a0:66:c5:12:96:bb:92:aa:a6:2f:c2:64:e0:
                    69:5c:3c:27:8c:cb:f8:3e:73:21:0d:2d:a8:d2:05:
                    37:5c:a2:99:5a:96:35:40:77:b6:2b:c4:53:c3:37:
                    91:43:e7:eb:b7:7b:75:fb:06:a8:67:ef:c2:8d:65:
                    a1:47:ec:38:fa:b7:70:77:d7:da:16:86:c0:6b:22:
                    b9:dc:51:06:40:4f:23:f5:ab:9c:39:d8:ef:74:45:
                    3c:0d:c3:e5:a8:81:8f:e1:32:f3:9e:f9:e1:24:a9:
                    95:ee:07:ab:79:7d:a9:27:c1:b8:ae:29:00:3c:d4:
                    0d:72:7d:8a:40:ca:26:48:32:80:71:fb:f1:ed:00:
                    3a:b5:d9:1e:cf:f5:53:7c:cd:87:41:e5:c2:ec:14:
                    a3:fa:60:15:9a:0f:01:ea:7c:56:b6:76:87:4d:9c:
                    bb:bd:0c:00:73:b8:b9:c9:5d:74:fd:6d:ea:fd:fd:
                    27:f5:44:e0:84:ae:d2:51:5d:3a:7e:af:4b:12:e8:
                    68:b4:fa:c8:47:32:f5:fa:06:2e:0b:bf:b8:3e:ee:
                    2e:74:70:a4:b8:0d:90:cc:b5:84:8f:70:bf:60:05:
                    a8:b9:ae:c5:68:92:21:95:b9:89:c4:c4:95:b0:14:
                    56:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:B3:C7:05:1A:D2:49:3C:71:9B:91:A3:05:EB:10:3A:68:39:04:E5
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/zbPHBRrSSTxxm5GjBesQOmg5BOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:1e:41:50:de:d7:65:15:a3:09:72:24:99:29:23:0d:df:d8:
         6b:b5:78:74:2b:8f:08:c0:43:31:42:af:57:19:4f:fc:89:e8:
         b0:ae:9f:e0:28:8c:00:2f:00:de:5c:e1:20:e6:df:56:bf:26:
         ef:49:4d:78:f3:c7:7e:30:3d:cd:20:b6:36:2f:f4:f3:52:67:
         56:d4:77:28:12:08:9d:95:7c:08:e7:63:15:ac:84:77:19:cb:
         21:2c:d5:b0:18:6f:19:6b:5f:0c:23:05:65:dd:3b:22:20:ec:
         96:ea:39:95:26:5d:8d:a6:3f:8e:86:35:4a:34:5b:1a:60:1b:
         61:e7:01:21:24:7c:fd:c5:25:60:d5:9a:9e:24:95:32:d3:0d:
         1f:7a:30:fe:2f:dd:8e:61:f4:7a:17:f5:cf:dd:f8:75:65:02:
         f6:82:67:f7:55:fe:3c:53:1f:a2:80:88:c7:e2:a4:7f:7a:7c:
         26:c9:1c:4f:a6:f5:00:84:07:68:8c:7e:f9:f5:14:2a:f6:8b:
         f5:00:e7:f0:39:7a:6f:93:c4:54:8c:82:4a:72:88:a3:8b:06:
         46:47:cc:87:1d:21:c2:3c:e0:f2:30:3c:f2:77:23:c9:9c:4c:
         13:15:13:91:da:cf:34:05:31:01:5a:bd:d8:97:be:71:58:78:
         8f:e4:4f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwD+6o7upAfq3Dn7N+G/mVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjYwMTI4MDk0MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGIzYzcwNTFhZDI0OTNjNzE5YjkxYTMwNWViMTAzYTY4MzkwNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK7/8wpJv4dfub2WQOpo2qBmxRKW
u5Kqpi/CZOBpXDwnjMv4PnMhDS2o0gU3XKKZWpY1QHe2K8RTwzeRQ+frt3t1+wao
Z+/CjWWhR+w4+rdwd9faFobAayK53FEGQE8j9aucOdjvdEU8DcPlqIGP4TLznvnh
JKmV7gereX2pJ8G4rikAPNQNcn2KQMomSDKAcfvx7QA6tdkez/VTfM2HQeXC7BSj
+mAVmg8B6nxWtnaHTZy7vQwAc7i5yV10/W3q/f0n9UTghK7SUV06fq9LEuhotPrI
RzL1+gYuC7+4Pu4udHCkuA2QzLWEj3C/YAWoua7FaJIhlbmJxMSVsBRWVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2zxwUa0kk8cZuRowXrEDpoOQTlMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvemJQSEJSclNTVHh4bTVHakJlc1FPbWc1Qk9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8g5MA0G
CSqGSIb3DQEBCwUAA4IBAQBOHkFQ3tdlFaMJciSZKSMN39hrtXh0K48IwEMxQq9X
GU/8ieiwrp/gKIwALwDeXOEg5t9WvybvSU1488d+MD3NILY2L/TzUmdW1HcoEgid
lXwI52MVrIR3GcshLNWwGG8Za18MIwVl3TsiIOyW6jmVJl2Npj+OhjVKNFsaYBth
5wEhJHz9xSVg1ZqeJJUy0w0fejD+L92OYfR6F/XP3fh1ZQL2gmf3Vf48Ux+igIjH
4qR/enwmyRxPpvUAhAdojH759RQq9ov1AOfwOXpvk8RUjIJKcoijiwZGR8yHHSHC
PODyMDzydyPJnEwTFROR2s80BTEBWr3Yl75xWHiP5E9Q
-----END CERTIFICATE-----