Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Z8LmUM-GU0jq0b-exMtt-gLqFl8.roa
File:                     Z8LmUM-GU0jq0b-exMtt-gLqFl8.roa (raw, json)
Hash identifier:          BF9VNl1VSdTRVDJzeZcHMUu08FF1duVEeS4jSsf1yS8=
Subject key identifier:   67:C2:E6:50:CF:86:53:48:EA:D1:BF:9E:C4:CB:6D:FA:02:EA:16:5F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019E53F52B744464676D70F30427249ACDA8
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Z8LmUM-GU0jq0b-exMtt-gLqFl8.roa
Signing time:             Sat 23 May 2026 08:30:36 +0000
ROA not before:           Sat 23 May 2026 08:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211904
IP address blocks:        213.176.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:53:f5:2b:74:44:64:67:6d:70:f3:04:27:24:9a:cd:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 23 08:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67c2e650cf865348ead1bf9ec4cb6dfa02ea165f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:0e:c9:d4:20:51:02:20:d9:05:90:1c:f9:29:
                    df:e0:9b:48:1b:2f:c1:6a:75:49:0f:a0:f5:a0:6b:
                    d5:83:f9:68:20:8b:7c:71:af:62:75:00:60:fa:86:
                    8c:2b:c0:8f:11:8e:b5:64:f3:4c:95:c3:f1:f6:bf:
                    14:d3:5b:5d:e0:d4:b2:dc:51:48:d1:0b:cd:8b:07:
                    65:35:8e:31:e1:97:09:fc:63:64:b4:7b:ef:e3:20:
                    6b:8a:be:77:bd:69:37:9a:c6:90:7a:68:dd:b1:1d:
                    39:bd:be:71:a7:fd:09:fc:af:7a:49:2a:f0:de:0e:
                    a1:5d:ff:25:5e:2c:f9:50:b9:94:ff:09:99:c9:ef:
                    c1:d3:32:cd:52:e1:1d:51:a6:01:df:1f:ff:b0:9d:
                    9c:db:d7:37:2b:bd:8a:6d:16:de:2a:a3:09:fc:0c:
                    3a:aa:77:9a:7f:7e:a9:63:e5:c0:43:54:01:b5:b8:
                    ae:c4:4e:72:37:42:56:f4:d5:6f:15:5d:48:b3:5c:
                    cc:85:5f:e3:f4:af:3a:37:71:34:b6:ae:c7:f9:7e:
                    cf:bf:b3:31:11:9a:65:9d:ac:e0:ca:ad:83:73:5b:
                    38:8b:82:26:dc:34:d4:8a:92:5f:a7:da:00:47:11:
                    6b:1d:ad:a3:5e:d6:81:d4:bc:91:fe:0a:e0:1c:d5:
                    44:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C2:E6:50:CF:86:53:48:EA:D1:BF:9E:C4:CB:6D:FA:02:EA:16:5F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Z8LmUM-GU0jq0b-exMtt-gLqFl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:bd:cf:59:24:ff:99:8d:b6:5c:1f:df:55:e6:73:39:06:b0:
         33:f9:62:16:45:63:cc:38:8c:e8:3f:fa:c1:49:35:4f:7c:82:
         e9:4f:b9:1c:c4:11:ed:b7:60:26:94:f4:1a:d3:28:0d:1b:c7:
         57:c8:a9:be:6f:f7:bb:1e:d6:93:29:67:53:82:77:3e:bf:f8:
         43:c7:54:3f:f7:08:80:bf:58:ad:ed:60:5c:cd:54:c0:cb:cd:
         7d:d5:ec:09:1f:3d:1a:a6:a9:ab:70:b2:3e:f8:c9:37:b3:3c:
         71:94:07:ac:ea:66:c9:14:59:f7:99:ef:44:30:ff:cd:4c:a3:
         73:3d:4b:3d:90:d1:8b:17:7a:8c:07:d9:40:a9:a6:d0:d8:5d:
         5d:f4:f6:b6:40:09:67:a0:03:8a:4c:a6:93:b5:56:f2:da:fb:
         8d:17:7f:f4:d1:79:15:5f:dc:57:e2:fc:2d:f2:3a:47:61:6b:
         20:f2:f9:85:29:4b:61:4f:b0:ca:11:85:2e:b3:cd:47:b3:e6:
         d2:9b:1f:fc:ab:0d:88:6d:18:ad:c3:eb:0c:99:94:1c:a5:93:
         32:f3:ee:b3:ef:6d:0b:bd:90:c7:e0:50:7e:c6:6c:d5:ec:f3:
         af:82:e3:f5:bd:fe:c0:39:57:7a:7f:e2:be:f9:10:0d:3e:fb:
         6f:27:b6:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5T9St0RGRnbXDzBCckms2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwNTIzMDgzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MyZTY1MGNmODY1MzQ4ZWFkMWJmOWVjNGNiNmRmYTAyZWExNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA7J1CBRAiDZBZAc+Snf4JtIGy/B
anVJD6D1oGvVg/loIIt8ca9idQBg+oaMK8CPEY61ZPNMlcPx9r8U01td4NSy3FFI
0QvNiwdlNY4x4ZcJ/GNktHvv4yBrir53vWk3msaQemjdsR05vb5xp/0J/K96SSrw
3g6hXf8lXiz5ULmU/wmZye/B0zLNUuEdUaYB3x//sJ2c29c3K72KbRbeKqMJ/Aw6
qneaf36pY+XAQ1QBtbiuxE5yN0JW9NVvFV1Is1zMhV/j9K86N3E0tq7H+X7Pv7Mx
EZplnazgyq2Dc1s4i4Im3DTUipJfp9oARxFrHa2jXtaB1LyR/grgHNVE7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfC5lDPhlNI6tG/nsTLbfoC6hZfMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvWjhMbVVNLUdVMGpxMGItZXhNdHQtZ0xxRmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bABMA0G
CSqGSIb3DQEBCwUAA4IBAQCAvc9ZJP+ZjbZcH99V5nM5BrAz+WIWRWPMOIzoP/rB
STVPfILpT7kcxBHtt2AmlPQa0ygNG8dXyKm+b/e7HtaTKWdTgnc+v/hDx1Q/9wiA
v1it7WBczVTAy8191ewJHz0apqmrcLI++Mk3szxxlAes6mbJFFn3me9EMP/NTKNz
PUs9kNGLF3qMB9lAqabQ2F1d9Pa2QAlnoAOKTKaTtVby2vuNF3/00XkVX9xX4vwt
8jpHYWsg8vmFKUthT7DKEYUus81Hs+bSmx/8qw2IbRitw+sMmZQcpZMy8+6z720L
vZDH4FB+xmzV7POvguP1vf7AOVd6f+K++RANPvtvJ7aS
-----END CERTIFICATE-----