Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/ZUFhy3Q3TnBrOEV6oC_51srJdWY.roa
File:                     ZUFhy3Q3TnBrOEV6oC_51srJdWY.roa (raw, json)
Hash identifier:          9diosIXqGs1+lYyW3HLA/DSBkni7soymXvUgQxb3AL0=
Subject key identifier:   65:41:61:CB:74:37:4E:70:6B:38:45:7A:A0:2F:F9:D6:CA:C9:75:66
Certificate issuer:       /CN=3174ae50711e1ad5f2f82ba20d2f73cab709dab8
Certificate serial:       019DB9C5E234EC5A2F1CE62BA4CCD4E07935
Authority key identifier: 31:74:AE:50:71:1E:1A:D5:F2:F8:2B:A2:0D:2F:73:CA:B7:09:DA:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/ZUFhy3Q3TnBrOEV6oC_51srJdWY.roa
Signing time:             Thu 23 Apr 2026 09:57:26 +0000
ROA not before:           Thu 23 Apr 2026 09:57:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        158.94.160.0/24 maxlen: 24
                          2a0f:6b40::/44 maxlen: 44
                          2a0f:6b41::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:c5:e2:34:ec:5a:2f:1c:e6:2b:a4:cc:d4:e0:79:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3174ae50711e1ad5f2f82ba20d2f73cab709dab8
        Validity
            Not Before: Apr 23 09:57:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=654161cb74374e706b38457aa02ff9d6cac97566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a2:fe:19:c8:d7:6c:5e:1e:96:56:81:0f:b0:
                    08:a0:ba:16:c8:dc:e2:4f:8b:d1:3f:65:01:9d:fb:
                    eb:2e:47:31:9d:94:5b:99:c7:fb:ff:47:43:90:f5:
                    93:9a:b4:03:e1:18:56:2e:cb:0c:be:c1:02:b0:a9:
                    4a:6f:3a:ef:2c:ea:4e:3f:94:0a:f3:bb:61:ae:15:
                    06:12:8b:52:61:4a:94:03:64:f2:e4:c7:69:c0:7b:
                    82:0f:d1:23:7d:58:e3:23:ab:07:2e:58:80:d3:01:
                    0f:a8:f9:03:8b:e3:6b:3c:4c:f9:18:25:dc:22:90:
                    21:29:fc:95:61:5a:7c:3a:e3:d5:a4:e0:d9:8e:9a:
                    d2:12:50:21:0d:36:40:a0:56:10:2f:fa:2e:0c:42:
                    a5:03:63:d1:e9:b4:7e:8b:bd:0f:8d:3e:47:08:56:
                    ec:14:2b:b5:34:bf:18:b8:0d:9c:8d:83:7e:0a:0a:
                    54:8d:34:b5:f8:f0:67:c9:2c:b8:78:0f:1e:c5:ba:
                    fa:71:12:99:d2:70:41:fd:50:61:33:7e:e3:32:9f:
                    1f:1e:ac:08:d7:e6:d3:ca:48:04:09:9c:b8:83:da:
                    e3:f4:78:c9:fc:39:91:d8:b0:4a:94:3f:58:b2:aa:
                    c6:89:64:71:78:55:65:9e:cc:5e:fe:ad:1e:a3:1f:
                    bb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:61:CB:74:37:4E:70:6B:38:45:7A:A0:2F:F9:D6:CA:C9:75:66
            X509v3 Authority Key Identifier:
                keyid:31:74:AE:50:71:1E:1A:D5:F2:F8:2B:A2:0D:2F:73:CA:B7:09:DA:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/ZUFhy3Q3TnBrOEV6oC_51srJdWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/7e75fd-865c-4240-be38-9e6822ca8899/1/MXSuUHEeGtXy-CuiDS9zyrcJ2rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.160.0/24
                IPv6:
                  2a0f:6b40::/44
                  2a0f:6b41::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:e3:92:47:68:50:7b:32:9b:8d:1d:15:ab:8a:25:cc:e3:de:
         0c:1a:fe:9a:f4:45:d5:ea:42:8e:65:d5:1d:e4:84:5b:fb:e3:
         9c:fb:67:65:43:92:89:48:63:43:96:7e:cf:d3:d5:b4:f0:a3:
         88:8f:38:5d:12:8b:50:ac:6a:94:36:3d:7b:9a:46:23:4b:2a:
         86:1f:18:c3:37:39:a0:99:d4:67:bd:59:c4:30:cc:a6:77:b4:
         6a:36:e3:00:92:b4:87:6f:9e:1a:52:39:0e:cf:ae:ff:b0:21:
         cb:1a:fd:88:03:db:d0:7c:1d:cf:da:e6:9e:cb:3e:74:7d:8d:
         25:35:d8:49:5e:6b:88:fa:f6:59:07:fd:8b:48:af:b7:e0:3e:
         f3:3c:d6:34:f1:34:bf:cf:c5:8f:31:fc:ab:a9:8e:0e:5a:1c:
         ed:ac:24:b5:d2:f6:4c:3c:66:54:ba:df:0e:17:a8:13:cc:af:
         d2:ca:bd:8e:db:48:7a:4b:29:40:e4:26:7f:28:50:69:c4:ef:
         35:cd:71:8e:e0:46:48:e5:33:b7:30:ee:28:49:17:ad:c7:0e:
         d7:44:9f:ee:50:8a:48:44:5f:72:94:d7:86:ea:15:77:d4:66:
         91:20:16:c4:5f:b7:cb:4f:a9:24:85:35:a2:25:01:ae:5a:0f:
         be:0f:60:87
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ25xeI07FovHOYrpMzU4Hk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNzRhZTUwNzExZTFhZDVmMmY4MmJhMjBkMmY3M2NhYjcw
OWRhYjgwHhcNMjYwNDIzMDk1NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxNjFjYjc0Mzc0ZTcwNmIzODQ1N2FhMDJmZjlkNmNhYzk3NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6L+GcjXbF4ellaBD7AIoLoWyNzi
T4vRP2UBnfvrLkcxnZRbmcf7/0dDkPWTmrQD4RhWLssMvsECsKlKbzrvLOpOP5QK
87thrhUGEotSYUqUA2Ty5MdpwHuCD9EjfVjjI6sHLliA0wEPqPkDi+NrPEz5GCXc
IpAhKfyVYVp8OuPVpODZjprSElAhDTZAoFYQL/ouDEKlA2PR6bR+i70PjT5HCFbs
FCu1NL8YuA2cjYN+CgpUjTS1+PBnySy4eA8exbr6cRKZ0nBB/VBhM37jMp8fHqwI
1+bTykgECZy4g9rj9HjJ/DmR2LBKlD9YsqrGiWRxeFVlnsxe/q0eox+7UQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGVBYct0N05wazhFeqAv+dbKyXVmMB8GA1UdIwQY
MBaAFDF0rlBxHhrV8vgrog0vc8q3Cdq4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVhTdVVIRWVHdFh5LUN1aURTOXp5cmNKMnJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS83ZTc1ZmQtODY1Yy00MjQwLWJlMzgt
OWU2ODIyY2E4ODk5LzEvWlVGaHkzUTNUbkJyT0VWNm9DXzUxc3JKZFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS83ZTc1ZmQtODY1Yy00MjQwLWJlMzgtOWU2ODIyY2E4ODk5
LzEvTVhTdVVIRWVHdFh5LUN1aURTOXp5cmNKMnJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAnl6gMBgE
AgACMBIDBwQqD2tAAAADBwQqD2tBAAAwDQYJKoZIhvcNAQELBQADggEBADjjkkdo
UHsym40dFauKJczj3gwa/pr0RdXqQo5l1R3khFv745z7Z2VDkolIY0OWfs/T1bTw
o4iPOF0Si1CsapQ2PXuaRiNLKoYfGMM3OaCZ1Ge9WcQwzKZ3tGo24wCStIdvnhpS
OQ7Prv+wIcsa/YgD29B8Hc/a5p7LPnR9jSU12Elea4j69lkH/YtIr7fgPvM81jTx
NL/PxY8x/Kupjg5aHO2sJLXS9kw8ZlS63w4XqBPMr9LKvY7bSHpLKUDkJn8oUGnE
7zXNcY7gRkjlM7cw7ihJF63HDtdEn+5QikhEX3KU14bqFXfUZpEgFsRft8tPqSSF
NaIlAa5aD74PYIc=
-----END CERTIFICATE-----