Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ZryH9-UsCOX56T8_RkvV-o0tlak.roa
File:                     ZryH9-UsCOX56T8_RkvV-o0tlak.roa (raw, json)
Hash identifier:          IoHtho6dpBTHHcfDCss2hJO3rgPbEFHbTGMWgy+L1Po=
Subject key identifier:   66:BC:87:F7:E5:2C:08:E5:F9:E9:3F:3F:46:4B:D5:FA:8D:2D:95:A9
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D671C614945D020DE6AEF128457DD4709
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ZryH9-UsCOX56T8_RkvV-o0tlak.roa
Signing time:             Tue 07 Apr 2026 08:43:26 +0000
ROA not before:           Tue 07 Apr 2026 08:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        194.231.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:1c:61:49:45:d0:20:de:6a:ef:12:84:57:dd:47:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr  7 08:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66bc87f7e52c08e5f9e93f3f464bd5fa8d2d95a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:27:83:93:00:e9:c7:0b:eb:09:b1:fc:17:5d:
                    b4:a1:93:9c:c6:7b:e6:0b:ef:3f:af:53:51:68:a6:
                    b7:9c:31:f8:f8:16:54:6b:8e:d5:50:a2:b1:9d:03:
                    a5:d3:0f:2c:97:82:d1:b0:ce:be:e6:c8:32:8b:e9:
                    c7:e7:eb:92:a1:d1:4c:20:c3:35:1f:6b:c4:81:75:
                    ea:09:1a:f9:9e:0b:ac:11:6c:f5:80:d5:b0:f2:1a:
                    e7:b3:7d:47:b9:7d:38:45:d9:4c:3d:38:b3:5f:3a:
                    ad:08:d6:d9:0d:cc:e7:ba:50:de:c8:46:2b:c0:ca:
                    4b:cc:0e:a1:3f:e6:92:65:01:56:b8:af:f8:18:82:
                    24:a5:58:96:3a:62:3d:33:aa:65:d7:8e:cf:ed:7e:
                    5a:3c:a7:30:62:be:f3:52:af:3d:bb:d3:cc:e2:2a:
                    5b:d7:3e:6f:6e:8f:95:7a:3c:9e:e3:e3:e9:1e:a2:
                    2e:88:4c:86:1a:3f:af:2a:e1:22:0c:f3:ef:d3:2f:
                    81:52:57:2c:14:98:a7:dd:42:c6:0b:a2:76:d2:a5:
                    ba:22:94:ec:ba:41:42:df:ce:c3:44:ef:8b:00:27:
                    cf:5f:2e:44:4e:32:ff:fa:fb:5b:ab:85:9c:41:f7:
                    68:5d:51:7d:33:0a:d6:d7:6a:06:93:14:cf:74:fb:
                    6b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BC:87:F7:E5:2C:08:E5:F9:E9:3F:3F:46:4B:D5:FA:8D:2D:95:A9
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ZryH9-UsCOX56T8_RkvV-o0tlak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:62:30:89:a8:87:b1:05:ec:20:c8:3f:99:3d:bf:71:7e:b3:
         f9:ea:36:b9:0b:86:f7:6d:87:1e:a7:7e:9e:db:fc:de:42:26:
         b2:5e:ce:12:f3:b7:5a:2a:cc:22:87:90:50:77:98:58:6f:16:
         2b:a1:da:bd:0a:a7:2c:81:73:c2:b5:b0:80:be:e4:15:d0:42:
         17:a5:e3:bf:62:c3:22:de:37:0b:5b:b7:29:6c:1c:df:95:63:
         4e:ae:d3:45:e0:19:4a:ec:0a:e0:51:de:aa:53:52:cc:b2:a6:
         37:c5:d4:30:0e:87:7f:38:c2:b2:1a:fd:a0:3b:80:53:15:fe:
         33:fb:e5:2d:9f:b0:07:ca:c1:aa:97:cd:7e:70:af:bf:67:3e:
         19:ba:2e:93:c4:15:a8:3b:ec:3e:57:bf:32:5a:fa:61:00:35:
         5f:f9:92:10:b6:34:1c:fb:9b:52:a9:eb:f2:87:52:b4:c9:5f:
         65:ed:90:20:f4:f4:b8:7e:d4:09:37:71:48:92:f1:88:83:e5:
         2f:b4:8c:3c:2e:fa:17:fe:37:6e:bf:02:e9:3c:8d:f6:0c:60:
         de:d5:4a:25:1e:a1:db:7b:bc:c6:42:82:fe:c6:34:2f:2f:2f:
         f5:f2:f8:35:a2:46:fe:df:17:65:c7:30:73:53:a0:4a:a7:2c:
         9d:27:f6:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nHGFJRdAg3mrvEoRX3UcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDA3MDg0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJjODdmN2U1MmMwOGU1ZjllOTNmM2Y0NjRiZDVmYThkMmQ5NWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCeDkwDpxwvrCbH8F120oZOcxnvm
C+8/r1NRaKa3nDH4+BZUa47VUKKxnQOl0w8sl4LRsM6+5sgyi+nH5+uSodFMIMM1
H2vEgXXqCRr5ngusEWz1gNWw8hrns31HuX04RdlMPTizXzqtCNbZDcznulDeyEYr
wMpLzA6hP+aSZQFWuK/4GIIkpViWOmI9M6pl147P7X5aPKcwYr7zUq89u9PM4ipb
1z5vbo+Vejye4+PpHqIuiEyGGj+vKuEiDPPv0y+BUlcsFJin3ULGC6J20qW6IpTs
ukFC387DRO+LACfPXy5ETjL/+vtbq4WcQfdoXVF9MwrW12oGkxTPdPtrOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa8h/flLAjl+ek/P0ZL1fqNLZWpMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvWnJ5SDktVXNDT1g1NlQ4X1JrdlYtbzB0bGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufKMA0G
CSqGSIb3DQEBCwUAA4IBAQCDYjCJqIexBewgyD+ZPb9xfrP56ja5C4b3bYcep36e
2/zeQiayXs4S87daKswih5BQd5hYbxYrodq9CqcsgXPCtbCAvuQV0EIXpeO/YsMi
3jcLW7cpbBzflWNOrtNF4BlK7ArgUd6qU1LMsqY3xdQwDod/OMKyGv2gO4BTFf4z
++Utn7AHysGql81+cK+/Zz4Zui6TxBWoO+w+V78yWvphADVf+ZIQtjQc+5tSqevy
h1K0yV9l7ZAg9PS4ftQJN3FIkvGIg+UvtIw8LvoX/jduvwLpPI32DGDe1UolHqHb
e7zGQoL+xjQvLy/18vg1okb+3xdlxzBzU6BKpyydJ/bs
-----END CERTIFICATE-----