Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/zzuk5TnXNh6hkgchUhyabpDq5CY.roa
File:                     zzuk5TnXNh6hkgchUhyabpDq5CY.roa (raw, json)
Hash identifier:          wiwbvt+dkFmRx2XydJYHYR38aA8vAJf/mTvsPyYt9ow=
Subject key identifier:   CF:3B:A4:E5:39:D7:36:1E:A1:92:07:21:52:1C:9A:6E:90:EA:E4:26
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       019A1A40C2AA5B90B02CFB6AF9B65E4FD8F3
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/zzuk5TnXNh6hkgchUhyabpDq5CY.roa
Signing time:             Sat 25 Oct 2025 07:24:03 +0000
ROA not before:           Sat 25 Oct 2025 07:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.101.168.0/23 maxlen: 24
                          185.101.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1a:40:c2:aa:5b:90:b0:2c:fb:6a:f9:b6:5e:4f:d8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Oct 25 07:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf3ba4e539d7361ea1920721521c9a6e90eae426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:5f:3a:d8:9a:36:50:cb:5a:6f:a7:57:43:
                    92:e1:6f:c4:25:b7:55:f0:62:c8:57:61:f9:3a:74:
                    f1:45:43:9b:1d:de:08:17:58:cc:90:46:95:30:b1:
                    b3:c0:89:9f:26:ca:71:fc:0c:80:b8:64:50:5b:8b:
                    37:8e:1a:e1:84:e2:33:26:39:23:d7:4f:40:07:b2:
                    2d:3a:3e:ba:51:e4:e6:73:2e:09:89:3d:70:42:19:
                    8b:78:71:bd:a5:7f:aa:66:6c:01:9b:96:c4:10:f9:
                    37:88:21:33:04:7e:8a:98:ca:96:ed:cc:ef:7e:92:
                    1c:ee:8c:de:98:92:10:e4:7d:e3:7c:0f:2b:e6:9f:
                    3d:a1:c5:f4:e1:c5:ff:dd:61:fa:82:ab:50:8e:9e:
                    0a:15:f2:6b:d5:3e:fa:a3:a5:b0:43:d5:0e:7d:42:
                    d1:f4:dd:c9:a4:77:d2:8a:97:dd:f9:64:bd:62:2b:
                    d6:45:8c:26:4a:c1:08:6c:2c:b8:cc:4e:4f:04:46:
                    e7:0b:a1:74:e5:b6:c8:04:ea:2f:4f:bd:f6:11:04:
                    81:f2:e2:3b:22:60:3b:eb:24:3b:b3:e8:2f:41:c1:
                    c1:d7:8c:01:9f:cc:d3:7d:09:6b:45:d2:b1:8e:90:
                    50:75:4f:1a:66:bf:6c:2f:4a:8e:48:66:7c:13:36:
                    9c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3B:A4:E5:39:D7:36:1E:A1:92:07:21:52:1C:9A:6E:90:EA:E4:26
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/zzuk5TnXNh6hkgchUhyabpDq5CY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:a5:f7:81:27:fd:ec:b4:4e:63:46:a0:da:77:be:1f:0c:5e:
         74:20:d4:62:05:0a:6c:83:2c:ad:5c:95:55:2a:7b:e8:77:3a:
         7a:41:83:0c:b6:86:2b:73:e4:b2:82:6f:70:8e:a9:d9:69:5c:
         9a:e4:c5:3e:e3:41:18:11:d0:34:51:f2:f0:52:53:66:ac:ec:
         c2:91:56:d2:e8:3d:1e:72:70:7d:54:a5:55:e9:ce:c3:22:a4:
         72:d5:fc:d7:3c:e8:35:23:71:56:ad:22:f2:28:e9:e3:1c:1c:
         5c:1b:59:cd:a6:4a:7d:cb:4d:9f:5f:06:f7:02:d1:f0:be:fb:
         1b:26:5d:dd:f4:fb:b7:5d:71:06:c4:42:a3:2d:b1:32:0c:7a:
         f4:8a:6b:3f:bd:9d:57:8b:33:9a:4d:17:2e:c7:56:50:16:6d:
         37:0a:01:02:60:a4:08:f9:b1:a0:3c:03:74:a7:b4:ee:1b:59:
         d4:f9:c2:75:f4:ac:a4:a6:40:c7:8c:b0:c2:f7:ec:87:18:bf:
         a6:da:59:e7:58:36:86:f3:56:cf:db:ff:83:64:1d:49:34:dc:
         11:ec:87:95:75:ed:27:1e:3a:c2:82:c8:54:89:c4:e4:92:0f:
         9c:20:27:32:e5:cf:af:82:57:d9:96:1b:56:92:7a:a4:5d:8a:
         d2:89:1f:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoaQMKqW5CwLPtq+bZeT9jzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjUxMDI1MDcyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNiYTRlNTM5ZDczNjFlYTE5MjA3MjE1MjFjOWE2ZTkwZWFlNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3ZfOtiaNlDLWm+nV0OS4W/EJbdV
8GLIV2H5OnTxRUObHd4IF1jMkEaVMLGzwImfJspx/AyAuGRQW4s3jhrhhOIzJjkj
109AB7ItOj66UeTmcy4JiT1wQhmLeHG9pX+qZmwBm5bEEPk3iCEzBH6KmMqW7czv
fpIc7ozemJIQ5H3jfA8r5p89ocX04cX/3WH6gqtQjp4KFfJr1T76o6WwQ9UOfULR
9N3JpHfSipfd+WS9YivWRYwmSsEIbCy4zE5PBEbnC6F05bbIBOovT732EQSB8uI7
ImA76yQ7s+gvQcHB14wBn8zTfQlrRdKxjpBQdU8aZr9sL0qOSGZ8EzacVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM87pOU51zYeoZIHIVIcmm6Q6uQmMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvenp1azVUblhOaDZoa2djaFVoeWFicERxNUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAApfeBJ/3stE5jRqDad74fDF50INRiBQpsgyytXJVV
Knvodzp6QYMMtoYrc+Sygm9wjqnZaVya5MU+40EYEdA0UfLwUlNmrOzCkVbS6D0e
cnB9VKVV6c7DIqRy1fzXPOg1I3FWrSLyKOnjHBxcG1nNpkp9y02fXwb3AtHwvvsb
Jl3d9Pu3XXEGxEKjLbEyDHr0ims/vZ1XizOaTRcux1ZQFm03CgECYKQI+bGgPAN0
p7TuG1nU+cJ19KykpkDHjLDC9+yHGL+m2lnnWDaG81bP2/+DZB1JNNwR7IeVde0n
HjrCgshUicTkkg+cICcy5c+vglfZlhtWknqkXYrSiR9s
-----END CERTIFICATE-----