Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/zvV261hgmMdkR1G7Cy93JC-Zxsw.roa
File:                     zvV261hgmMdkR1G7Cy93JC-Zxsw.roa (raw, json)
Hash identifier:          hneXIhVn6/jTbVYrQJSFmDE3v0R1YG1vWQx+UejdDSs=
Subject key identifier:   CE:F5:76:EB:58:60:98:C7:64:47:51:BB:0B:2F:77:24:2F:99:C6:CC
Certificate issuer:       /CN=69844e1374f1c4581bfbf7ad4638a112d316fbe4
Certificate serial:       019CB0870EDFB729A6B595B4C86D61D0CA3B
Authority key identifier: 69:84:4E:13:74:F1:C4:58:1B:FB:F7:AD:46:38:A1:12:D3:16:FB:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/zvV261hgmMdkR1G7Cy93JC-Zxsw.roa
Signing time:             Mon 02 Mar 2026 21:49:26 +0000
ROA not before:           Mon 02 Mar 2026 21:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30238
IP address blocks:        194.165.202.0/24 maxlen: 24
                          194.165.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 08:03:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b0:87:0e:df:b7:29:a6:b5:95:b4:c8:6d:61:d0:ca:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69844e1374f1c4581bfbf7ad4638a112d316fbe4
        Validity
            Not Before: Mar  2 21:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cef576eb586098c7644751bb0b2f77242f99c6cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3a:f0:f7:59:89:05:8c:12:0c:a1:24:fd:e9:
                    e8:e8:72:b7:b6:0e:76:c7:f5:cc:01:23:80:99:71:
                    19:d8:61:b4:9b:02:56:55:31:d1:09:c6:71:c8:06:
                    99:be:31:db:aa:00:db:1c:9f:83:dd:6e:72:15:d8:
                    93:8d:a1:22:6c:ab:35:08:78:42:05:28:11:a3:93:
                    ee:43:f9:33:b6:8c:f4:78:f9:3e:ec:68:15:72:d3:
                    f0:02:c8:ff:5f:0c:b2:53:e4:ac:8d:b8:e0:1b:42:
                    d7:8d:ba:81:04:57:84:92:c8:65:b6:b7:2f:2d:c6:
                    e9:57:92:b4:91:ae:ab:ce:cc:6b:62:f0:45:43:5b:
                    fa:2d:ac:ef:e9:c0:29:fb:2a:1c:1d:8d:3a:97:32:
                    73:5f:d2:68:04:02:2a:45:4a:8a:cf:ac:f3:90:ab:
                    56:d0:28:8f:0f:b5:c1:39:6f:ba:ae:c7:27:1a:1e:
                    ef:07:0c:83:40:63:8b:10:fc:b4:73:88:8b:62:83:
                    41:6c:cd:3c:b9:77:8e:7b:b9:8b:f6:15:eb:e8:bf:
                    c9:e7:50:db:7d:46:a5:7b:7c:02:94:13:fd:35:19:
                    3e:67:10:11:67:d8:ae:44:87:f2:97:d8:5c:55:30:
                    f4:31:9b:24:bf:bd:1c:a4:be:39:ee:46:04:82:99:
                    82:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F5:76:EB:58:60:98:C7:64:47:51:BB:0B:2F:77:24:2F:99:C6:CC
            X509v3 Authority Key Identifier:
                keyid:69:84:4E:13:74:F1:C4:58:1B:FB:F7:AD:46:38:A1:12:D3:16:FB:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/zvV261hgmMdkR1G7Cy93JC-Zxsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.202.0/24
                  194.165.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:1c:f9:0a:ff:72:ce:ed:4d:6e:fe:05:a6:61:c2:fc:fd:82:
         de:bb:9c:5c:02:8b:97:fa:ec:ab:a2:21:19:2a:25:0b:fd:40:
         2b:49:eb:b9:a8:69:ec:35:ba:da:5f:87:3f:92:3e:91:5a:0e:
         10:50:57:cb:08:06:e5:cb:61:92:f2:ff:20:12:1b:5d:c3:ef:
         08:39:00:c2:41:55:3c:80:ef:2a:fb:54:24:a0:fd:07:cd:95:
         11:d5:f9:1c:82:06:97:06:2c:32:2a:ff:7f:5d:e4:e4:82:e2:
         4a:21:db:5c:23:29:c3:d5:4b:f6:86:dd:77:79:c0:18:a4:91:
         c4:ea:67:c0:fe:7a:d4:41:6f:e1:3f:c8:12:34:dc:ed:6a:77:
         44:29:ee:67:dd:29:20:00:1e:e3:7a:5e:61:63:a0:33:24:76:
         7a:34:51:14:91:51:9e:3c:51:6f:fb:b5:06:86:61:b0:a1:79:
         bf:2a:65:51:c8:39:a4:44:2d:3b:27:08:cc:41:db:23:07:54:
         db:aa:07:42:45:47:f9:6d:3d:0a:cb:ed:82:78:05:44:68:77:
         30:b9:66:31:84:d7:e6:63:31:c2:f3:30:43:13:4a:8e:8e:0f:
         22:7c:b9:b5:ba:9e:08:26:c5:c4:98:4a:dd:d6:83:13:e7:05:
         2c:df:c0:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZywhw7ftymmtZW0yG1h0Mo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODQ0ZTEzNzRmMWM0NTgxYmZiZjdhZDQ2MzhhMTEyZDMx
NmZiZTQwHhcNMjYwMzAyMjE0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWY1NzZlYjU4NjA5OGM3NjQ0NzUxYmIwYjJmNzcyNDJmOTljNmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTrw91mJBYwSDKEk/eno6HK3tg52
x/XMASOAmXEZ2GG0mwJWVTHRCcZxyAaZvjHbqgDbHJ+D3W5yFdiTjaEibKs1CHhC
BSgRo5PuQ/kztoz0ePk+7GgVctPwAsj/XwyyU+SsjbjgG0LXjbqBBFeEkshltrcv
LcbpV5K0ka6rzsxrYvBFQ1v6Lazv6cAp+yocHY06lzJzX9JoBAIqRUqKz6zzkKtW
0CiPD7XBOW+6rscnGh7vBwyDQGOLEPy0c4iLYoNBbM08uXeOe7mL9hXr6L/J51Db
fUale3wClBP9NRk+ZxARZ9iuRIfyl9hcVTD0MZskv70cpL457kYEgpmClQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM71dutYYJjHZEdRuwsvdyQvmcbMMB8GA1UdIwQY
MBaAFGmEThN08cRYG/v3rUY4oRLTFvvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlST0UzVHh4RmdiLV9ldFJqaWhFdE1XLS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zZDU0YjktYTc2My00NTE0LTk0Njct
OGFhZWY3NmMyZTk4LzEvenZWMjYxaGdtTWRrUjFHN0N5OTNKQy1aeHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zZDU0YjktYTc2My00NTE0LTk0NjctOGFhZWY3NmMyZTk4
LzEvYVlST0UzVHh4RmdiLV9ldFJqaWhFdE1XLS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwqXKAwQA
wqXNMA0GCSqGSIb3DQEBCwUAA4IBAQCAHPkK/3LO7U1u/gWmYcL8/YLeu5xcAouX
+uyroiEZKiUL/UArSeu5qGnsNbraX4c/kj6RWg4QUFfLCAbly2GS8v8gEhtdw+8I
OQDCQVU8gO8q+1QkoP0HzZUR1fkcggaXBiwyKv9/XeTkguJKIdtcIynD1Uv2ht13
ecAYpJHE6mfA/nrUQW/hP8gSNNztandEKe5n3SkgAB7jel5hY6AzJHZ6NFEUkVGe
PFFv+7UGhmGwoXm/KmVRyDmkRC07JwjMQdsjB1TbqgdCRUf5bT0Ky+2CeAVEaHcw
uWYxhNfmYzHC8zBDE0qOjg8ifLm1up4IJsXEmErd1oMT5wUs38B8
-----END CERTIFICATE-----