Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/z0g0oAAZfo552Sh_lukdYrvy7bE.roa
File:                     z0g0oAAZfo552Sh_lukdYrvy7bE.roa (raw, json)
Hash identifier:          a249LmxihlnLe91HGuM/HylW2FVr4nPvQ2mfBuPcwm0=
Subject key identifier:   CF:48:34:A0:00:19:7E:8E:79:D9:28:7F:96:E9:1D:62:BB:F2:ED:B1
Certificate issuer:       /CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
Certificate serial:       019DB6B631B0D718930BED2B3A237772B37D
Authority key identifier: D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/z0g0oAAZfo552Sh_lukdYrvy7bE.roa
Signing time:             Wed 22 Apr 2026 19:41:26 +0000
ROA not before:           Wed 22 Apr 2026 19:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198550
IP address blocks:        194.238.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Apr 2026 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:b6:31:b0:d7:18:93:0b:ed:2b:3a:23:77:72:b3:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
        Validity
            Not Before: Apr 22 19:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf4834a000197e8e79d9287f96e91d62bbf2edb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6d:17:fd:d2:80:dd:e3:86:c0:fd:7e:5b:13:
                    99:44:3a:f7:75:0f:54:f7:2e:c1:d3:7a:92:55:79:
                    95:63:ee:60:9b:4f:6f:e6:3c:4a:6d:6b:c0:63:e7:
                    24:cc:72:81:61:80:e1:2d:e6:7c:fc:56:1c:7b:6f:
                    c2:4c:71:f8:ac:5f:df:5b:4a:bb:81:b9:9c:a1:eb:
                    47:25:f4:59:1e:4c:6c:3d:be:c3:0e:97:b3:20:71:
                    82:8b:bd:4f:27:2e:f8:7b:a3:55:4d:8d:f1:8e:06:
                    6a:53:50:b5:42:e1:d6:e5:01:d6:4c:d8:11:84:85:
                    4b:e0:8c:4a:95:c2:c0:33:24:7e:54:bd:fb:c3:af:
                    d4:59:ba:0c:11:c4:17:7d:c6:a4:33:ea:54:30:2c:
                    81:94:bc:ed:15:75:5a:f1:a5:49:69:96:36:83:ac:
                    bd:f2:96:90:dd:c0:67:7e:50:0e:02:f2:b0:a0:19:
                    db:54:52:6b:88:5a:b5:9b:a2:3a:ff:e9:3d:ec:90:
                    fa:78:3a:7c:ae:a7:82:37:b9:b5:3b:8b:af:95:0d:
                    25:0b:44:3d:4c:8a:08:6c:7f:55:60:8f:52:9a:85:
                    27:a9:5e:8e:1d:08:7b:92:e8:34:85:90:0c:f9:ba:
                    1e:08:cf:b9:f3:75:d8:0a:03:ee:0d:e0:dc:d7:5c:
                    04:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:48:34:A0:00:19:7E:8E:79:D9:28:7F:96:E9:1D:62:BB:F2:ED:B1
            X509v3 Authority Key Identifier:
                keyid:D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/z0g0oAAZfo552Sh_lukdYrvy7bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.238.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fa:81:86:70:24:4c:f0:87:0f:82:cd:de:f0:34:5a:d6:c1:
         74:ab:39:7c:03:8a:6a:f2:51:f5:73:37:63:d1:d1:42:9d:93:
         4f:26:af:6f:f5:3b:9b:9a:a8:22:8f:86:05:b8:bc:51:18:97:
         41:e3:1e:91:d9:bf:8e:81:50:1b:18:36:c2:df:2f:62:06:27:
         2e:15:93:4c:e9:30:6e:bb:b5:15:99:c5:e6:4b:3f:27:4a:62:
         37:1b:9c:75:e5:e7:98:a9:f8:45:90:e7:3b:60:92:7f:98:8e:
         ee:2e:f7:cc:7d:43:2c:f1:c2:b7:c1:60:8a:bd:e6:a6:f5:ea:
         04:a9:9a:3d:a0:ed:81:b6:bb:43:9c:d3:23:db:a5:d6:c1:5a:
         7b:a5:27:94:48:f1:42:1f:86:00:a8:35:e1:13:29:1f:79:78:
         81:68:c1:f5:50:2e:83:4e:89:bc:b3:6b:5d:54:fd:5a:d1:86:
         c2:c6:74:c5:fc:3e:3d:1b:78:e2:b6:a8:9c:9b:9a:f0:37:9b:
         83:7f:7a:5a:cd:7c:4e:18:09:70:09:fe:6c:ef:b7:8f:68:8e:
         17:84:3a:c2:85:6d:41:6c:b4:c0:0e:c4:01:2f:43:7b:28:21:
         99:92:7e:91:6c:89:8a:0b:e5:ed:4d:e3:ba:63:c3:bd:7a:cc:
         28:c1:1a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22tjGw1xiTC+0rOiN3crN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Njc5Zjk1Y2E5YjY1NmI3Y2EyMjFiZTZlYjI0Zjk1ZTMy
OGIwMTAwHhcNMjYwNDIyMTk0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ4MzRhMDAwMTk3ZThlNzlkOTI4N2Y5NmU5MWQ2MmJiZjJlZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW0X/dKA3eOGwP1+WxOZRDr3dQ9U
9y7B03qSVXmVY+5gm09v5jxKbWvAY+ckzHKBYYDhLeZ8/FYce2/CTHH4rF/fW0q7
gbmcoetHJfRZHkxsPb7DDpezIHGCi71PJy74e6NVTY3xjgZqU1C1QuHW5QHWTNgR
hIVL4IxKlcLAMyR+VL37w6/UWboMEcQXfcakM+pUMCyBlLztFXVa8aVJaZY2g6y9
8paQ3cBnflAOAvKwoBnbVFJriFq1m6I6/+k97JD6eDp8rqeCN7m1O4uvlQ0lC0Q9
TIoIbH9VYI9SmoUnqV6OHQh7kug0hZAM+boeCM+583XYCgPuDeDc11wEpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9INKAAGX6Oedkof5bpHWK78u2xMB8GA1UdIwQY
MBaAFNhnn5XKm2VrfKIhvm6yT5XjKLAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzct
ZTUyMjlhZDUyMTRlLzEvejBnMG9BQVpmbzU1MlNoX2x1a2RZcnZ5N2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzctZTUyMjlhZDUyMTRl
LzEvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwu45MA0G
CSqGSIb3DQEBCwUAA4IBAQAY+oGGcCRM8IcPgs3e8DRa1sF0qzl8A4pq8lH1czdj
0dFCnZNPJq9v9Tubmqgij4YFuLxRGJdB4x6R2b+OgVAbGDbC3y9iBicuFZNM6TBu
u7UVmcXmSz8nSmI3G5x15eeYqfhFkOc7YJJ/mI7uLvfMfUMs8cK3wWCKveam9eoE
qZo9oO2BtrtDnNMj26XWwVp7pSeUSPFCH4YAqDXhEykfeXiBaMH1UC6DTom8s2td
VP1a0YbCxnTF/D49G3jitqicm5rwN5uDf3pazXxOGAlwCf5s77ePaI4XhDrChW1B
bLTADsQBL0N7KCGZkn6RbImKC+XtTeO6Y8O9eswowRqF
-----END CERTIFICATE-----