Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zhzAoftaiaOvs24qaor8chxPNOY.roa
File:                     zhzAoftaiaOvs24qaor8chxPNOY.roa (raw, json)
Hash identifier:          fPU8A29QgRftK84Je5lC85jNkAxV0B97TzbpS92QGkk=
Subject key identifier:   CE:1C:C0:A1:FB:5A:89:A3:AF:B3:6E:2A:6A:8A:FC:72:1C:4F:34:E6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4964B6F3256E18B48132C11FD8583D71
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zhzAoftaiaOvs24qaor8chxPNOY.roa
Signing time:             Thu 21 May 2026 07:16:37 +0000
ROA not before:           Thu 21 May 2026 07:16:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        82.153.148.0/24 maxlen: 24
                          89.213.63.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:64:b6:f3:25:6e:18:b4:81:32:c1:1f:d8:58:3d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 07:16:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce1cc0a1fb5a89a3afb36e2a6a8afc721c4f34e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f9:ac:03:36:91:5c:8a:ae:41:32:d7:f6:98:
                    73:84:c6:40:3e:1b:f3:fd:ca:81:ed:43:6a:dc:17:
                    44:ab:8e:9e:15:6b:66:ac:b6:f7:7e:50:7a:aa:ef:
                    42:d3:a4:eb:6a:02:1f:96:f0:55:5c:fd:e0:5d:41:
                    a2:92:6f:90:c6:6f:f5:04:17:59:bc:e2:dd:da:77:
                    2c:8a:97:30:72:d5:4d:f0:40:5f:a8:a4:ce:79:6c:
                    48:23:db:dd:53:aa:07:cf:76:75:8a:03:a3:5e:3d:
                    dd:45:3f:02:0e:f9:4c:94:c9:50:5c:2a:5e:5b:f2:
                    19:ca:f6:70:c3:00:b3:cf:b8:3f:c3:a9:15:d4:74:
                    7a:90:00:df:15:98:2d:1e:62:c2:a8:e2:17:cd:85:
                    50:95:9a:22:cf:7d:bc:39:3b:44:51:df:be:00:55:
                    18:b1:65:28:2e:b2:5b:e9:9f:c7:75:49:17:41:cf:
                    7b:5e:c0:9e:42:eb:87:66:b6:c4:fa:4e:80:c6:fd:
                    aa:d3:b4:4e:6b:af:ea:8d:89:10:57:cb:fc:64:82:
                    a6:d6:d3:d7:68:84:09:5a:13:c3:af:5f:ec:df:7c:
                    10:35:b1:f0:2a:88:c6:f1:82:21:08:ac:dc:b2:0d:
                    c8:85:ae:92:9d:24:da:12:33:51:78:13:50:19:0b:
                    65:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:1C:C0:A1:FB:5A:89:A3:AF:B3:6E:2A:6A:8A:FC:72:1C:4F:34:E6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zhzAoftaiaOvs24qaor8chxPNOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.148.0/24
                  89.213.63.0/24
                  213.130.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:3b:85:04:82:ad:e5:71:9a:d9:26:e9:36:6e:ef:d8:15:27:
         23:b9:dd:f9:09:57:61:73:e2:e7:dd:09:0e:23:87:ae:c1:24:
         aa:96:53:16:94:ca:bd:3a:8a:51:1d:32:6c:d9:c7:6d:c8:d3:
         b9:97:8a:76:c8:43:70:8f:9b:75:83:00:34:7a:4b:5c:61:f3:
         2c:68:9b:7f:9b:88:ef:33:38:43:3f:13:ae:a1:1a:ba:b7:82:
         12:e5:71:08:6c:12:42:fe:2e:05:cb:de:2c:27:bc:26:51:d4:
         9a:3d:de:0e:f2:39:ad:df:dd:7f:18:19:4e:10:33:88:fd:7e:
         72:9b:2a:c3:80:3b:94:5a:57:32:da:92:f3:21:7e:87:8d:ca:
         b4:1c:21:e6:d8:1b:c9:16:af:ce:59:24:e0:5f:56:9e:89:bb:
         86:ce:59:02:c7:3c:28:83:db:36:1d:63:d3:bc:a0:99:e3:37:
         fc:b2:97:d4:50:c6:46:9f:ed:1e:52:2e:3b:4a:96:50:4a:c1:
         5f:02:45:df:7d:7f:ab:1f:d2:a5:2a:d6:d8:b6:f4:57:da:04:
         2e:00:dd:cd:69:e7:e6:e7:59:e8:a6:56:b1:6c:5b:54:7f:af:
         07:c8:50:89:e7:c4:fc:2f:04:b1:c6:de:92:ed:2b:08:53:d9:
         84:69:b1:2d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5JZLbzJW4YtIEywR/YWD1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIxMDcxNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTFjYzBhMWZiNWE4OWEzYWZiMzZlMmE2YThhZmM3MjFjNGYzNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPmsAzaRXIquQTLX9phzhMZAPhvz
/cqB7UNq3BdEq46eFWtmrLb3flB6qu9C06TragIflvBVXP3gXUGikm+Qxm/1BBdZ
vOLd2ncsipcwctVN8EBfqKTOeWxII9vdU6oHz3Z1igOjXj3dRT8CDvlMlMlQXCpe
W/IZyvZwwwCzz7g/w6kV1HR6kADfFZgtHmLCqOIXzYVQlZoiz328OTtEUd++AFUY
sWUoLrJb6Z/HdUkXQc97XsCeQuuHZrbE+k6Axv2q07ROa6/qjYkQV8v8ZIKm1tPX
aIQJWhPDr1/s33wQNbHwKojG8YIhCKzcsg3Iha6SnSTaEjNReBNQGQtlaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM4cwKH7Womjr7NuKmqK/HIcTzTmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvemh6QW9mdGFpYU92czI0cWFvcjhjaHhQTk9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpmUAwQA
WdU/AwQA1YKJMA0GCSqGSIb3DQEBCwUAA4IBAQBSO4UEgq3lcZrZJuk2bu/YFScj
ud35CVdhc+Ln3QkOI4euwSSqllMWlMq9OopRHTJs2cdtyNO5l4p2yENwj5t1gwA0
ektcYfMsaJt/m4jvMzhDPxOuoRq6t4IS5XEIbBJC/i4Fy94sJ7wmUdSaPd4O8jmt
391/GBlOEDOI/X5ymyrDgDuUWlcy2pLzIX6Hjcq0HCHm2BvJFq/OWSTgX1aeibuG
zlkCxzwog9s2HWPTvKCZ4zf8spfUUMZGn+0eUi47SpZQSsFfAkXffX+rH9KlKtbY
tvRX2gQuAN3Naefm51noplaxbFtUf68HyFCJ58T8LwSxxt6S7SsIU9mEabEt
-----END CERTIFICATE-----