Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pZleHazwShN0rF05084xa08s4ek.roa
File:                     pZleHazwShN0rF05084xa08s4ek.roa (raw, json)
Hash identifier:          OmLeh9BUSD/tEEPb60vsGD7QdpIiI6UoPfPnPHHpitw=
Subject key identifier:   A5:99:5E:1D:AC:F0:4A:13:74:AC:5D:39:D3:CE:31:6B:4F:2C:E1:E9
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DD3BCF5F7977F161AAAD17F9D4D36A73B
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pZleHazwShN0rF05084xa08s4ek.roa
Signing time:             Tue 28 Apr 2026 10:57:49 +0000
ROA not before:           Tue 28 Apr 2026 10:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51031
IP address blocks:        216.235.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:bc:f5:f7:97:7f:16:1a:aa:d1:7f:9d:4d:36:a7:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 28 10:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5995e1dacf04a1374ac5d39d3ce316b4f2ce1e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:36:b5:1e:b7:94:28:83:53:4b:df:23:19:f3:
                    8f:09:fa:09:11:f1:73:99:39:7c:08:3d:63:e8:7e:
                    be:50:ae:a6:c4:91:86:a5:ba:53:e7:60:fb:36:c3:
                    b8:3a:ef:e7:6b:4e:65:86:91:6a:61:b9:8b:ae:e9:
                    ff:2f:6e:bb:56:01:ff:d4:93:cb:e7:7b:1a:66:4f:
                    24:e4:00:af:3e:74:7e:8e:b4:17:4b:71:67:1b:0e:
                    90:01:ca:86:13:67:3a:3b:5c:99:81:ab:11:4b:84:
                    07:2b:0d:41:12:3a:b4:f7:6a:1c:de:98:f4:86:5a:
                    44:e9:14:0e:cf:1e:68:62:66:97:68:dc:5f:6e:e8:
                    be:66:c9:31:bc:93:c1:f8:d8:70:55:e9:90:eb:54:
                    36:82:07:5d:75:bd:6e:cf:dc:4c:fd:2f:a2:a6:0a:
                    bc:c2:da:02:9c:24:cf:d6:35:0c:9b:ea:74:2c:cc:
                    2a:fb:f5:db:93:7a:c0:0d:96:7e:d8:ec:d9:7b:8e:
                    ca:8d:d9:e4:69:f1:15:76:cf:0b:fa:a6:c9:2c:11:
                    5c:94:be:5a:8a:a7:d5:47:c0:f5:d7:ac:32:bc:a7:
                    ff:12:20:6c:91:5d:de:69:3a:55:8b:5a:95:46:94:
                    69:7d:5b:bb:c7:02:08:97:4f:2e:56:b9:ac:e1:aa:
                    87:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:99:5E:1D:AC:F0:4A:13:74:AC:5D:39:D3:CE:31:6B:4F:2C:E1:E9
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pZleHazwShN0rF05084xa08s4ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.235.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:b3:ee:9c:23:31:0a:42:3a:a7:3e:ce:9c:2a:86:bc:a9:ed:
         e8:56:44:07:d9:d9:7e:e0:01:f2:68:64:28:e3:92:34:33:7e:
         ea:6a:a5:83:45:fd:76:fc:a0:85:a9:2c:ff:c9:96:24:8d:1a:
         c0:cc:9a:81:80:fc:17:20:51:39:61:4f:fc:35:62:5a:8e:c6:
         a1:70:53:89:db:62:7d:b6:bc:78:6b:ba:a2:1a:0a:39:26:81:
         62:89:f1:29:10:5d:4d:41:61:0b:d0:7e:38:0c:46:3c:36:ed:
         f2:ed:28:11:31:9b:20:cb:bb:0d:84:2e:c3:f6:40:6b:b7:8b:
         7f:14:14:55:7d:ce:46:4b:06:0d:80:ae:21:7b:c6:a1:20:2a:
         a5:8a:f4:8b:30:c0:30:3e:d3:8c:f7:32:15:05:9f:d7:5c:a3:
         5a:c3:8c:f9:a1:7c:a6:3f:16:65:3a:7b:c5:2b:50:9c:31:17:
         4d:32:7d:d7:39:64:64:ec:2b:5f:6e:4e:ce:52:9a:9d:8a:60:
         5c:26:45:fb:33:b2:3d:f1:32:39:ab:32:66:45:7a:0a:f6:7a:
         01:b9:e5:19:05:cc:56:64:23:07:a9:46:6b:31:b7:af:66:a3:
         f0:ab:9f:df:b0:8f:ce:04:35:76:02:48:b0:9f:aa:cf:76:90:
         c8:39:1b:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TvPX3l38WGqrRf51NNqc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDI4MTA1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk5NWUxZGFjZjA0YTEzNzRhYzVkMzlkM2NlMzE2YjRmMmNlMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDa1HreUKINTS98jGfOPCfoJEfFz
mTl8CD1j6H6+UK6mxJGGpbpT52D7NsO4Ou/na05lhpFqYbmLrun/L267VgH/1JPL
53saZk8k5ACvPnR+jrQXS3FnGw6QAcqGE2c6O1yZgasRS4QHKw1BEjq092oc3pj0
hlpE6RQOzx5oYmaXaNxfbui+ZskxvJPB+NhwVemQ61Q2ggdddb1uz9xM/S+ipgq8
wtoCnCTP1jUMm+p0LMwq+/Xbk3rADZZ+2OzZe47KjdnkafEVds8L+qbJLBFclL5a
iqfVR8D116wyvKf/EiBskV3eaTpVi1qVRpRpfVu7xwIIl08uVrms4aqHoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWZXh2s8EoTdKxdOdPOMWtPLOHpMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvcFpsZUhhendTaE4wckYwNTA4NHhhMDhzNGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2OvwMA0G
CSqGSIb3DQEBCwUAA4IBAQC7s+6cIzEKQjqnPs6cKoa8qe3oVkQH2dl+4AHyaGQo
45I0M37qaqWDRf12/KCFqSz/yZYkjRrAzJqBgPwXIFE5YU/8NWJajsahcFOJ22J9
trx4a7qiGgo5JoFiifEpEF1NQWEL0H44DEY8Nu3y7SgRMZsgy7sNhC7D9kBrt4t/
FBRVfc5GSwYNgK4he8ahICqlivSLMMAwPtOM9zIVBZ/XXKNaw4z5oXymPxZlOnvF
K1CcMRdNMn3XOWRk7Ctfbk7OUpqdimBcJkX7M7I98TI5qzJmRXoK9noBueUZBcxW
ZCMHqUZrMbevZqPwq5/fsI/OBDV2Akiwn6rPdpDIORug
-----END CERTIFICATE-----