Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Z8BQfnvmgs93ERcLaEqTFwQ9_Gk.roa
File:                     Z8BQfnvmgs93ERcLaEqTFwQ9_Gk.roa (raw, json)
Hash identifier:          LughV3gKkUxunzoLF8BA+EFYlg+DOKmJA1Ai8e+fGNY=
Subject key identifier:   67:C0:50:7E:7B:E6:82:CF:77:11:17:0B:68:4A:93:17:04:3D:FC:69
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019A06BCBC03BC5410E81A6AB6464633FA22
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Z8BQfnvmgs93ERcLaEqTFwQ9_Gk.roa
Signing time:             Tue 21 Oct 2025 12:27:03 +0000
ROA not before:           Tue 21 Oct 2025 12:27:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211434
IP address blocks:        193.181.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 11:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:bc:bc:03:bc:54:10:e8:1a:6a:b6:46:46:33:fa:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 21 12:27:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67c0507e7be682cf7711170b684a9317043dfc69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:97:e4:39:fe:66:2e:81:6d:a3:85:78:b5:
                    bc:c9:21:49:62:ae:e1:4f:64:82:5a:8a:10:6f:8e:
                    4b:d7:4e:01:d2:46:11:5a:a1:82:92:2f:af:98:de:
                    9c:d0:c1:0f:f7:71:f7:1e:d2:c1:15:1f:f1:77:91:
                    0b:58:26:47:1a:6a:36:32:58:0d:b7:47:6a:72:67:
                    0e:3f:17:bd:df:9c:2c:46:7a:ea:eb:5d:de:6b:51:
                    4d:5d:c9:72:bd:81:66:97:5c:0e:33:9c:3b:bd:42:
                    8a:75:ff:34:6e:78:9d:35:35:c7:5d:42:2b:bb:2d:
                    a5:38:7f:cf:12:83:d6:3a:1c:cb:ff:97:7b:77:fd:
                    3c:55:0d:45:f9:8f:42:26:2b:c7:c3:47:53:ba:e6:
                    03:ba:d8:94:fc:ae:62:d7:17:9d:bc:cd:e0:18:9a:
                    57:9d:7d:49:29:80:16:a4:9a:61:17:e8:fd:89:31:
                    56:bd:27:cb:fd:88:d9:36:26:17:01:8d:2f:05:1e:
                    14:9a:b8:92:55:eb:db:e9:50:cc:1f:07:c1:51:0a:
                    60:64:3b:33:dc:d3:ae:d1:3a:11:df:61:2a:50:59:
                    1e:85:97:1f:03:d9:81:7e:25:48:47:b2:71:68:c7:
                    10:21:5e:b6:d0:26:7a:88:e1:eb:54:64:1c:53:e1:
                    ad:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:50:7E:7B:E6:82:CF:77:11:17:0B:68:4A:93:17:04:3D:FC:69
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Z8BQfnvmgs93ERcLaEqTFwQ9_Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:95:c1:f4:53:65:57:bd:7a:62:3a:9d:55:b2:3c:e0:65:15:
         8e:c5:8f:b9:bc:be:63:3a:32:80:21:c1:44:85:25:20:b5:f7:
         b3:3c:f5:b4:eb:70:e7:46:ad:24:eb:98:8b:99:91:b8:56:76:
         30:14:c7:85:32:2b:4c:1e:d2:e9:25:05:1c:73:1e:ae:93:80:
         98:cc:f7:30:b5:1a:57:fe:5e:4d:62:61:0d:b4:00:43:93:5b:
         8a:00:63:f6:af:22:02:11:fd:f7:13:78:74:b8:56:8a:b9:41:
         e3:d3:39:f0:eb:cf:4f:37:de:f5:bf:ec:24:38:8d:d2:2f:07:
         00:8a:a4:ce:4a:26:97:c0:08:32:e9:78:b6:fc:2e:48:59:0e:
         da:29:07:84:1e:24:1a:5e:4a:2f:4e:81:88:99:7a:23:ca:58:
         08:b0:59:d5:54:af:cd:ed:0e:f7:55:8c:80:59:86:eb:bd:7e:
         f7:c5:9f:cf:da:31:f5:b2:b3:dd:73:b7:0d:39:b2:96:5e:1a:
         c2:5c:f8:72:db:94:51:07:58:2c:9e:57:1e:c1:ad:9c:70:fb:
         49:de:6e:7f:96:0f:53:fa:57:a9:9d:2c:fe:44:7d:12:78:25:
         02:66:5d:b7:47:54:26:49:c9:73:69:97:dc:ce:d3:34:ad:b8:
         dc:f5:95:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoGvLwDvFQQ6BpqtkZGM/oiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUxMDIxMTIyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwNTA3ZTdiZTY4MmNmNzcxMTE3MGI2ODRhOTMxNzA0M2RmYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNOX5Dn+Zi6BbaOFeLW8ySFJYq7h
T2SCWooQb45L104B0kYRWqGCki+vmN6c0MEP93H3HtLBFR/xd5ELWCZHGmo2MlgN
t0dqcmcOPxe935wsRnrq613ea1FNXclyvYFml1wOM5w7vUKKdf80bnidNTXHXUIr
uy2lOH/PEoPWOhzL/5d7d/08VQ1F+Y9CJivHw0dTuuYDutiU/K5i1xedvM3gGJpX
nX1JKYAWpJphF+j9iTFWvSfL/YjZNiYXAY0vBR4UmriSVevb6VDMHwfBUQpgZDsz
3NOu0ToR32EqUFkehZcfA9mBfiVIR7JxaMcQIV620CZ6iOHrVGQcU+Gt0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfAUH575oLPdxEXC2hKkxcEPfxpMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvWjhCUWZudm1nczkzRVJjTGFFcVRGd1E5X0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwbXIMA0G
CSqGSIb3DQEBCwUAA4IBAQBIlcH0U2VXvXpiOp1VsjzgZRWOxY+5vL5jOjKAIcFE
hSUgtfezPPW063DnRq0k65iLmZG4VnYwFMeFMitMHtLpJQUccx6uk4CYzPcwtRpX
/l5NYmENtABDk1uKAGP2ryICEf33E3h0uFaKuUHj0znw689PN971v+wkOI3SLwcA
iqTOSiaXwAgy6Xi2/C5IWQ7aKQeEHiQaXkovToGImXojylgIsFnVVK/N7Q73VYyA
WYbrvX73xZ/P2jH1srPdc7cNObKWXhrCXPhy25RRB1gsnlcewa2ccPtJ3m5/lg9T
+lepnSz+RH0SeCUCZl23R1QmSclzaZfcztM0rbjc9ZUI
-----END CERTIFICATE-----