Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/ZmLewUIWz9_zdShetR7Jdzl8lfo.roa
File:                     ZmLewUIWz9_zdShetR7Jdzl8lfo.roa (raw, json)
Hash identifier:          fPaCPLobKeVWk/RzinoeDdlx4MxMtKzniHguRoc5v/k=
Subject key identifier:   66:62:DE:C1:42:16:CF:DF:F3:75:28:5E:B5:1E:C9:77:39:7C:95:FA
Certificate issuer:       /CN=851d4e34d4e48539c170451d4e26138887f6e922
Certificate serial:       019DB0265251BD6388A825E58935B0345A02
Authority key identifier: 85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/ZmLewUIWz9_zdShetR7Jdzl8lfo.roa
Signing time:             Tue 21 Apr 2026 13:06:34 +0000
ROA not before:           Tue 21 Apr 2026 13:06:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41960
IP address blocks:        2a0e:5b40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:26:52:51:bd:63:88:a8:25:e5:89:35:b0:34:5a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851d4e34d4e48539c170451d4e26138887f6e922
        Validity
            Not Before: Apr 21 13:06:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6662dec14216cfdff375285eb51ec977397c95fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:de:18:1c:1c:88:44:28:c3:ea:8b:05:39:82:
                    db:a0:86:e4:ca:c8:64:ff:7d:f0:ca:5a:82:9f:c2:
                    d1:d4:85:a9:f4:44:9c:2c:55:3a:0a:b8:ba:b4:c9:
                    1d:bc:ff:e7:81:58:2e:cc:8f:78:57:d6:4e:02:87:
                    bc:d8:a4:7d:c5:40:92:40:b0:ca:4e:5c:e5:84:b5:
                    f7:8a:66:0b:b6:3e:75:c8:72:55:5c:ae:09:ed:09:
                    97:af:60:61:da:12:b3:08:74:b0:8e:47:0f:a7:03:
                    28:1a:46:2c:db:f5:76:37:e0:67:1c:de:f8:c6:15:
                    31:14:19:54:d1:29:a5:c8:4b:16:fd:72:f4:da:e9:
                    ed:41:8b:e1:19:5a:8d:92:1c:a6:c7:a0:33:cf:04:
                    85:78:23:ea:92:32:4a:ef:0d:96:f5:9a:18:39:5b:
                    eb:05:8f:e9:43:23:f4:23:1c:39:af:c1:34:49:f4:
                    20:b6:b3:ba:6a:ee:b3:5f:eb:9d:3a:03:99:57:0b:
                    f8:3c:8a:8d:07:07:6a:cb:72:dd:2f:85:e6:bb:db:
                    ab:8f:8a:b0:a3:2c:4c:42:5a:6a:c2:a3:f9:f1:95:
                    53:90:b6:c9:a9:84:bc:c3:b7:89:ef:84:67:4d:81:
                    f8:de:cd:2a:26:ca:fc:42:35:af:8a:9f:3c:9e:c7:
                    66:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:62:DE:C1:42:16:CF:DF:F3:75:28:5E:B5:1E:C9:77:39:7C:95:FA
            X509v3 Authority Key Identifier:
                keyid:85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/ZmLewUIWz9_zdShetR7Jdzl8lfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:cb:f5:c3:08:c7:15:57:3a:0f:40:5a:bc:4f:db:0c:b5:3b:
         11:b1:b3:bc:f6:80:ca:63:a6:de:63:80:db:a3:59:a9:29:d0:
         aa:32:d9:c2:23:3e:22:ab:9d:74:6c:92:90:d2:9d:30:23:71:
         de:d1:b7:50:70:89:64:d1:00:9a:57:93:d4:0f:29:bf:33:87:
         dc:29:6c:89:ae:9e:28:d1:64:16:4b:02:ae:0e:ea:06:b0:b5:
         6d:03:6e:3e:1a:57:b3:d5:cd:41:42:69:44:a4:98:e5:07:7a:
         cc:67:81:11:da:dc:9a:fb:3d:90:1a:63:85:29:f4:46:c9:31:
         32:9e:25:2c:ab:26:b3:48:f3:02:b2:f9:75:df:5d:17:dd:0e:
         72:b5:46:f1:72:62:0a:7b:b8:40:8e:4b:9d:f6:ba:52:dd:62:
         5b:86:d3:11:90:7c:2a:77:a4:d0:40:f7:90:b8:45:c8:43:82:
         2e:57:f3:07:e2:64:81:33:1d:6e:74:2c:b8:ba:87:8d:da:cd:
         cf:cd:33:06:75:d2:9c:e3:91:f9:89:93:c4:b3:07:2d:68:d9:
         ac:8c:71:72:4b:72:03:8c:f4:4d:3c:03:4f:bb:28:fa:b8:3b:
         3c:5b:a5:86:dd:44:36:a1:ea:14:ed:f3:36:1c:c6:ad:56:50:
         ee:2a:f4:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2wJlJRvWOIqCXliTWwNFoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MWQ0ZTM0ZDRlNDg1MzljMTcwNDUxZDRlMjYxMzg4ODdm
NmU5MjIwHhcNMjYwNDIxMTMwNjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjYyZGVjMTQyMTZjZmRmZjM3NTI4NWViNTFlYzk3NzM5N2M5NWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx94YHByIRCjD6osFOYLboIbkyshk
/33wylqCn8LR1IWp9EScLFU6Cri6tMkdvP/ngVguzI94V9ZOAoe82KR9xUCSQLDK
TlzlhLX3imYLtj51yHJVXK4J7QmXr2Bh2hKzCHSwjkcPpwMoGkYs2/V2N+BnHN74
xhUxFBlU0SmlyEsW/XL02untQYvhGVqNkhymx6AzzwSFeCPqkjJK7w2W9ZoYOVvr
BY/pQyP0Ixw5r8E0SfQgtrO6au6zX+udOgOZVwv4PIqNBwdqy3LdL4Xmu9urj4qw
oyxMQlpqwqP58ZVTkLbJqYS8w7eJ74RnTYH43s0qJsr8QjWvip88nsdmzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGZi3sFCFs/f83UoXrUeyXc5fJX6MB8GA1UdIwQY
MBaAFIUdTjTU5IU5wXBFHU4mE4iH9ukiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYt
ODFjNDA1NTE0OGUwLzEvWm1MZXdVSVd6OV96ZFNoZXRSN0pkemw4bGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYtODFjNDA1NTE0OGUw
LzEvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5bQDAN
BgkqhkiG9w0BAQsFAAOCAQEAMsv1wwjHFVc6D0BavE/bDLU7EbGzvPaAymOm3mOA
26NZqSnQqjLZwiM+IquddGySkNKdMCNx3tG3UHCJZNEAmleT1A8pvzOH3Clsia6e
KNFkFksCrg7qBrC1bQNuPhpXs9XNQUJpRKSY5Qd6zGeBEdrcmvs9kBpjhSn0Rskx
Mp4lLKsms0jzArL5dd9dF90OcrVG8XJiCnu4QI5Lnfa6Ut1iW4bTEZB8Knek0ED3
kLhFyEOCLlfzB+JkgTMdbnQsuLqHjdrNz80zBnXSnOOR+YmTxLMHLWjZrIxxckty
A4z0TTwDT7so+rg7PFulht1ENqHqFO3zNhzGrVZQ7ir0xw==
-----END CERTIFICATE-----