Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/Z1FAr4NSj_9E4vgngoY4iZIbd6w.roa
File:                     Z1FAr4NSj_9E4vgngoY4iZIbd6w.roa (raw, json)
Hash identifier:          TNaTsbZBUY9cnfgT4Gqq06IHw66GAFg4ule0/lO0mw0=
Subject key identifier:   67:51:40:AF:83:52:8F:FF:44:E2:F8:27:82:86:38:89:92:1B:77:AC
Certificate issuer:       /CN=238d1f1fc4c3e8fb471b3b1dee36c5df315fb234
Certificate serial:       019DBA64453151090BFCFB7EEA6FDA22E206
Authority key identifier: 23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/Z1FAr4NSj_9E4vgngoY4iZIbd6w.roa
Signing time:             Thu 23 Apr 2026 12:50:26 +0000
ROA not before:           Thu 23 Apr 2026 12:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203958
IP address blocks:        194.187.54.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:64:45:31:51:09:0b:fc:fb:7e:ea:6f:da:22:e2:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=238d1f1fc4c3e8fb471b3b1dee36c5df315fb234
        Validity
            Not Before: Apr 23 12:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=675140af83528fff44e2f82782863889921b77ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:be:b9:6d:83:fe:aa:9b:8e:7c:cc:9e:dd:23:
                    1f:62:fa:a4:c9:20:50:75:18:89:60:4c:99:7d:9c:
                    6c:7c:a9:5b:ca:b7:d8:fe:c2:ce:73:5a:ab:2d:d4:
                    31:2c:94:ea:59:0f:ec:c2:78:7c:ef:e6:bb:cb:71:
                    01:e3:91:3c:1b:80:fb:d2:6a:c8:56:2f:4b:79:40:
                    a4:d8:66:38:fc:a2:7c:d3:0f:3d:58:b8:bb:3d:bd:
                    c8:94:26:41:ba:86:22:62:57:f2:5f:3c:b7:7f:28:
                    2c:29:a6:03:5f:2b:37:03:13:7a:28:95:51:64:bc:
                    ab:66:d0:a1:a7:ab:c8:7f:9e:64:33:98:66:ab:39:
                    a3:b7:2e:43:b3:91:2f:96:66:ad:1c:92:b3:a0:93:
                    a3:4e:e4:64:48:47:bb:81:2c:ce:65:77:49:c8:ea:
                    a9:d0:91:ce:d2:a8:03:45:a9:06:79:b6:2d:c2:8f:
                    57:10:c3:37:3c:3c:9c:31:b4:80:d7:0c:9b:4d:3a:
                    31:01:74:14:4b:57:b6:31:b9:e4:61:d8:1c:8b:ae:
                    5c:37:e9:fb:01:78:de:bc:cf:a1:f8:44:ea:92:d0:
                    69:85:ce:81:48:83:bd:e1:5a:32:ab:57:5d:93:16:
                    10:bc:1d:6f:b4:60:19:b3:81:33:78:6c:78:d8:91:
                    6a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:51:40:AF:83:52:8F:FF:44:E2:F8:27:82:86:38:89:92:1B:77:AC
            X509v3 Authority Key Identifier:
                keyid:23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/Z1FAr4NSj_9E4vgngoY4iZIbd6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:cf:de:63:e3:4d:91:e9:dc:c3:c2:c1:4a:44:da:74:df:32:
         f0:79:35:69:e6:c8:1d:a7:e6:00:b3:df:08:79:0f:54:fd:9a:
         7c:8a:91:3a:33:47:b0:c2:d9:a1:84:87:88:31:cb:d9:24:b4:
         f1:1e:36:b0:7a:36:ea:c2:2e:3e:8e:38:b6:95:f8:37:60:61:
         6d:f2:8e:42:04:f0:cf:c2:2b:10:71:8b:b0:ab:5b:98:f2:bb:
         62:45:38:87:eb:ff:32:c7:e8:68:99:f0:7b:8d:f3:c4:a1:f6:
         07:ce:12:2f:52:79:d9:c6:b7:1b:7a:76:00:0f:a5:ac:ca:5f:
         ed:68:c2:e0:7e:8e:76:2a:04:a8:86:57:3e:d1:64:e9:65:32:
         bc:bb:d9:74:7a:c6:cd:3a:72:44:74:eb:e3:de:cb:bf:4e:ad:
         29:1a:58:57:76:4a:9d:0f:06:9e:c8:01:b0:d4:9c:38:b0:69:
         e2:c2:89:b5:27:08:22:b6:32:df:df:d6:ec:0c:57:da:4f:bc:
         13:e4:14:52:e0:12:85:ec:7f:a2:d3:0e:b8:77:06:3e:1d:9c:
         2b:79:52:71:f7:b4:11:09:4f:e5:4d:97:9c:ae:f9:14:33:8f:
         eb:78:9e:5d:dc:66:12:93:1c:8d:ca:3d:b1:f4:03:54:f2:ee:
         19:36:3d:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26ZEUxUQkL/Pt+6m/aIuIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOGQxZjFmYzRjM2U4ZmI0NzFiM2IxZGVlMzZjNWRmMzE1
ZmIyMzQwHhcNMjYwNDIzMTI1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzUxNDBhZjgzNTI4ZmZmNDRlMmY4Mjc4Mjg2Mzg4OTkyMWI3N2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL65bYP+qpuOfMye3SMfYvqkySBQ
dRiJYEyZfZxsfKlbyrfY/sLOc1qrLdQxLJTqWQ/swnh87+a7y3EB45E8G4D70mrI
Vi9LeUCk2GY4/KJ80w89WLi7Pb3IlCZBuoYiYlfyXzy3fygsKaYDXys3AxN6KJVR
ZLyrZtChp6vIf55kM5hmqzmjty5Ds5EvlmatHJKzoJOjTuRkSEe7gSzOZXdJyOqp
0JHO0qgDRakGebYtwo9XEMM3PDycMbSA1wybTToxAXQUS1e2MbnkYdgci65cN+n7
AXjevM+h+ETqktBphc6BSIO94Voyq1ddkxYQvB1vtGAZs4EzeGx42JFqhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdRQK+DUo//ROL4J4KGOImSG3esMB8GA1UdIwQY
MBaAFCONHx/Ew+j7Rxs7He42xd8xX7I0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTQwZkg4VEQ2UHRIR3pzZDdqYkYzekZmc2pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85YjcwMjctZjMyNC00ZWNkLTg5M2Et
ZDM5Y2MzMTdmZGNkLzEvWjFGQXI0TlNqXzlFNHZnbmdvWTRpWkliZDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85YjcwMjctZjMyNC00ZWNkLTg5M2EtZDM5Y2MzMTdmZGNk
LzEvSTQwZkg4VEQ2UHRIR3pzZDdqYkYzekZmc2pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwrs2MA0G
CSqGSIb3DQEBCwUAA4IBAQCuz95j402R6dzDwsFKRNp03zLweTVp5sgdp+YAs98I
eQ9U/Zp8ipE6M0ewwtmhhIeIMcvZJLTxHjawejbqwi4+jji2lfg3YGFt8o5CBPDP
wisQcYuwq1uY8rtiRTiH6/8yx+homfB7jfPEofYHzhIvUnnZxrcbenYAD6Wsyl/t
aMLgfo52KgSohlc+0WTpZTK8u9l0esbNOnJEdOvj3su/Tq0pGlhXdkqdDwaeyAGw
1Jw4sGniwom1JwgitjLf39bsDFfaT7wT5BRS4BKF7H+i0w64dwY+HZwreVJx97QR
CU/lTZecrvkUM4/reJ5d3GYSkxyNyj2x9ANU8u4ZNj2S
-----END CERTIFICATE-----