Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sRHhG15nhmjGAmN201AM5oA4or4.roa
File:                     sRHhG15nhmjGAmN201AM5oA4or4.roa (raw, json)
Hash identifier:          Cg0IUfP+mJRTy0DnjYoXaQjh2GURTkGHjWJOToNgaGE=
Subject key identifier:   B1:11:E1:1B:5E:67:86:68:C6:02:63:76:D3:50:0C:E6:80:38:A2:BE
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019DC574E95CE4BA8C3F09616EFD6A0FBD78
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sRHhG15nhmjGAmN201AM5oA4or4.roa
Signing time:             Sat 25 Apr 2026 16:24:26 +0000
ROA not before:           Sat 25 Apr 2026 16:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201309
IP address blocks:        85.133.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 13:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c5:74:e9:5c:e4:ba:8c:3f:09:61:6e:fd:6a:0f:bd:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Apr 25 16:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b111e11b5e678668c6026376d3500ce68038a2be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:67:f2:a8:b9:b4:0e:d9:85:66:65:26:98:
                    23:a3:8a:36:17:a9:cf:c7:4b:9d:38:0f:c4:ea:76:
                    cd:06:36:82:77:5d:13:88:3b:b2:1b:b7:f8:07:8f:
                    23:29:1f:f1:e9:9d:0f:4c:62:00:c0:cc:89:61:0e:
                    2e:9e:32:44:a2:8f:53:11:48:22:48:70:81:73:1a:
                    25:fa:9d:f0:c0:50:4e:28:08:35:e6:ab:c0:b1:d1:
                    ca:3f:1b:f5:bf:ec:06:80:24:b6:cf:65:ae:25:bb:
                    72:21:aa:25:4e:b8:49:f7:ff:9b:83:39:d3:4d:ca:
                    ca:ec:7d:5c:5a:21:c4:53:42:ba:fe:78:ca:b6:33:
                    51:5b:2a:f9:2f:c3:8e:70:24:ed:a6:8e:ec:ae:87:
                    74:7f:c1:21:88:c8:f0:b8:71:36:fb:54:b8:75:cf:
                    48:e7:ae:cc:20:0c:7e:40:de:df:ca:14:78:7b:87:
                    c6:c6:c7:f6:19:9e:84:92:96:f5:dd:81:ff:f5:af:
                    1e:20:07:4f:ca:5f:7a:58:a5:85:e6:c4:7c:9b:19:
                    fa:cd:55:d2:4e:f8:d3:7b:dd:4c:f2:d4:6b:3c:bb:
                    6c:6b:fd:82:18:6f:91:67:11:9f:29:4b:e5:5f:c6:
                    a7:81:ae:84:c5:58:66:98:5e:8e:62:3c:08:1c:eb:
                    cf:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:11:E1:1B:5E:67:86:68:C6:02:63:76:D3:50:0C:E6:80:38:A2:BE
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sRHhG15nhmjGAmN201AM5oA4or4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e0:a3:c9:bf:17:63:0a:e0:80:35:e1:59:16:b0:3d:da:39:
         73:aa:bb:f6:8b:f6:2b:0b:58:dc:92:68:20:d3:91:a9:fa:c7:
         95:cb:b3:e0:64:0a:75:34:0e:4b:87:e1:19:86:62:21:5c:9c:
         87:75:03:17:94:3c:be:ac:9c:27:7f:32:2f:79:04:d7:e3:d3:
         2e:4d:43:1a:e4:92:4a:87:19:78:98:44:84:3f:01:74:93:b3:
         d1:ae:0b:23:54:03:cd:ce:a9:7d:44:b8:db:fb:e0:d1:ec:a7:
         7f:73:53:4b:66:e8:c3:ce:fb:0c:3f:70:a6:e5:e2:f7:f1:47:
         a5:c3:52:51:a5:ee:4f:de:77:78:d2:51:2e:3c:4c:28:3e:bd:
         21:52:c9:5b:63:5a:41:aa:27:17:5b:1d:a3:e8:90:90:9c:7c:
         17:fc:16:61:80:41:51:de:09:ca:1e:96:96:6a:7b:4c:c7:95:
         6b:1a:39:80:0a:26:67:0f:bb:96:f3:32:18:bb:18:c0:c0:cc:
         9e:9d:6d:49:90:a8:9d:52:3a:8e:e8:aa:f5:f6:0f:1e:fc:eb:
         73:a2:08:ae:24:38:24:5f:7b:9a:f9:7a:04:7a:a8:91:c7:fe:
         e5:9b:33:c0:34:a1:0a:6e:0d:eb:1b:d6:7f:3c:8d:82:8f:ad:
         8c:d0:43:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3FdOlc5LqMPwlhbv1qD714MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNDI1MTYyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTExZTExYjVlNjc4NjY4YzYwMjYzNzZkMzUwMGNlNjgwMzhhMmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+xn8qi5tA7ZhWZlJpgjo4o2F6nP
x0udOA/E6nbNBjaCd10TiDuyG7f4B48jKR/x6Z0PTGIAwMyJYQ4unjJEoo9TEUgi
SHCBcxol+p3wwFBOKAg15qvAsdHKPxv1v+wGgCS2z2WuJbtyIaolTrhJ9/+bgznT
TcrK7H1cWiHEU0K6/njKtjNRWyr5L8OOcCTtpo7srod0f8EhiMjwuHE2+1S4dc9I
567MIAx+QN7fyhR4e4fGxsf2GZ6Ekpb13YH/9a8eIAdPyl96WKWF5sR8mxn6zVXS
TvjTe91M8tRrPLtsa/2CGG+RZxGfKUvlX8anga6ExVhmmF6OYjwIHOvPfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLER4RteZ4ZoxgJjdtNQDOaAOKK+MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvc1JIaEcxNW5obWpHQW1OMjAxQU01b0E0b3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXcMA0G
CSqGSIb3DQEBCwUAA4IBAQBT4KPJvxdjCuCANeFZFrA92jlzqrv2i/YrC1jckmgg
05Gp+seVy7PgZAp1NA5Lh+EZhmIhXJyHdQMXlDy+rJwnfzIveQTX49MuTUMa5JJK
hxl4mESEPwF0k7PRrgsjVAPNzql9RLjb++DR7Kd/c1NLZujDzvsMP3Cm5eL38Uel
w1JRpe5P3nd40lEuPEwoPr0hUslbY1pBqicXWx2j6JCQnHwX/BZhgEFR3gnKHpaW
antMx5VrGjmACiZnD7uW8zIYuxjAwMyenW1JkKidUjqO6Kr19g8e/OtzogiuJDgk
X3ua+XoEeqiRx/7lmzPANKEKbg3rG9Z/PI2Cj62M0ENi
-----END CERTIFICATE-----