Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sfIFa_zvIWFeaikhlC8p9lzyiak.roa
File:                     sfIFa_zvIWFeaikhlC8p9lzyiak.roa (raw, json)
Hash identifier:          JmdJqAk29N9Jb2v4hQ9hbp/VRCQfMA8RIGy2N4vYuEA=
Subject key identifier:   B1:F2:05:6B:FC:EF:21:61:5E:6A:29:21:94:2F:29:F6:5C:F2:89:A9
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019CE1F0A7DD9EF52A41737D504D90AE528D
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sfIFa_zvIWFeaikhlC8p9lzyiak.roa
Signing time:             Thu 12 Mar 2026 12:06:11 +0000
ROA not before:           Thu 12 Mar 2026 12:06:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215496
IP address blocks:        85.133.206.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 21:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:f0:a7:dd:9e:f5:2a:41:73:7d:50:4d:90:ae:52:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Mar 12 12:06:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1f2056bfcef21615e6a2921942f29f65cf289a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0c:e6:05:c3:7a:4b:dc:29:de:2b:85:26:68:
                    f7:af:80:ab:2e:60:1a:07:59:c8:84:f9:db:00:8c:
                    25:bc:40:57:1c:95:5a:34:f1:56:8f:bd:d3:86:13:
                    7b:0c:85:2b:42:1a:af:08:f2:9d:00:2c:94:b5:c8:
                    ad:df:a9:0f:60:1d:35:51:20:a6:d2:35:1e:8e:50:
                    26:ab:f0:f7:78:5e:b8:e0:e1:bd:70:d6:c8:1b:59:
                    b8:88:54:33:5d:fa:db:fd:80:36:ca:8a:19:4e:87:
                    fe:dc:79:3d:4c:02:00:7f:61:e2:dd:8a:18:76:8f:
                    a8:0c:04:01:02:7c:a7:e3:22:c0:29:98:5d:54:02:
                    76:02:4e:98:82:1c:53:ae:46:19:11:cf:06:48:2d:
                    19:ff:07:29:08:da:bf:93:f8:48:ee:ad:59:7c:a3:
                    d0:61:21:f9:df:fe:1a:3f:a7:f1:1d:89:ff:e0:34:
                    84:e2:5c:56:b9:a9:c3:79:24:2b:d8:50:ea:80:c6:
                    4a:01:a7:0b:d1:99:d5:f8:ca:a6:18:a2:55:e9:79:
                    c6:6f:41:b6:78:68:45:e5:7d:cf:7a:f3:c9:3a:a7:
                    e6:03:8c:c1:75:0f:22:ff:d2:12:2d:40:46:af:4c:
                    85:91:36:fb:d6:00:79:d3:c5:db:56:33:9b:11:52:
                    b5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F2:05:6B:FC:EF:21:61:5E:6A:29:21:94:2F:29:F6:5C:F2:89:A9
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/sfIFa_zvIWFeaikhlC8p9lzyiak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.206.0/24
                  85.133.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:67:18:f4:8c:d6:b0:76:c9:7d:80:11:56:d7:58:54:97:7f:
         8e:5a:3d:e6:a2:2e:fc:9c:73:8e:36:7d:c9:17:fa:58:bd:2b:
         55:4c:b6:16:9a:36:c6:cc:67:da:e8:51:9e:94:b6:ed:f3:00:
         83:b4:05:86:a6:51:e1:49:f2:57:38:3f:2d:55:23:e6:f9:5c:
         9d:d3:7f:1d:98:0e:7f:87:79:5d:0b:f6:db:b9:39:2c:71:e5:
         a5:69:df:00:e5:e9:ae:0d:dc:48:83:ef:e1:fb:e9:c1:57:1a:
         17:05:8b:e1:3b:a1:21:45:a6:18:b2:21:0b:bc:5d:14:13:22:
         ea:c9:f8:cf:81:b3:e7:fb:73:61:04:b8:d1:87:50:7b:57:2b:
         7c:1c:a3:17:cb:0b:7c:ae:4d:b4:3f:41:52:cb:60:7c:2f:97:
         48:9c:20:d5:65:02:fb:a3:cf:4d:f5:f5:b1:1d:2b:37:c0:f8:
         34:0f:8d:01:fc:d1:ae:0f:5c:f1:d7:ea:b2:af:42:32:83:f3:
         1c:ce:85:6c:27:10:df:b3:e7:01:c8:1d:fa:39:95:eb:f3:98:
         9c:4b:5e:10:26:3a:5e:6c:3b:76:eb:f3:8f:87:9f:bf:60:0f:
         bc:d5:51:43:23:a4:e8:83:14:d9:cf:07:ee:72:6c:88:89:ed:
         b3:58:c8:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzh8KfdnvUqQXN9UE2QrlKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMzEyMTIwNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYyMDU2YmZjZWYyMTYxNWU2YTI5MjE5NDJmMjlmNjVjZjI4OWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwzmBcN6S9wp3iuFJmj3r4CrLmAa
B1nIhPnbAIwlvEBXHJVaNPFWj73ThhN7DIUrQhqvCPKdACyUtcit36kPYB01USCm
0jUejlAmq/D3eF644OG9cNbIG1m4iFQzXfrb/YA2yooZTof+3Hk9TAIAf2Hi3YoY
do+oDAQBAnyn4yLAKZhdVAJ2Ak6YghxTrkYZEc8GSC0Z/wcpCNq/k/hI7q1ZfKPQ
YSH53/4aP6fxHYn/4DSE4lxWuanDeSQr2FDqgMZKAacL0ZnV+MqmGKJV6XnGb0G2
eGhF5X3PevPJOqfmA4zBdQ8i/9ISLUBGr0yFkTb71gB508XbVjObEVK1oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHyBWv87yFhXmopIZQvKfZc8ompMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvc2ZJRmFfenZJV0ZlYWlraGxDOHA5bHp5aWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXOAwQA
VYXjMA0GCSqGSIb3DQEBCwUAA4IBAQAnZxj0jNawdsl9gBFW11hUl3+OWj3moi78
nHOONn3JF/pYvStVTLYWmjbGzGfa6FGelLbt8wCDtAWGplHhSfJXOD8tVSPm+Vyd
038dmA5/h3ldC/bbuTksceWlad8A5emuDdxIg+/h++nBVxoXBYvhO6EhRaYYsiEL
vF0UEyLqyfjPgbPn+3NhBLjRh1B7Vyt8HKMXywt8rk20P0FSy2B8L5dInCDVZQL7
o89N9fWxHSs3wPg0D40B/NGuD1zx1+qyr0Iyg/MczoVsJxDfs+cByB36OZXr85ic
S14QJjpebDt26/OPh5+/YA+81VFDI6TogxTZzwfucmyIie2zWMjd
-----END CERTIFICATE-----