Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/ZVUh7y26ToxL-oq8YITOKQgfF08.roa
File:                     ZVUh7y26ToxL-oq8YITOKQgfF08.roa (raw, json)
Hash identifier:          mGiVKv+1/ai9DnwEadL7YecZ7TPX9VgOuJDaNOyNIA8=
Subject key identifier:   65:55:21:EF:2D:BA:4E:8C:4B:FA:8A:BC:60:84:CE:29:08:1F:17:4F
Certificate issuer:       /CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
Certificate serial:       019E79A0451913726981629936987D2D2501
Authority key identifier: 20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/ZVUh7y26ToxL-oq8YITOKQgfF08.roa
Signing time:             Sat 30 May 2026 16:03:26 +0000
ROA not before:           Sat 30 May 2026 16:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215496
IP address blocks:        91.234.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:a0:45:19:13:72:69:81:62:99:36:98:7d:2d:25:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
        Validity
            Not Before: May 30 16:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=655521ef2dba4e8c4bfa8abc6084ce29081f174f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b0:b5:3c:6b:1c:63:cf:23:ed:78:ef:de:f4:
                    c1:83:3c:c3:ba:97:04:3b:83:29:a7:34:ec:ff:9e:
                    37:8a:09:c9:a6:9a:f6:96:03:95:74:d3:6d:d0:d5:
                    91:6b:40:a2:3b:6f:e5:7a:d8:87:04:65:b2:ff:9e:
                    7c:c6:c3:f0:35:7f:ed:27:2c:27:b8:c1:cd:95:56:
                    76:8c:73:e2:7c:30:5f:44:6b:e3:e8:1b:46:41:bd:
                    96:7b:24:04:e1:af:e0:af:43:e9:c7:8e:bf:b7:e5:
                    54:e9:b3:2f:48:06:ef:39:72:e9:ed:3a:d0:b2:08:
                    1f:99:cc:b6:d3:8d:f0:2a:62:f4:6e:9e:0e:05:d9:
                    3f:94:fe:ee:9e:9e:54:9a:dc:0f:fd:ee:dc:83:ba:
                    d9:32:29:64:a5:e9:84:eb:90:f9:a1:9f:56:5d:26:
                    46:49:d6:64:59:01:07:8e:c0:5a:21:c6:ff:b2:a4:
                    8a:d5:0b:d2:f4:b2:af:91:1f:4d:02:2d:fb:c8:23:
                    c3:c7:de:5d:15:f2:13:b9:b6:a0:f7:48:04:29:32:
                    a6:56:b5:49:21:32:f6:3d:63:e3:97:04:3b:25:bb:
                    b9:9f:c0:91:38:f8:1a:a7:eb:bf:0f:d0:1e:48:7f:
                    08:94:05:ac:0f:cc:a9:05:92:bc:a6:00:0a:02:d0:
                    24:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:55:21:EF:2D:BA:4E:8C:4B:FA:8A:BC:60:84:CE:29:08:1F:17:4F
            X509v3 Authority Key Identifier:
                keyid:20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/ZVUh7y26ToxL-oq8YITOKQgfF08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:89:10:70:03:32:ed:9b:99:c2:00:0b:0b:47:9c:af:b6:72:
         40:03:37:a4:20:61:0c:67:d7:42:a7:2f:9a:64:fd:c8:fc:9d:
         e2:0a:de:97:f5:2a:f1:44:f3:f6:32:7a:12:d4:d2:f6:1c:a3:
         5d:b4:22:d1:ac:6d:8f:a3:b9:2f:16:ac:b5:67:f3:94:a5:0f:
         e3:b1:1e:f4:2e:66:05:92:ff:b9:47:08:b8:75:d6:0d:83:25:
         da:97:e4:6e:57:bc:90:79:4a:ed:62:40:51:78:65:cf:0f:2f:
         c4:d9:69:e5:b0:84:ae:c5:c6:6c:9b:64:bc:c7:6b:ca:b6:e6:
         4b:a3:1c:1f:d6:b9:84:ba:8e:5d:38:0a:89:5a:6e:f0:42:14:
         68:ce:a2:9f:c1:fa:ff:ce:c0:e4:d6:dd:f2:a8:74:ce:3c:e6:
         e4:3e:7c:eb:f0:43:68:9e:c7:d4:40:38:c8:ea:b9:7d:5a:cf:
         28:87:a3:a4:d6:27:07:3b:ff:16:0c:87:1d:57:5b:fe:1f:6d:
         56:3e:58:e1:da:20:bb:64:80:70:95:33:70:b0:2e:68:af:7d:
         3c:d4:d0:6a:8f:08:46:4d:c1:0d:2c:05:92:eb:62:cf:64:3e:
         f0:96:84:42:9e:10:74:55:7a:41:98:e2:0e:e3:79:e3:5f:f6:
         da:d2:2e:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55oEUZE3JpgWKZNph9LSUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTIzZGQwNTg0OWNjODEzMjU1YWI4ZDFiODUzZmI5YzQ1
ZDg2OTQwHhcNMjYwNTMwMTYwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTU1MjFlZjJkYmE0ZThjNGJmYThhYmM2MDg0Y2UyOTA4MWYxNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrC1PGscY88j7Xjv3vTBgzzDupcE
O4MppzTs/543ignJppr2lgOVdNNt0NWRa0CiO2/letiHBGWy/558xsPwNX/tJywn
uMHNlVZ2jHPifDBfRGvj6BtGQb2WeyQE4a/gr0Ppx46/t+VU6bMvSAbvOXLp7TrQ
sggfmcy2043wKmL0bp4OBdk/lP7unp5UmtwP/e7cg7rZMilkpemE65D5oZ9WXSZG
SdZkWQEHjsBaIcb/sqSK1QvS9LKvkR9NAi37yCPDx95dFfITubag90gEKTKmVrVJ
ITL2PWPjlwQ7Jbu5n8CROPgap+u/D9AeSH8IlAWsD8ypBZK8pgAKAtAkFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVVIe8tuk6MS/qKvGCEzikIHxdPMB8GA1UdIwQY
MBaAFCDiPdBYScyBMlWrjRuFP7nEXYaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYt
Yjg4OGEzMTI0NDU0LzEvWlZVaDd5MjZUb3hMLW9xOFlJVE9LUWdmRjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYtYjg4OGEzMTI0NDU0
LzEvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+qTMA0G
CSqGSIb3DQEBCwUAA4IBAQBMiRBwAzLtm5nCAAsLR5yvtnJAAzekIGEMZ9dCpy+a
ZP3I/J3iCt6X9SrxRPP2MnoS1NL2HKNdtCLRrG2Po7kvFqy1Z/OUpQ/jsR70LmYF
kv+5Rwi4ddYNgyXal+RuV7yQeUrtYkBReGXPDy/E2WnlsISuxcZsm2S8x2vKtuZL
oxwf1rmEuo5dOAqJWm7wQhRozqKfwfr/zsDk1t3yqHTOPObkPnzr8ENonsfUQDjI
6rl9Ws8oh6Ok1icHO/8WDIcdV1v+H21WPljh2iC7ZIBwlTNwsC5or3081NBqjwhG
TcENLAWS62LPZD7wloRCnhB0VXpBmOIO43njX/ba0i5J
-----END CERTIFICATE-----