Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/zIfoqljlX85QzvnSXMz6EhCgOUU.roa
File:                     zIfoqljlX85QzvnSXMz6EhCgOUU.roa (raw, json)
Hash identifier:          uL/4npychei8p19DfH7kPshAnDAeAA584UCQvzLeiPQ=
Subject key identifier:   CC:87:E8:AA:58:E5:5F:CE:50:CE:F9:D2:5C:CC:FA:12:10:A0:39:45
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       019DD8D67F8551F5D2C543476BA629F439C0
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/zIfoqljlX85QzvnSXMz6EhCgOUU.roa
Signing time:             Wed 29 Apr 2026 10:43:49 +0000
ROA not before:           Wed 29 Apr 2026 10:43:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        151.123.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 01:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:d6:7f:85:51:f5:d2:c5:43:47:6b:a6:29:f4:39:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Apr 29 10:43:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc87e8aa58e55fce50cef9d25cccfa1210a03945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d7:bd:11:23:70:21:aa:02:a6:05:f5:72:d5:
                    37:4c:06:c6:d6:68:f5:53:6e:39:25:2a:0b:ea:98:
                    6c:fc:47:8c:ad:77:61:87:cc:b5:0b:e1:9e:e0:10:
                    76:09:97:d0:d4:54:e3:ea:48:8c:9f:53:91:3d:3b:
                    29:d2:9c:67:ea:1f:c4:bc:56:1d:4d:80:50:1d:5c:
                    79:19:00:94:7e:a8:ee:48:c0:c7:54:9a:49:d0:44:
                    1a:8e:63:38:d0:24:86:ce:7b:af:04:0f:e7:b9:fd:
                    08:c2:a3:e3:76:c4:f2:60:b1:db:a7:69:8f:f4:a1:
                    d8:f7:4d:86:63:51:b0:56:b1:f1:29:d5:91:84:97:
                    48:c0:53:9e:9c:ad:f4:05:a7:0f:e5:54:d5:46:19:
                    ef:0b:b0:27:bc:c3:38:01:24:1e:91:a0:21:af:23:
                    17:e3:5b:23:c5:48:59:7e:45:8f:21:25:30:4d:0e:
                    37:b7:19:b0:48:b1:be:d4:34:b1:21:73:21:69:89:
                    2d:90:4b:a6:4a:4f:ec:f5:23:68:fe:35:db:56:ce:
                    07:07:70:74:e4:e1:86:1b:70:b4:25:a5:65:b7:5c:
                    8f:06:54:34:c4:06:03:e2:df:d3:fd:cf:92:0f:59:
                    40:b7:8d:79:39:0f:a5:24:d4:64:8f:a9:79:00:c4:
                    7e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:87:E8:AA:58:E5:5F:CE:50:CE:F9:D2:5C:CC:FA:12:10:A0:39:45
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/zIfoqljlX85QzvnSXMz6EhCgOUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.123.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:7a:1b:06:1b:e4:73:ca:b8:44:aa:41:30:57:11:0a:9e:97:
         f0:15:d8:2b:1e:2f:5a:8a:ce:f6:c2:dc:f4:97:bd:bd:3c:d4:
         56:50:b6:88:8f:ba:c2:f3:85:0a:93:f7:d7:6f:bb:b8:6f:4b:
         4b:ca:17:4f:68:4b:da:97:cd:1f:17:51:58:6f:55:71:9a:a0:
         e4:28:47:42:28:60:66:3b:87:da:15:83:86:2c:5c:04:b0:4a:
         8a:d6:30:a3:3a:75:86:00:38:04:11:02:64:1b:8b:35:9e:e2:
         71:17:7e:04:f0:05:0a:74:2c:bc:79:49:d8:d4:42:d5:85:46:
         8f:f8:3c:87:0a:f4:83:1e:a9:73:80:e6:a0:bb:3a:de:80:8d:
         7c:23:fe:55:d1:37:aa:87:81:a8:b1:b0:e0:05:12:64:f1:a4:
         8a:5f:1a:01:0c:18:ed:f9:af:35:8f:98:42:91:ae:d8:ff:86:
         6d:24:6d:ac:ca:68:78:3e:50:b7:60:d5:a9:84:e3:b1:b2:06:
         4c:d8:4a:f0:e6:5c:6d:59:d6:65:18:9f:0b:1c:bb:e9:3c:ce:
         9c:5c:30:7f:ee:fa:65:99:c6:5e:94:2d:04:4c:bd:65:1a:bc:
         34:28:18:00:47:8b:56:3a:6b:fe:62:fa:6b:a2:c2:1e:e2:6f:
         4a:72:6c:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Y1n+FUfXSxUNHa6Yp9DnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjYwNDI5MTA0MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg3ZThhYTU4ZTU1ZmNlNTBjZWY5ZDI1Y2NjZmExMjEwYTAzOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9e9ESNwIaoCpgX1ctU3TAbG1mj1
U245JSoL6phs/EeMrXdhh8y1C+Ge4BB2CZfQ1FTj6kiMn1ORPTsp0pxn6h/EvFYd
TYBQHVx5GQCUfqjuSMDHVJpJ0EQajmM40CSGznuvBA/nuf0IwqPjdsTyYLHbp2mP
9KHY902GY1GwVrHxKdWRhJdIwFOenK30BacP5VTVRhnvC7AnvMM4ASQekaAhryMX
41sjxUhZfkWPISUwTQ43txmwSLG+1DSxIXMhaYktkEumSk/s9SNo/jXbVs4HB3B0
5OGGG3C0JaVlt1yPBlQ0xAYD4t/T/c+SD1lAt415OQ+lJNRkj6l5AMR+4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyH6KpY5V/OUM750lzM+hIQoDlFMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEveklmb3FsamxYODVRenZuU1hNejZFaENnT1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl3u3MA0G
CSqGSIb3DQEBCwUAA4IBAQBvehsGG+RzyrhEqkEwVxEKnpfwFdgrHi9ais72wtz0
l729PNRWULaIj7rC84UKk/fXb7u4b0tLyhdPaEval80fF1FYb1VxmqDkKEdCKGBm
O4faFYOGLFwEsEqK1jCjOnWGADgEEQJkG4s1nuJxF34E8AUKdCy8eUnY1ELVhUaP
+DyHCvSDHqlzgOaguzregI18I/5V0Teqh4GosbDgBRJk8aSKXxoBDBjt+a81j5hC
ka7Y/4ZtJG2symh4PlC3YNWphOOxsgZM2Erw5lxtWdZlGJ8LHLvpPM6cXDB/7vpl
mcZelC0ETL1lGrw0KBgAR4tWOmv+YvprosIe4m9Kcmz0
-----END CERTIFICATE-----