Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DZtTpvEk_3y5q8smQ64SncQ9joI.roa
File:                     DZtTpvEk_3y5q8smQ64SncQ9joI.roa (raw, json)
Hash identifier:          /FsqZDsVUOFCRrAYuuAuyfkdLBtoLGZM10qk1QWvvtE=
Subject key identifier:   0D:9B:53:A6:F1:24:FF:7C:B9:AB:CB:26:43:AE:12:9D:C4:3D:8E:82
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019D519313D16881CFF4A9FAA203CA5F103F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DZtTpvEk_3y5q8smQ64SncQ9joI.roa
Signing time:             Fri 03 Apr 2026 04:21:26 +0000
ROA not before:           Fri 03 Apr 2026 04:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        193.124.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:51:93:13:d1:68:81:cf:f4:a9:fa:a2:03:ca:5f:10:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  3 04:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d9b53a6f124ff7cb9abcb2643ae129dc43d8e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:16:ec:b2:f1:33:af:cc:ef:85:52:d7:89:bc:
                    52:45:f3:d8:58:cb:76:83:33:83:bf:97:da:02:ce:
                    c0:5b:6b:15:0c:c5:87:cd:3c:a1:3a:44:ff:15:70:
                    b4:e5:cd:84:0a:af:86:37:8a:5c:bb:35:cd:a6:43:
                    2b:1c:6d:71:18:ae:a5:7e:4f:2e:ed:f0:7b:16:85:
                    df:08:d4:3f:83:db:89:9f:05:80:b5:e9:74:94:6a:
                    7d:0f:58:c5:45:04:07:f1:9e:69:02:8a:13:ef:e9:
                    10:62:bc:c5:0c:b3:17:44:95:e6:ab:f3:3c:c5:63:
                    44:15:b0:e6:85:3a:86:1d:56:c3:98:42:05:c2:9d:
                    3d:66:85:90:23:aa:e0:4f:26:87:d0:b6:6e:af:99:
                    66:d4:19:12:42:a3:e5:d9:b1:32:27:8e:94:a6:05:
                    c5:22:01:df:e5:02:c0:00:d4:49:68:07:b8:06:22:
                    a3:6a:14:7e:8f:8e:be:60:61:85:06:e7:83:b5:89:
                    da:f9:7f:af:aa:c4:eb:bb:a9:85:8e:ea:09:0d:49:
                    50:8e:9d:d4:67:06:13:49:48:d3:77:18:72:2a:11:
                    cf:ce:52:31:63:09:a8:8e:7a:e7:74:c8:a4:fa:2e:
                    35:10:21:2f:9c:dd:a1:ff:93:97:e5:8d:47:2d:bc:
                    9a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:9B:53:A6:F1:24:FF:7C:B9:AB:CB:26:43:AE:12:9D:C4:3D:8E:82
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DZtTpvEk_3y5q8smQ64SncQ9joI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:5b:80:2e:8f:bd:cc:49:a2:1a:7f:ef:79:d8:40:8e:ef:50:
         fa:ab:19:c0:b8:1f:8a:51:ff:60:38:58:42:cf:38:4e:08:4a:
         be:79:bd:53:24:62:4e:5a:ec:5c:af:2b:da:64:4f:da:01:64:
         fb:db:bc:75:fd:11:fb:e9:c6:57:e5:03:a6:5d:b2:8e:4e:15:
         5c:16:5b:76:b1:cb:6f:27:a2:94:ac:d8:8a:0e:28:b2:bc:11:
         5d:cb:c4:b9:f8:91:9b:79:9b:3d:7f:68:1b:3d:53:ec:86:ec:
         4c:b9:95:51:31:8c:3c:9c:40:26:b8:1b:82:f3:9f:6f:92:98:
         6f:fa:63:7a:73:31:bf:b6:56:2e:d2:c8:8c:3f:4b:e8:bd:a7:
         c2:c9:12:90:71:64:bd:6f:91:be:b0:3d:4c:dc:b6:5f:5e:c2:
         8b:5f:57:63:42:0c:db:3c:ca:b4:90:43:39:a5:02:ae:a0:e4:
         33:7f:93:ba:cb:c9:61:b7:60:4a:d9:1d:72:50:8c:27:e2:06:
         77:93:e8:1d:10:84:e7:79:4e:44:7a:a7:ac:a3:0d:46:1b:29:
         72:d1:0b:f3:07:06:78:de:ee:0f:25:a6:75:af:d1:75:20:fa:
         a9:15:42:67:80:5f:b7:bd:c3:87:db:3d:66:77:d1:aa:e7:b5:
         0e:5b:5c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1RkxPRaIHP9Kn6ogPKXxA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDAzMDQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDliNTNhNmYxMjRmZjdjYjlhYmNiMjY0M2FlMTI5ZGM0M2Q4ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxbssvEzr8zvhVLXibxSRfPYWMt2
gzODv5faAs7AW2sVDMWHzTyhOkT/FXC05c2ECq+GN4pcuzXNpkMrHG1xGK6lfk8u
7fB7FoXfCNQ/g9uJnwWAtel0lGp9D1jFRQQH8Z5pAooT7+kQYrzFDLMXRJXmq/M8
xWNEFbDmhTqGHVbDmEIFwp09ZoWQI6rgTyaH0LZur5lm1BkSQqPl2bEyJ46UpgXF
IgHf5QLAANRJaAe4BiKjahR+j46+YGGFBueDtYna+X+vqsTru6mFjuoJDUlQjp3U
ZwYTSUjTdxhyKhHPzlIxYwmojnrndMik+i41ECEvnN2h/5OX5Y1HLbya9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2bU6bxJP98uavLJkOuEp3EPY6CMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRFp0VHB2RWtfM3k1cThzbVE2NFNuY1E5am9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXxZMA0G
CSqGSIb3DQEBCwUAA4IBAQByW4Auj73MSaIaf+952ECO71D6qxnAuB+KUf9gOFhC
zzhOCEq+eb1TJGJOWuxcryvaZE/aAWT727x1/RH76cZX5QOmXbKOThVcFlt2sctv
J6KUrNiKDiiyvBFdy8S5+JGbeZs9f2gbPVPshuxMuZVRMYw8nEAmuBuC859vkphv
+mN6czG/tlYu0siMP0vovafCyRKQcWS9b5G+sD1M3LZfXsKLX1djQgzbPMq0kEM5
pQKuoOQzf5O6y8lht2BK2R1yUIwn4gZ3k+gdEITneU5Eeqesow1GGyly0QvzBwZ4
3u4PJaZ1r9F1IPqpFUJngF+3vcOH2z1md9Gq57UOW1yY
-----END CERTIFICATE-----