Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/Zq8AjHxCv4FTGqPd4LKVALKStFc.roa
File:                     Zq8AjHxCv4FTGqPd4LKVALKStFc.roa (raw, json)
Hash identifier:          +Wgeeo4qZQi4AfCHDA8NNz4m0OfIuxblNCKxxi1fR7Y=
Subject key identifier:   66:AF:00:8C:7C:42:BF:81:53:1A:A3:DD:E0:B2:95:00:B2:92:B4:57
Certificate issuer:       /CN=9e441e9e705ada3f9c1e827cd276dbd097487608
Certificate serial:       019E8D5DFAB571B90B0860BE009BF4A1B0C5
Authority key identifier: 9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/Zq8AjHxCv4FTGqPd4LKVALKStFc.roa
Signing time:             Wed 03 Jun 2026 12:03:26 +0000
ROA not before:           Wed 03 Jun 2026 12:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28889
IP address blocks:        185.135.16.0/24 maxlen: 24
                          185.135.17.0/24 maxlen: 24
                          185.135.18.0/24 maxlen: 24
                          185.135.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:5d:fa:b5:71:b9:0b:08:60:be:00:9b:f4:a1:b0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e441e9e705ada3f9c1e827cd276dbd097487608
        Validity
            Not Before: Jun  3 12:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66af008c7c42bf81531aa3dde0b29500b292b457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:18:7d:62:eb:ef:cb:49:fa:33:3b:b6:ab:ae:
                    41:5c:ca:76:a6:6d:db:12:58:2b:ae:06:c5:2b:f3:
                    c2:b9:ce:7b:77:37:dc:0e:5f:62:ac:b1:fa:8d:76:
                    66:82:98:64:ef:99:c3:8a:78:dd:38:b6:2e:89:0c:
                    58:33:53:c0:46:3d:34:3e:5e:00:12:0e:8c:07:51:
                    63:e9:83:ae:b9:1b:4d:d4:0e:7a:8d:37:b0:9a:0d:
                    ad:24:bd:37:13:8d:60:a7:bb:df:92:49:8b:52:f3:
                    07:df:09:46:58:b2:ff:66:1b:30:fc:2e:3d:22:fc:
                    0f:cd:2a:af:da:d4:90:7f:9c:3c:a4:f4:06:10:3c:
                    25:29:4d:fe:ed:9e:9d:de:5c:43:92:3d:3e:42:11:
                    66:27:6a:b6:dd:68:de:4a:07:cc:9b:d2:88:e7:98:
                    ef:2b:77:5d:33:82:7e:08:77:42:1a:7a:9c:09:80:
                    04:6c:22:12:bc:f5:b6:0f:28:97:88:1d:37:5c:ac:
                    e3:92:1a:b9:b1:78:b9:8c:93:4a:1e:52:e6:d3:db:
                    92:54:6b:2a:08:3a:b5:c9:1c:a1:e8:30:df:3a:e7:
                    1a:1a:e1:25:58:a0:22:62:3c:56:55:d2:f5:0f:0a:
                    0c:93:b1:fa:fc:f2:c4:75:06:cf:5f:de:42:78:a0:
                    9a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AF:00:8C:7C:42:BF:81:53:1A:A3:DD:E0:B2:95:00:B2:92:B4:57
            X509v3 Authority Key Identifier:
                keyid:9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/Zq8AjHxCv4FTGqPd4LKVALKStFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:31:2d:20:ad:53:de:2b:3b:1b:77:8d:10:c6:7b:56:06:
         a8:9e:c0:34:9c:6e:12:5b:07:db:a6:4b:e3:7e:d6:f6:24:76:
         ad:76:83:4c:b3:d9:46:b2:ff:45:be:fe:25:54:4e:5d:ec:80:
         55:b4:61:ad:79:08:05:dd:01:e5:20:ed:38:e5:ce:9e:42:f1:
         52:d8:a1:af:a0:d8:1f:40:6a:bd:81:de:a9:86:6e:d1:82:c5:
         2b:07:c1:c7:76:20:d6:c1:0e:62:3c:33:99:5b:47:8d:9e:bb:
         5d:66:c2:2d:19:46:3b:a3:e6:e0:4c:db:ba:78:9f:a4:43:52:
         34:93:71:ac:3e:9c:38:ba:e1:ab:48:1f:14:22:c8:cf:7d:85:
         c4:5d:c2:77:00:05:27:81:4e:57:0c:d9:cc:50:97:a4:c5:fd:
         54:e8:94:cc:3e:75:d2:32:59:b5:8f:68:47:10:46:a8:29:da:
         88:ba:dc:ef:b1:29:60:58:d6:9c:d3:bc:73:73:b0:07:79:3b:
         52:68:86:7f:fe:13:e7:d1:47:29:28:01:b0:d1:b0:91:97:fa:
         34:b6:86:57:7f:c8:66:63:e8:7e:84:9b:e4:b9:4d:9f:8d:d0:
         43:0d:7a:58:47:ec:3d:44:cf:8b:b1:60:8e:47:93:e2:dc:91:
         91:cc:f5:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NXfq1cbkLCGC+AJv0obDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDQxZTllNzA1YWRhM2Y5YzFlODI3Y2QyNzZkYmQwOTc0
ODc2MDgwHhcNMjYwNjAzMTIwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmFmMDA4YzdjNDJiZjgxNTMxYWEzZGRlMGIyOTUwMGIyOTJiNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohh9Yuvvy0n6Mzu2q65BXMp2pm3b
ElgrrgbFK/PCuc57dzfcDl9irLH6jXZmgphk75nDinjdOLYuiQxYM1PARj00Pl4A
Eg6MB1Fj6YOuuRtN1A56jTewmg2tJL03E41gp7vfkkmLUvMH3wlGWLL/Zhsw/C49
IvwPzSqv2tSQf5w8pPQGEDwlKU3+7Z6d3lxDkj0+QhFmJ2q23WjeSgfMm9KI55jv
K3ddM4J+CHdCGnqcCYAEbCISvPW2DyiXiB03XKzjkhq5sXi5jJNKHlLm09uSVGsq
CDq1yRyh6DDfOucaGuElWKAiYjxWVdL1DwoMk7H6/PLEdQbPX95CeKCaZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGavAIx8Qr+BUxqj3eCylQCykrRXMB8GA1UdIwQY
MBaAFJ5EHp5wWto/nB6CfNJ229CXSHYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWIt
OTMyZDE2YjA4ZGYwLzEvWnE4QWpIeEN2NEZUR3FQZDRMS1ZBTEtTdEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWItOTMyZDE2YjA4ZGYw
LzEvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYcQMA0G
CSqGSIb3DQEBCwUAA4IBAQCD7TEtIK1T3is7G3eNEMZ7VgaonsA0nG4SWwfbpkvj
ftb2JHatdoNMs9lGsv9Fvv4lVE5d7IBVtGGteQgF3QHlIO045c6eQvFS2KGvoNgf
QGq9gd6phm7RgsUrB8HHdiDWwQ5iPDOZW0eNnrtdZsItGUY7o+bgTNu6eJ+kQ1I0
k3GsPpw4uuGrSB8UIsjPfYXEXcJ3AAUngU5XDNnMUJekxf1U6JTMPnXSMlm1j2hH
EEaoKdqIutzvsSlgWNac07xzc7AHeTtSaIZ//hPn0UcpKAGw0bCRl/o0toZXf8hm
Y+h+hJvkuU2fjdBDDXpYR+w9RM+LsWCOR5Pi3JGRzPU3
-----END CERTIFICATE-----