Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/zRMtSyG0erquHg8eDcLfOh4BpSs.roa
File:                     zRMtSyG0erquHg8eDcLfOh4BpSs.roa (raw, json)
Hash identifier:          fv01yx8YQE61hN1VLmCbWMtgYoNsmN10wZe2YdF/txM=
Subject key identifier:   CD:13:2D:4B:21:B4:7A:BA:AE:1E:0F:1E:0D:C2:DF:3A:1E:01:A5:2B
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019EA681E110C6C9B88AFE28517379E93B02
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/zRMtSyG0erquHg8eDcLfOh4BpSs.roa
Signing time:             Mon 08 Jun 2026 09:13:10 +0000
ROA not before:           Mon 08 Jun 2026 09:13:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32418
IP address blocks:        189.24.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:81:e1:10:c6:c9:b8:8a:fe:28:51:73:79:e9:3b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Jun  8 09:13:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd132d4b21b47abaae1e0f1e0dc2df3a1e01a52b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a1:1b:a2:43:58:d9:12:d8:c7:3f:49:71:0c:
                    3d:60:7f:3c:24:54:cd:4d:71:08:2b:70:a5:74:4d:
                    7c:bf:c7:4b:d1:6f:60:a2:04:0b:85:0c:cb:74:de:
                    48:e9:14:c7:dd:4d:20:84:15:a7:d6:6f:df:93:f7:
                    8b:1d:36:86:53:5e:f6:bc:07:85:0f:af:52:1e:83:
                    c5:54:8d:35:46:9d:15:6c:8a:8d:c0:1a:aa:0b:90:
                    df:8b:76:3d:f0:a5:63:12:88:3e:0b:88:49:9e:fd:
                    b4:0e:86:31:51:e5:4a:39:53:7d:33:06:c8:02:36:
                    9c:52:24:c0:35:4e:7d:3c:a3:ab:90:8c:ec:f8:b7:
                    c9:b0:2f:7a:69:83:94:f4:7f:04:9a:7f:0d:40:45:
                    c9:9c:db:81:92:c3:4c:7f:6a:b2:16:fe:09:3a:98:
                    33:9b:b4:35:e4:24:91:92:63:23:58:a9:3f:80:69:
                    2f:ad:67:36:87:65:e6:dc:3c:ad:2e:7e:91:4d:83:
                    6d:b6:62:ed:68:66:d7:56:1a:a3:71:c2:74:f1:f1:
                    fd:62:53:0e:e5:79:34:31:c8:72:42:f4:ab:24:cb:
                    5d:30:e3:cc:74:13:9d:e4:1e:c3:72:1c:d1:c5:79:
                    db:bb:eb:52:c5:70:cf:fc:45:1b:64:bf:ad:28:33:
                    72:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:13:2D:4B:21:B4:7A:BA:AE:1E:0F:1E:0D:C2:DF:3A:1E:01:A5:2B
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/zRMtSyG0erquHg8eDcLfOh4BpSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.24.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:9e:f6:88:36:87:db:c1:d3:60:d1:cd:92:92:ae:89:8c:b0:
         d3:38:e4:c9:90:e6:9e:fa:15:e1:db:26:b8:5e:dd:02:80:99:
         dd:d7:6f:6f:e1:ea:8c:17:ae:e7:08:72:30:5c:15:b2:56:40:
         43:bf:ab:6f:69:fd:d1:d9:19:3b:f2:8d:2a:6b:00:4a:cc:bb:
         3d:f5:47:0f:a9:01:6d:e0:8c:62:d7:97:a8:f5:66:c3:1a:8a:
         63:0e:7a:17:32:a2:4c:63:dd:51:66:71:3d:da:19:cc:9a:59:
         7e:eb:02:e9:c5:53:be:37:a8:6c:cb:26:2b:e6:1c:39:c0:e9:
         ed:3a:2c:47:8a:cd:71:6e:b5:aa:f0:b0:2d:a1:51:a0:d6:09:
         ec:60:46:45:cb:6f:c3:76:92:08:93:30:8e:42:07:3e:99:2c:
         93:8a:ae:93:b1:cf:a0:57:1e:2a:aa:99:b7:20:dc:90:72:69:
         e8:67:ef:1b:b2:d1:3f:30:48:70:80:ce:e2:38:b2:dd:84:a7:
         89:64:57:1e:c0:b3:0d:a7:fe:e9:7e:e7:76:03:af:30:85:02:
         c7:c8:db:df:58:6f:64:b4:a0:cb:da:4b:62:1b:4d:4a:e2:86:
         86:21:5e:4f:a0:3f:16:f1:77:0f:1b:e8:b1:18:9c:9e:db:f4:
         7f:4e:95:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6mgeEQxsm4iv4oUXN56TsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwNjA4MDkxMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDEzMmQ0YjIxYjQ3YWJhYWUxZTBmMWUwZGMyZGYzYTFlMDFhNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6EbokNY2RLYxz9JcQw9YH88JFTN
TXEIK3CldE18v8dL0W9gogQLhQzLdN5I6RTH3U0ghBWn1m/fk/eLHTaGU172vAeF
D69SHoPFVI01Rp0VbIqNwBqqC5Dfi3Y98KVjEog+C4hJnv20DoYxUeVKOVN9MwbI
AjacUiTANU59PKOrkIzs+LfJsC96aYOU9H8Emn8NQEXJnNuBksNMf2qyFv4JOpgz
m7Q15CSRkmMjWKk/gGkvrWc2h2Xm3DytLn6RTYNttmLtaGbXVhqjccJ08fH9YlMO
5Xk0MchyQvSrJMtdMOPMdBOd5B7DchzRxXnbu+tSxXDP/EUbZL+tKDNyuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0TLUshtHq6rh4PHg3C3zoeAaUrMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvelJNdFN5RzBlcnF1SGc4ZURjTGZPaDRCcFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvRh8MA0G
CSqGSIb3DQEBCwUAA4IBAQA+nvaINofbwdNg0c2Skq6JjLDTOOTJkOae+hXh2ya4
Xt0CgJnd129v4eqMF67nCHIwXBWyVkBDv6tvaf3R2Rk78o0qawBKzLs99UcPqQFt
4Ixi15eo9WbDGopjDnoXMqJMY91RZnE92hnMmll+6wLpxVO+N6hsyyYr5hw5wOnt
OixHis1xbrWq8LAtoVGg1gnsYEZFy2/DdpIIkzCOQgc+mSyTiq6Tsc+gVx4qqpm3
INyQcmnoZ+8bstE/MEhwgM7iOLLdhKeJZFcewLMNp/7pfud2A68whQLHyNvfWG9k
tKDL2ktiG01K4oaGIV5PoD8W8XcPG+ixGJye2/R/TpUN
-----END CERTIFICATE-----