Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/zU8a_Rh9KECinXPiNc-WHP3GujY.roa
File:                     zU8a_Rh9KECinXPiNc-WHP3GujY.roa (raw, json)
Hash identifier:          e8q5zXswrQCmeeckMOhqrGD/yrzbhI9fY87B9NmoAxY=
Subject key identifier:   CD:4F:1A:FD:18:7D:28:40:A2:9D:73:E2:35:CF:96:1C:FD:C6:BA:36
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D3521C1C5EB49C73024F997763F6B025A
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/zU8a_Rh9KECinXPiNc-WHP3GujY.roa
Signing time:             Sat 28 Mar 2026 15:48:17 +0000
ROA not before:           Sat 28 Mar 2026 15:48:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215314
IP address blocks:        176.53.172.0/22 maxlen: 22
                          176.53.172.0/24 maxlen: 24
                          176.53.173.0/24 maxlen: 24
                          176.53.174.0/24 maxlen: 24
                          176.53.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:35:21:c1:c5:eb:49:c7:30:24:f9:97:76:3f:6b:02:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 28 15:48:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd4f1afd187d2840a29d73e235cf961cfdc6ba36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d9:ba:87:0f:3b:d6:87:7e:a6:c7:71:e8:a1:
                    83:45:8b:ed:d7:25:d2:5b:af:45:4b:96:b3:1c:89:
                    2c:c7:cf:a3:d8:d0:dd:29:00:74:d3:4e:d4:6c:b2:
                    0b:4e:83:0a:11:1d:5a:5c:00:30:3f:a9:70:d2:82:
                    f5:eb:64:8f:e1:16:cb:4f:64:8e:77:d3:40:6b:aa:
                    6f:e1:ba:72:d5:1b:89:e5:45:70:cb:eb:b1:a2:17:
                    b7:69:35:12:9a:1f:8a:06:96:d2:1e:f5:8f:f3:df:
                    8a:e9:e7:05:ba:46:a6:d4:3e:0b:45:8b:27:eb:a8:
                    43:e1:f5:67:32:b0:49:69:d8:63:cf:78:ac:b1:0d:
                    25:e6:4c:66:36:78:46:9f:18:47:a1:84:0d:a7:58:
                    6f:78:41:0a:ad:e2:96:70:80:4c:f5:62:3f:cf:b0:
                    ca:0f:f2:58:5c:92:b8:e8:b2:e9:6b:87:ba:46:4a:
                    ef:61:16:c4:33:cf:c3:6a:1b:99:66:2f:a5:b8:c1:
                    f8:ce:41:ef:8f:4e:8c:d4:87:bc:84:e0:e5:09:94:
                    2b:0a:a1:64:1a:01:25:78:89:7b:12:8c:3d:f7:2b:
                    9e:d7:42:c0:60:04:1d:43:35:9c:35:97:c8:7b:ee:
                    47:04:ea:4a:f0:65:b4:81:7c:23:6b:ac:fd:b2:b6:
                    67:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:4F:1A:FD:18:7D:28:40:A2:9D:73:E2:35:CF:96:1C:FD:C6:BA:36
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/zU8a_Rh9KECinXPiNc-WHP3GujY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:a9:89:5f:74:a4:81:8e:b6:1e:45:d5:6d:a0:c7:76:77:27:
         b1:c3:86:a6:cc:a6:44:b3:69:b7:1d:c9:05:c8:07:dd:50:af:
         31:76:d7:1b:48:00:65:be:71:08:9b:21:f0:33:ab:1e:cb:7b:
         1e:b5:65:60:b0:fb:21:e8:9e:86:ef:81:94:f5:9d:25:ab:14:
         5c:b2:fa:20:7a:11:75:b8:59:35:50:d5:39:ba:1f:9c:87:d8:
         c6:d2:d0:0d:f2:0c:ca:a7:95:4f:9b:df:2c:d5:f1:bd:4d:50:
         e0:7a:76:4b:40:4f:26:81:9b:7e:00:2e:d3:83:7d:c3:33:23:
         b2:c7:06:ed:e2:dd:3d:a6:94:7d:85:4d:09:2d:9f:4a:18:6a:
         0d:2e:55:c0:7b:cd:0c:66:08:7c:32:66:50:89:9c:6c:82:13:
         23:46:8a:52:c5:73:69:6f:13:bc:81:e8:0a:84:ad:14:e1:8f:
         54:eb:03:0b:62:ce:52:e1:59:45:0f:3a:25:8d:77:09:e9:fe:
         3f:31:7e:d4:c0:f8:f0:69:85:60:52:c5:7f:c9:f2:fa:c3:5f:
         c7:e7:c6:f7:d4:9e:9f:63:33:f9:58:93:96:4d:44:43:7e:de:
         e3:89:b2:f1:6a:6b:2e:4f:56:5c:fb:e3:ea:3f:de:58:cb:e9:
         0a:59:30:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ01IcHF60nHMCT5l3Y/awJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzI4MTU0ODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDRmMWFmZDE4N2QyODQwYTI5ZDczZTIzNWNmOTYxY2ZkYzZiYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtm6hw871od+psdx6KGDRYvt1yXS
W69FS5azHIksx8+j2NDdKQB0007UbLILToMKER1aXAAwP6lw0oL162SP4RbLT2SO
d9NAa6pv4bpy1RuJ5UVwy+uxohe3aTUSmh+KBpbSHvWP89+K6ecFukam1D4LRYsn
66hD4fVnMrBJadhjz3issQ0l5kxmNnhGnxhHoYQNp1hveEEKreKWcIBM9WI/z7DK
D/JYXJK46LLpa4e6RkrvYRbEM8/DahuZZi+luMH4zkHvj06M1Ie8hODlCZQrCqFk
GgEleIl7Eow99yue10LAYAQdQzWcNZfIe+5HBOpK8GW0gXwja6z9srZnpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1PGv0YfShAop1z4jXPlhz9xro2MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvelU4YV9SaDlLRUNpblhQaU5jLVdIUDNHdWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsDWsMA0G
CSqGSIb3DQEBCwUAA4IBAQCeqYlfdKSBjrYeRdVtoMd2dyexw4amzKZEs2m3HckF
yAfdUK8xdtcbSABlvnEImyHwM6sey3setWVgsPsh6J6G74GU9Z0lqxRcsvogehF1
uFk1UNU5uh+ch9jG0tAN8gzKp5VPm98s1fG9TVDgenZLQE8mgZt+AC7Tg33DMyOy
xwbt4t09ppR9hU0JLZ9KGGoNLlXAe80MZgh8MmZQiZxsghMjRopSxXNpbxO8gegK
hK0U4Y9U6wMLYs5S4VlFDzoljXcJ6f4/MX7UwPjwaYVgUsV/yfL6w1/H58b31J6f
YzP5WJOWTURDft7jibLxamsuT1Zc++PqP95Yy+kKWTCG
-----END CERTIFICATE-----