Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/hzKfJWZlIV8JBysFWarDH5yRiEk.roa
File:                     hzKfJWZlIV8JBysFWarDH5yRiEk.roa (raw, json)
Hash identifier:          CAWz472DO1trBiLZNnU0TTJf5YszDXotuDHQXa3fYWE=
Subject key identifier:   87:32:9F:25:66:65:21:5F:09:07:2B:05:59:AA:C3:1F:9C:91:88:49
Certificate issuer:       /CN=264d04c39641b82b5dc3844cf5ff550f54044689
Certificate serial:       019B7A5A10A8274F39E46FBCBC57BEFDA423
Authority key identifier: 26:4D:04:C3:96:41:B8:2B:5D:C3:84:4C:F5:FF:55:0F:54:04:46:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/hzKfJWZlIV8JBysFWarDH5yRiEk.roa
Signing time:             Thu 01 Jan 2026 16:18:01 +0000
ROA not before:           Thu 01 Jan 2026 16:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210144
IP address blocks:        31.132.48.0/22 maxlen: 22
                          185.141.172.0/22 maxlen: 22
                          2a0d:e800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:10:a8:27:4f:39:e4:6f:bc:bc:57:be:fd:a4:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=264d04c39641b82b5dc3844cf5ff550f54044689
        Validity
            Not Before: Jan  1 16:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87329f256665215f09072b0559aac31f9c918849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:01:1f:58:9d:28:ed:8e:d3:0a:65:d8:48:c9:
                    1f:60:44:92:70:e5:45:d3:ca:71:cc:f3:74:7a:74:
                    fc:0f:8f:df:87:e8:46:20:ab:06:3e:e4:83:a7:c7:
                    b0:38:aa:ca:7e:29:ae:19:04:6f:63:9b:b8:a6:6c:
                    f6:9c:11:3a:64:7a:fd:45:dc:73:39:4e:f3:f6:20:
                    6f:3a:36:52:e9:85:f0:7c:33:fe:91:7c:00:fd:6c:
                    76:c2:ec:b3:61:a3:f8:06:9d:c6:9e:77:99:88:b0:
                    dd:ce:7d:21:d5:16:f1:88:f1:ae:62:81:bf:5f:51:
                    bf:a2:0b:09:8e:a2:ae:90:df:f4:28:54:6c:7c:e2:
                    b7:5a:1d:69:51:eb:62:05:2c:33:e1:e5:b4:a2:b6:
                    5f:62:20:3d:be:b3:8b:eb:f4:64:71:55:61:33:40:
                    a3:78:51:3a:ba:2d:02:70:a7:43:81:ba:60:58:aa:
                    10:49:46:42:93:b3:de:dd:83:31:8f:02:b3:66:46:
                    3b:94:d5:26:96:d6:57:02:d0:29:47:e5:40:28:e4:
                    a8:cc:7a:c6:f2:3d:b6:3e:46:6a:8b:9c:b2:df:6b:
                    f0:ac:63:95:e9:d5:f4:b7:c1:66:60:99:7b:24:0c:
                    b7:6a:fe:57:1f:04:21:0d:d4:f4:b1:20:59:6d:ca:
                    53:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:32:9F:25:66:65:21:5F:09:07:2B:05:59:AA:C3:1F:9C:91:88:49
            X509v3 Authority Key Identifier:
                keyid:26:4D:04:C3:96:41:B8:2B:5D:C3:84:4C:F5:FF:55:0F:54:04:46:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/hzKfJWZlIV8JBysFWarDH5yRiEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.48.0/22
                  185.141.172.0/22
                IPv6:
                  2a0d:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:64:05:2b:4f:cc:31:ad:29:32:16:3d:cd:f4:ab:37:26:21:
         2a:8e:12:80:96:63:71:81:67:16:c1:15:fd:d3:67:6b:17:e7:
         3d:7b:89:45:96:19:a2:f3:53:50:33:69:d5:16:90:69:8a:f5:
         02:7f:f8:54:b9:c4:2a:ab:9a:e9:08:ea:f2:5b:f6:b4:59:3d:
         f5:fb:36:3f:84:6f:15:25:1f:a0:4a:4e:59:f0:8b:f8:be:bd:
         05:cb:0b:4b:42:49:f0:e4:28:ce:c3:73:61:2e:77:1f:ea:d9:
         8e:87:1a:d5:88:2f:5a:78:b1:c3:e7:3f:ff:75:96:58:f9:b4:
         bd:0f:bf:cd:d2:b0:84:23:19:0c:94:b2:d1:6b:c8:80:da:05:
         2b:c9:4b:23:4a:b1:20:99:26:ee:7a:53:75:74:94:9b:1a:7e:
         bf:7d:cd:1c:62:c5:a8:3c:be:a5:f3:a8:49:7b:cf:93:9e:a8:
         2c:6b:f6:4b:d2:21:24:44:3f:c1:71:a3:13:2f:df:61:3c:62:
         d6:c9:db:9e:8e:86:70:16:56:5f:f7:3a:e9:5d:6e:60:fd:c2:
         ed:cf:22:d4:c4:e4:3a:a8:6d:00:f4:6a:b4:48:cb:b9:e1:68:
         63:67:73:19:c2:d7:1f:94:a7:87:c3:b7:3a:31:b7:1c:28:3e:
         a6:b1:0c:93
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt6WhCoJ0855G+8vFe+/aQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NGQwNGMzOTY0MWI4MmI1ZGMzODQ0Y2Y1ZmY1NTBmNTQw
NDQ2ODkwHhcNMjYwMTAxMTYxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMyOWYyNTY2NjUyMTVmMDkwNzJiMDU1OWFhYzMxZjljOTE4ODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgEfWJ0o7Y7TCmXYSMkfYESScOVF
08pxzPN0enT8D4/fh+hGIKsGPuSDp8ewOKrKfimuGQRvY5u4pmz2nBE6ZHr9Rdxz
OU7z9iBvOjZS6YXwfDP+kXwA/Wx2wuyzYaP4Bp3GnneZiLDdzn0h1RbxiPGuYoG/
X1G/ogsJjqKukN/0KFRsfOK3Wh1pUetiBSwz4eW0orZfYiA9vrOL6/RkcVVhM0Cj
eFE6ui0CcKdDgbpgWKoQSUZCk7Pe3YMxjwKzZkY7lNUmltZXAtApR+VAKOSozHrG
8j22PkZqi5yy32vwrGOV6dX0t8FmYJl7JAy3av5XHwQhDdT0sSBZbcpTyQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIcynyVmZSFfCQcrBVmqwx+ckYhJMB8GA1UdIwQY
MBaAFCZNBMOWQbgrXcOETPX/VQ9UBEaJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmswRXc1WkJ1Q3RkdzRSTTlmOVZEMVFFUm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMDA5OWMtZDg2MC00OWE1LWI0NTkt
M2QwMDM2NjAzZWEwLzEvaHpLZkpXWmxJVjhKQnlzRldhckRINXlSaUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMDA5OWMtZDg2MC00OWE1LWI0NTktM2QwMDM2NjAzZWEw
LzEvSmswRXc1WkJ1Q3RkdzRSTTlmOVZEMVFFUm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCH4QwAwQC
uY2sMA0EAgACMAcDBQMqDegAMA0GCSqGSIb3DQEBCwUAA4IBAQClZAUrT8wxrSky
Fj3N9Ks3JiEqjhKAlmNxgWcWwRX902drF+c9e4lFlhmi81NQM2nVFpBpivUCf/hU
ucQqq5rpCOryW/a0WT31+zY/hG8VJR+gSk5Z8Iv4vr0FywtLQknw5CjOw3NhLncf
6tmOhxrViC9aeLHD5z//dZZY+bS9D7/N0rCEIxkMlLLRa8iA2gUryUsjSrEgmSbu
elN1dJSbGn6/fc0cYsWoPL6l86hJe8+Tnqgsa/ZL0iEkRD/BcaMTL99hPGLWydue
joZwFlZf9zrpXW5g/cLtzyLUxOQ6qG0A9Gq0SMu54WhjZ3MZwtcflKeHw7c6Mbcc
KD6msQyT
-----END CERTIFICATE-----