Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/ZbTeBAO3QTTIszF0pdw52UodjGY.roa
File:                     ZbTeBAO3QTTIszF0pdw52UodjGY.roa (raw, json)
Hash identifier:          Zcq4v6bJvVoVndPkmRTnPcyoC19uifQNUAxqTObWOg4=
Subject key identifier:   65:B4:DE:04:03:B7:41:34:C8:B3:31:74:A5:DC:39:D9:4A:1D:8C:66
Certificate issuer:       /CN=a0c58cd071f780b7ac340c0144eb04fb50ccbbf1
Certificate serial:       019C9A57209B11B0D47275BE82447074ABAB
Authority key identifier: A0:C5:8C:D0:71:F7:80:B7:AC:34:0C:01:44:EB:04:FB:50:CC:BB:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oMWM0HH3gLesNAwBROsE-1DMu_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/ZbTeBAO3QTTIszF0pdw52UodjGY.roa
Signing time:             Thu 26 Feb 2026 14:25:27 +0000
ROA not before:           Thu 26 Feb 2026 14:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42864
IP address blocks:        91.198.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/oMWM0HH3gLesNAwBROsE-1DMu_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/oMWM0HH3gLesNAwBROsE-1DMu_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oMWM0HH3gLesNAwBROsE-1DMu_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:57:20:9b:11:b0:d4:72:75:be:82:44:70:74:ab:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0c58cd071f780b7ac340c0144eb04fb50ccbbf1
        Validity
            Not Before: Feb 26 14:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65b4de0403b74134c8b33174a5dc39d94a1d8c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:64:c3:c5:09:e4:c5:9d:da:fb:2e:68:b5:10:
                    0d:bb:d0:f4:93:e9:09:a7:59:50:08:b0:26:23:d1:
                    24:19:03:be:9d:34:8b:e8:dc:6e:2c:e9:51:e5:87:
                    91:40:a1:77:3a:58:a4:d5:04:36:91:8f:3e:66:ec:
                    bf:b0:1a:ae:35:d7:fb:f1:a2:11:64:c8:86:f1:f2:
                    de:b3:c3:c7:b0:1f:f6:f6:7f:cf:71:f7:29:7d:e4:
                    02:66:8e:a9:17:9e:2e:4b:64:d9:7f:7f:c9:86:9f:
                    30:2e:8a:5d:1c:70:b4:66:ae:a0:8b:7c:57:4c:99:
                    16:97:c8:99:33:b0:32:6d:d9:ae:a5:5f:71:f8:08:
                    7f:d8:43:b2:59:7b:ee:60:72:67:59:ee:03:7e:05:
                    01:a4:df:28:8d:ac:1d:82:9c:12:51:fc:33:07:53:
                    c1:fc:59:fc:b1:66:f5:1a:49:8e:68:23:7f:f7:d5:
                    d5:59:7e:7d:a3:fa:89:ec:75:46:09:d9:76:ba:62:
                    65:38:7f:91:21:a9:71:b4:e5:02:e3:57:50:48:e7:
                    60:6f:60:77:1c:3a:5c:12:b5:56:14:e4:38:be:8f:
                    ce:3d:2f:9b:d0:a6:4d:bc:a3:03:0d:63:12:dc:40:
                    00:3f:23:2c:98:82:b6:cb:57:e6:ef:4e:e5:c0:e7:
                    db:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B4:DE:04:03:B7:41:34:C8:B3:31:74:A5:DC:39:D9:4A:1D:8C:66
            X509v3 Authority Key Identifier:
                keyid:A0:C5:8C:D0:71:F7:80:B7:AC:34:0C:01:44:EB:04:FB:50:CC:BB:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oMWM0HH3gLesNAwBROsE-1DMu_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/ZbTeBAO3QTTIszF0pdw52UodjGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6c9722-2608-44af-8c79-66b2f99c0b45/1/oMWM0HH3gLesNAwBROsE-1DMu_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:f4:e1:a9:e4:fb:f9:0d:43:f6:4e:21:99:93:a6:65:02:d9:
         50:fc:a4:0b:42:fb:12:9a:7a:21:d3:de:5e:1b:9c:af:a3:a3:
         e4:71:0e:f8:26:4f:b0:3f:44:18:ca:df:34:04:4a:d3:a7:b7:
         5f:43:cc:53:be:dc:7e:2d:d3:3f:e8:b5:9c:4b:b2:14:2e:9f:
         67:be:8b:82:f4:1d:da:80:f2:79:5b:f5:8c:8e:34:41:d4:f7:
         e9:8e:50:45:c3:03:9c:93:d8:68:32:df:34:cb:9a:38:d1:20:
         1e:c0:3a:fb:6a:7e:49:45:08:91:93:06:70:33:c0:48:69:f0:
         81:b4:18:4b:af:89:c7:eb:16:32:75:ac:3e:88:f2:64:2f:6a:
         44:49:46:ed:d6:55:be:05:10:fd:d9:90:69:07:b9:e6:0d:5d:
         d5:8d:ac:72:bd:7b:76:13:55:95:ab:66:d7:ab:49:f0:af:8c:
         20:e0:de:49:86:2d:62:e6:42:da:46:f8:44:c9:41:b0:ed:6c:
         a0:47:02:4f:e8:69:21:e2:d5:cd:40:fe:45:5d:a5:31:f3:53:
         d2:c7:14:84:1e:e5:6c:04:73:98:97:7a:04:77:fd:2e:86:ce:
         43:07:44:8c:21:34:2f:45:48:68:25:14:e7:17:c9:43:25:56:
         94:a4:ee:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyaVyCbEbDUcnW+gkRwdKurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYzU4Y2QwNzFmNzgwYjdhYzM0MGMwMTQ0ZWIwNGZiNTBj
Y2JiZjEwHhcNMjYwMjI2MTQyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI0ZGUwNDAzYjc0MTM0YzhiMzMxNzRhNWRjMzlkOTRhMWQ4YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWTDxQnkxZ3a+y5otRANu9D0k+kJ
p1lQCLAmI9EkGQO+nTSL6NxuLOlR5YeRQKF3Olik1QQ2kY8+Zuy/sBquNdf78aIR
ZMiG8fLes8PHsB/29n/PcfcpfeQCZo6pF54uS2TZf3/Jhp8wLopdHHC0Zq6gi3xX
TJkWl8iZM7AybdmupV9x+Ah/2EOyWXvuYHJnWe4DfgUBpN8ojawdgpwSUfwzB1PB
/Fn8sWb1GkmOaCN/99XVWX59o/qJ7HVGCdl2umJlOH+RIalxtOUC41dQSOdgb2B3
HDpcErVWFOQ4vo/OPS+b0KZNvKMDDWMS3EAAPyMsmIK2y1fm707lwOfb+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGW03gQDt0E0yLMxdKXcOdlKHYxmMB8GA1UdIwQY
MBaAFKDFjNBx94C3rDQMAUTrBPtQzLvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb01XTTBISDNnTGVzTkF3QlJPc0UtMURNdV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82Yzk3MjItMjYwOC00NGFmLThjNzkt
NjZiMmY5OWMwYjQ1LzEvWmJUZUJBTzNRVFRJc3pGMHBkdzUyVW9kakdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82Yzk3MjItMjYwOC00NGFmLThjNzktNjZiMmY5OWMwYjQ1
LzEvb01XTTBISDNnTGVzTkF3QlJPc0UtMURNdV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8aDMA0G
CSqGSIb3DQEBCwUAA4IBAQAd9OGp5Pv5DUP2TiGZk6ZlAtlQ/KQLQvsSmnoh095e
G5yvo6PkcQ74Jk+wP0QYyt80BErTp7dfQ8xTvtx+LdM/6LWcS7IULp9nvouC9B3a
gPJ5W/WMjjRB1PfpjlBFwwOck9hoMt80y5o40SAewDr7an5JRQiRkwZwM8BIafCB
tBhLr4nH6xYydaw+iPJkL2pESUbt1lW+BRD92ZBpB7nmDV3VjaxyvXt2E1WVq2bX
q0nwr4wg4N5Jhi1i5kLaRvhEyUGw7WygRwJP6Gkh4tXNQP5FXaUx81PSxxSEHuVs
BHOYl3oEd/0uhs5DB0SMITQvRUhoJRTnF8lDJVaUpO4n
-----END CERTIFICATE-----