Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/ZRs42qGd3cKFMrGetaE_cEFCL58.roa
File:                     ZRs42qGd3cKFMrGetaE_cEFCL58.roa (raw, json)
Hash identifier:          QY1vvv3yXpUMazK4C60xrRvy7PbaO26yt177jKe+yzU=
Subject key identifier:   65:1B:38:DA:A1:9D:DD:C2:85:32:B1:9E:B5:A1:3F:70:41:42:2F:9F
Certificate issuer:       /CN=8cc44984c686f2018c48102a284ab5a80f52a646
Certificate serial:       019D76CF7282B6CC1CF107DBF196A9222A92
Authority key identifier: 8C:C4:49:84:C6:86:F2:01:8C:48:10:2A:28:4A:B5:A8:0F:52:A6:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jMRJhMaG8gGMSBAqKEq1qA9SpkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/ZRs42qGd3cKFMrGetaE_cEFCL58.roa
Signing time:             Fri 10 Apr 2026 09:53:19 +0000
ROA not before:           Fri 10 Apr 2026 09:53:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57066
IP address blocks:        91.229.137.0/24 maxlen: 24
                          91.229.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/jMRJhMaG8gGMSBAqKEq1qA9SpkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/jMRJhMaG8gGMSBAqKEq1qA9SpkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jMRJhMaG8gGMSBAqKEq1qA9SpkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:cf:72:82:b6:cc:1c:f1:07:db:f1:96:a9:22:2a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cc44984c686f2018c48102a284ab5a80f52a646
        Validity
            Not Before: Apr 10 09:53:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=651b38daa19dddc28532b19eb5a13f7041422f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fe:3d:70:0d:dc:02:94:30:48:1c:3c:be:2d:
                    df:03:f1:40:74:0c:bc:c1:a4:e8:55:fa:b8:8b:27:
                    24:56:8c:db:9b:16:dd:c3:8b:44:be:77:c1:5b:d1:
                    e7:8b:2d:3f:00:eb:ab:25:f7:97:ae:75:15:24:b5:
                    87:39:ea:01:ba:ce:f9:f1:03:c4:4e:2f:1a:b9:76:
                    fd:ba:65:42:e7:ff:84:a5:8c:c3:68:45:75:07:6e:
                    6b:af:5a:e7:63:15:ff:da:1b:92:06:95:8a:da:fc:
                    d7:ff:cf:d2:88:07:b5:ca:a7:77:4a:ee:72:2c:5f:
                    a6:f8:72:62:e5:81:b4:57:4e:36:e0:5f:2e:18:8c:
                    5a:68:ca:69:aa:83:69:06:5f:02:20:76:69:15:cc:
                    3b:72:3e:96:e5:fa:a9:1a:ad:43:89:0b:e0:9a:87:
                    36:d5:41:b5:b2:66:17:c1:dd:42:8c:7a:53:ba:bc:
                    05:d3:f8:e9:9f:13:4b:df:b8:e2:7c:c5:cb:e9:8d:
                    55:b5:ed:e4:df:87:b9:81:af:5b:7d:f5:c2:56:16:
                    61:07:14:7f:a1:e7:5f:03:ac:c2:75:34:0c:73:2b:
                    45:9b:fb:85:48:11:70:e2:a1:e3:99:be:01:8a:51:
                    f3:1b:40:34:ed:dd:bf:e4:21:9a:26:37:77:6d:0e:
                    97:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1B:38:DA:A1:9D:DD:C2:85:32:B1:9E:B5:A1:3F:70:41:42:2F:9F
            X509v3 Authority Key Identifier:
                keyid:8C:C4:49:84:C6:86:F2:01:8C:48:10:2A:28:4A:B5:A8:0F:52:A6:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jMRJhMaG8gGMSBAqKEq1qA9SpkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/ZRs42qGd3cKFMrGetaE_cEFCL58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/5ba85e-3937-4b0c-87d9-c2f84747d75f/1/jMRJhMaG8gGMSBAqKEq1qA9SpkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.137.0-91.229.139.255

    Signature Algorithm: sha256WithRSAEncryption
         77:03:79:2d:c7:43:46:e2:24:6e:0c:3b:0c:de:32:ba:05:94:
         ca:e3:1e:c4:fe:af:b8:2d:d7:fe:f3:97:60:b8:24:46:05:21:
         88:a8:f5:0b:67:ce:71:4e:52:c4:2e:09:4e:36:32:70:0f:84:
         67:12:a3:ca:3a:86:c2:1b:2b:15:7a:3d:ca:d2:ef:bd:54:de:
         86:b4:35:03:ae:f0:c3:3f:f6:bd:8f:46:17:2a:90:a3:2b:ba:
         14:06:f7:e6:13:fc:15:61:f9:78:4a:29:ce:37:a0:95:c7:77:
         c3:60:b4:3a:56:af:27:4b:4b:34:b7:72:a0:9a:f2:d5:7c:52:
         25:7c:04:1c:78:c0:bf:fe:49:c6:7f:61:2b:13:b2:eb:76:4f:
         bb:e3:82:52:99:b5:c7:28:cd:77:5d:d8:99:d1:5d:a3:f9:f2:
         f6:82:d7:6f:0b:77:46:18:5c:49:fc:44:48:57:8e:16:12:59:
         77:a5:b1:f3:a2:45:c4:00:13:f0:82:30:ce:35:3d:66:b5:38:
         75:1e:aa:0d:df:f0:1f:60:33:43:e2:50:54:cb:f1:7f:66:7a:
         60:f7:fd:85:fb:ed:0d:8f:73:ea:84:99:58:7b:7d:98:60:37:
         e8:aa:b6:58:eb:44:af:2f:6f:c8:08:bd:30:a2:15:05:88:ed:
         a5:6b:ef:e3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ12z3KCtswc8Qfb8ZapIiqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjYzQ0OTg0YzY4NmYyMDE4YzQ4MTAyYTI4NGFiNWE4MGY1
MmE2NDYwHhcNMjYwNDEwMDk1MzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFiMzhkYWExOWRkZGMyODUzMmIxOWViNWExM2Y3MDQxNDIyZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP49cA3cApQwSBw8vi3fA/FAdAy8
waToVfq4iyckVozbmxbdw4tEvnfBW9Hniy0/AOurJfeXrnUVJLWHOeoBus758QPE
Ti8auXb9umVC5/+EpYzDaEV1B25rr1rnYxX/2huSBpWK2vzX/8/SiAe1yqd3Su5y
LF+m+HJi5YG0V0424F8uGIxaaMppqoNpBl8CIHZpFcw7cj6W5fqpGq1DiQvgmoc2
1UG1smYXwd1CjHpTurwF0/jpnxNL37jifMXL6Y1Vte3k34e5ga9bffXCVhZhBxR/
oedfA6zCdTQMcytFm/uFSBFw4qHjmb4BilHzG0A07d2/5CGaJjd3bQ6XrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGUbONqhnd3ChTKxnrWhP3BBQi+fMB8GA1UdIwQY
MBaAFIzESYTGhvIBjEgQKihKtagPUqZGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak1SSmhNYUc4Z0dNU0JBcUtFcTFxQTlTcGtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC81YmE4NWUtMzkzNy00YjBjLTg3ZDkt
YzJmODQ3NDdkNzVmLzEvWlJzNDJxR2QzY0tGTXJHZXRhRV9jRUZDTDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC81YmE4NWUtMzkzNy00YjBjLTg3ZDktYzJmODQ3NDdkNzVm
LzEvak1SSmhNYUc4Z0dNU0JBcUtFcTFxQTlTcGtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABb5YkD
BAJb5YgwDQYJKoZIhvcNAQELBQADggEBAHcDeS3HQ0biJG4MOwzeMroFlMrjHsT+
r7gt1/7zl2C4JEYFIYio9QtnznFOUsQuCU42MnAPhGcSo8o6hsIbKxV6PcrS771U
3oa0NQOu8MM/9r2PRhcqkKMruhQG9+YT/BVh+XhKKc43oJXHd8NgtDpWrydLSzS3
cqCa8tV8UiV8BBx4wL/+ScZ/YSsTsut2T7vjglKZtccozXdd2JnRXaP58vaC128L
d0YYXEn8REhXjhYSWXelsfOiRcQAE/CCMM41PWa1OHUeqg3f8B9gM0PiUFTL8X9m
emD3/YX77Q2Pc+qEmVh7fZhgN+iqtljrRK8vb8gIvTCiFQWI7aVr7+M=
-----END CERTIFICATE-----