Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/ZvpkHDHin9hopFucWLYTL8yzbzs.roa
File:                     ZvpkHDHin9hopFucWLYTL8yzbzs.roa (raw, json)
Hash identifier:          kDSqC5wVuK3UIDaQObaNelkz/juujqc2r2FmfE7Rrx0=
Subject key identifier:   66:FA:64:1C:31:E2:9F:D8:68:A4:5B:9C:58:B6:13:2F:CC:B3:6F:3B
Certificate issuer:       /CN=1e93d7e28ab0b9e794487946a0fae8cd6ed54071
Certificate serial:       019D77FF674E5CBC1A3E6EB60469003F6761
Authority key identifier: 1E:93:D7:E2:8A:B0:B9:E7:94:48:79:46:A0:FA:E8:CD:6E:D5:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpPX4oqwueeUSHlGoProzW7VQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/ZvpkHDHin9hopFucWLYTL8yzbzs.roa
Signing time:             Fri 10 Apr 2026 15:25:19 +0000
ROA not before:           Fri 10 Apr 2026 15:25:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216398
IP address blocks:        193.25.173.0/24 maxlen: 24
                          2a0a:e40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/HpPX4oqwueeUSHlGoProzW7VQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/HpPX4oqwueeUSHlGoProzW7VQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpPX4oqwueeUSHlGoProzW7VQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:ff:67:4e:5c:bc:1a:3e:6e:b6:04:69:00:3f:67:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e93d7e28ab0b9e794487946a0fae8cd6ed54071
        Validity
            Not Before: Apr 10 15:25:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66fa641c31e29fd868a45b9c58b6132fccb36f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7a:84:d3:cd:0e:7c:01:d6:24:62:e4:b7:18:
                    c2:17:e2:b0:02:c7:a5:e2:b5:eb:73:6c:06:d3:dc:
                    17:36:46:32:98:7d:6c:ce:c5:f9:39:23:83:7a:c5:
                    ea:18:e9:96:ee:af:7e:05:5b:b3:c5:05:d1:22:7d:
                    38:e3:14:3a:56:4a:37:04:3f:b2:a1:3f:42:98:9e:
                    57:81:9a:00:22:9b:b5:5e:d9:05:3d:7c:8e:aa:e8:
                    1f:12:3b:57:57:95:5e:54:36:5e:94:7c:9a:11:92:
                    29:2e:e4:80:11:5b:95:6d:c5:ee:2b:15:d5:9e:6a:
                    10:52:48:94:25:8d:3a:5b:e6:87:bc:04:3d:a8:ef:
                    0e:ba:41:29:75:6a:1d:22:96:d3:90:0c:67:e4:d6:
                    9b:2a:88:1d:13:fa:e4:af:d0:a2:30:01:61:25:14:
                    f4:86:2f:1f:0e:17:73:42:32:83:f2:0e:b6:0e:da:
                    f1:b3:d8:94:f9:d8:67:84:c6:b5:c8:da:e2:6f:ce:
                    02:55:db:93:cb:01:b5:5d:6a:09:8a:ad:e8:bd:0e:
                    8d:a2:02:6c:d9:f6:9f:e2:ff:9b:08:b9:ef:6d:ce:
                    10:c1:cc:5d:87:4c:04:f9:80:ee:07:86:93:fc:ef:
                    d7:b4:c5:56:f9:27:85:2d:f2:3d:61:00:10:e4:d0:
                    23:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FA:64:1C:31:E2:9F:D8:68:A4:5B:9C:58:B6:13:2F:CC:B3:6F:3B
            X509v3 Authority Key Identifier:
                keyid:1E:93:D7:E2:8A:B0:B9:E7:94:48:79:46:A0:FA:E8:CD:6E:D5:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpPX4oqwueeUSHlGoProzW7VQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/ZvpkHDHin9hopFucWLYTL8yzbzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87b214-ba8d-4df9-9ec9-1a16ef492034/1/HpPX4oqwueeUSHlGoProzW7VQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.173.0/24
                IPv6:
                  2a0a:e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:d9:2f:ca:fa:9f:df:13:68:a4:89:f5:8a:b2:a4:cd:06:3e:
         e1:5f:00:fc:42:07:b3:95:c7:ab:b8:a3:09:1b:ca:da:8f:47:
         e1:ea:9e:82:35:f2:c1:2e:ae:b5:d4:ad:92:f1:84:5e:41:b6:
         18:78:7f:0f:b2:c5:ce:bc:68:eb:35:20:74:93:60:4b:cd:60:
         c2:0c:20:f1:7e:fa:f7:ce:42:50:d6:14:e7:05:4d:f4:00:f6:
         61:6c:60:69:5d:c0:0f:bd:64:a0:c5:8a:fe:58:81:99:db:d1:
         43:2a:4a:36:61:c0:1c:36:be:90:f0:87:7e:00:0b:93:bf:c3:
         90:cd:69:2a:dd:e6:07:ac:13:d5:b5:fc:3c:5a:35:37:2f:0d:
         b8:09:02:b8:c1:fe:c5:04:2b:90:52:02:67:12:9e:5d:a7:31:
         99:9f:1d:b6:3c:3a:eb:a4:d5:8f:f2:fd:62:e7:b6:14:6d:a5:
         94:4e:18:ab:35:2f:c8:29:d5:d5:6e:d9:93:56:94:c3:3b:22:
         02:e1:85:79:77:07:d8:dd:75:8f:dc:d7:c3:27:90:4b:0a:b3:
         0e:de:66:79:82:7d:8c:3c:b1:0d:9c:7c:7a:6c:e9:5f:2a:36:
         f9:c5:cf:c0:67:92:9e:41:6c:21:9c:a0:6f:95:cc:38:66:02:
         d1:36:b5:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ13/2dOXLwaPm62BGkAP2dhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTNkN2UyOGFiMGI5ZTc5NDQ4Nzk0NmEwZmFlOGNkNmVk
NTQwNzEwHhcNMjYwNDEwMTUyNTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZhNjQxYzMxZTI5ZmQ4NjhhNDViOWM1OGI2MTMyZmNjYjM2ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXqE080OfAHWJGLktxjCF+KwAsel
4rXrc2wG09wXNkYymH1szsX5OSODesXqGOmW7q9+BVuzxQXRIn044xQ6Vko3BD+y
oT9CmJ5XgZoAIpu1XtkFPXyOqugfEjtXV5VeVDZelHyaEZIpLuSAEVuVbcXuKxXV
nmoQUkiUJY06W+aHvAQ9qO8OukEpdWodIpbTkAxn5NabKogdE/rkr9CiMAFhJRT0
hi8fDhdzQjKD8g62Dtrxs9iU+dhnhMa1yNrib84CVduTywG1XWoJiq3ovQ6NogJs
2faf4v+bCLnvbc4Qwcxdh0wE+YDuB4aT/O/XtMVW+SeFLfI9YQAQ5NAjgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGb6ZBwx4p/YaKRbnFi2Ey/Ms287MB8GA1UdIwQY
MBaAFB6T1+KKsLnnlEh5RqD66M1u1UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBQWDRvcXd1ZWVVU0hsR29Qcm96VzdWUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84N2IyMTQtYmE4ZC00ZGY5LTllYzkt
MWExNmVmNDkyMDM0LzEvWnZwa0hESGluOWhvcEZ1Y1dMWVRMOHl6YnpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84N2IyMTQtYmE4ZC00ZGY5LTllYzktMWExNmVmNDkyMDM0
LzEvSHBQWDRvcXd1ZWVVU0hsR29Qcm96VzdWUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRmtMA0E
AgACMAcDBQMqCg5AMA0GCSqGSIb3DQEBCwUAA4IBAQAl2S/K+p/fE2ikifWKsqTN
Bj7hXwD8QgezlceruKMJG8raj0fh6p6CNfLBLq611K2S8YReQbYYeH8PssXOvGjr
NSB0k2BLzWDCDCDxfvr3zkJQ1hTnBU30APZhbGBpXcAPvWSgxYr+WIGZ29FDKko2
YcAcNr6Q8Id+AAuTv8OQzWkq3eYHrBPVtfw8WjU3Lw24CQK4wf7FBCuQUgJnEp5d
pzGZnx22PDrrpNWP8v1i57YUbaWUThirNS/IKdXVbtmTVpTDOyIC4YV5dwfY3XWP
3NfDJ5BLCrMO3mZ5gn2MPLENnHx6bOlfKjb5xc/AZ5KeQWwhnKBvlcw4ZgLRNrVx
-----END CERTIFICATE-----