Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/ZdecR8hrX1YyqMPIY67JKVKzZYs.roa
File:                     ZdecR8hrX1YyqMPIY67JKVKzZYs.roa (raw, json)
Hash identifier:          XQ5g2MwADxNwGR3HYTHgJ2RXEI0r1OdjOA+p9hgVMZc=
Subject key identifier:   65:D7:9C:47:C8:6B:5F:56:32:A8:C3:C8:63:AE:C9:29:52:B3:65:8B
Certificate issuer:       /CN=2f5cafd5efd2df2c9b309bbd5eed47a6918984b0
Certificate serial:       019B7EA50FB6F5BAA5CEED8BDB7ECC1153C4
Authority key identifier: 2F:5C:AF:D5:EF:D2:DF:2C:9B:30:9B:BD:5E:ED:47:A6:91:89:84:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/ZdecR8hrX1YyqMPIY67JKVKzZYs.roa
Signing time:             Fri 02 Jan 2026 12:18:25 +0000
ROA not before:           Fri 02 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20700
IP address blocks:        194.11.204.0/24 maxlen: 24
                          194.11.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:0f:b6:f5:ba:a5:ce:ed:8b:db:7e:cc:11:53:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cafd5efd2df2c9b309bbd5eed47a6918984b0
        Validity
            Not Before: Jan  2 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65d79c47c86b5f5632a8c3c863aec92952b3658b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:a2:e8:ae:9f:d7:54:b7:15:56:f3:e3:4c:
                    4b:56:5a:55:81:5d:e9:34:b1:ba:ca:e4:86:85:72:
                    07:d6:90:d5:79:b4:5a:a5:5b:b9:c0:50:8f:35:48:
                    bd:1f:93:cd:76:b9:a5:0b:0e:ee:72:33:ad:38:86:
                    b3:4d:d0:29:d7:66:93:19:ab:86:de:67:fb:a6:0e:
                    67:54:51:b0:e0:41:96:78:ed:59:ed:67:51:04:21:
                    33:0b:c8:7f:84:51:a8:b0:87:b6:91:79:64:26:87:
                    02:0a:58:fa:b3:05:b3:07:09:5a:ec:c4:81:7d:ed:
                    9b:39:20:f4:27:ef:67:53:2e:55:07:03:5c:c5:e4:
                    21:0a:86:22:fe:ca:2c:86:03:26:6d:db:7c:cd:98:
                    a6:e9:e5:c2:b3:ff:72:06:1d:ed:e5:31:db:d7:13:
                    83:52:0f:b9:ef:4b:ae:e3:7f:ad:0a:d0:19:15:88:
                    41:03:81:8e:78:58:92:3c:7f:bc:71:22:6e:60:6e:
                    3b:72:64:46:3d:cf:1d:ab:c5:ed:54:19:da:ac:8f:
                    a8:c5:15:6e:30:e1:cd:a6:30:cb:80:77:42:f9:f0:
                    cd:1e:01:47:03:9f:29:c5:56:06:4c:07:ad:a6:7d:
                    64:ff:da:17:be:7c:1e:ec:13:55:c9:64:dd:e4:43:
                    10:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D7:9C:47:C8:6B:5F:56:32:A8:C3:C8:63:AE:C9:29:52:B3:65:8B
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AF:D5:EF:D2:DF:2C:9B:30:9B:BD:5E:ED:47:A6:91:89:84:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/ZdecR8hrX1YyqMPIY67JKVKzZYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:6a:1f:09:6f:da:36:65:66:55:3b:bf:65:89:0f:e5:39:e2:
         ea:c3:11:44:13:61:18:c1:75:a8:3c:e1:5e:75:25:30:4a:2b:
         7f:66:06:fa:d9:69:3e:7d:c9:5c:e7:3b:a6:fe:4b:eb:78:dd:
         e7:e4:11:05:23:05:3b:27:43:ee:05:8e:d0:55:3a:be:19:8b:
         38:6b:e4:6f:13:db:44:4e:b4:8c:37:05:25:67:99:3b:8e:85:
         c6:ed:75:f7:60:f1:49:bc:37:08:56:f8:6b:98:68:f6:28:98:
         7b:17:31:22:85:b9:2d:63:41:dc:c0:15:6f:db:dc:25:81:2b:
         9e:fe:eb:f2:c2:db:01:c3:47:85:20:46:24:05:f5:a2:e2:f4:
         68:f7:77:19:41:b6:81:93:ed:5c:77:b1:35:4b:1c:5e:56:50:
         10:8c:b2:03:b3:69:07:ed:b3:26:4c:9e:8c:d8:83:21:a5:1c:
         a1:18:1a:8f:c6:42:02:a7:6a:4d:ab:54:4c:0b:fc:a9:32:4b:
         fe:3d:8c:3c:23:0f:61:a8:96:4e:d2:65:a1:d9:4e:94:61:a9:
         1c:b3:35:70:fb:31:f0:9a:5d:72:85:cb:f6:94:36:c3:a4:34:
         17:f2:31:a0:84:34:8f:00:32:b4:51:f9:5d:8d:3f:7c:3c:bd:
         2a:ae:8d:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pQ+29bqlzu2L237MEVPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhZmQ1ZWZkMmRmMmM5YjMwOWJiZDVlZWQ0N2E2OTE4
OTg0YjAwHhcNMjYwMTAyMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQ3OWM0N2M4NmI1ZjU2MzJhOGMzYzg2M2FlYzkyOTUyYjM2NThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCmi6K6f11S3FVbz40xLVlpVgV3p
NLG6yuSGhXIH1pDVebRapVu5wFCPNUi9H5PNdrmlCw7ucjOtOIazTdAp12aTGauG
3mf7pg5nVFGw4EGWeO1Z7WdRBCEzC8h/hFGosIe2kXlkJocCClj6swWzBwla7MSB
fe2bOSD0J+9nUy5VBwNcxeQhCoYi/soshgMmbdt8zZim6eXCs/9yBh3t5THb1xOD
Ug+570uu43+tCtAZFYhBA4GOeFiSPH+8cSJuYG47cmRGPc8dq8XtVBnarI+oxRVu
MOHNpjDLgHdC+fDNHgFHA58pxVYGTAetpn1k/9oXvnwe7BNVyWTd5EMQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXXnEfIa19WMqjDyGOuySlSs2WLMB8GA1UdIwQY
MBaAFC9cr9Xv0t8smzCbvV7tR6aRiYSwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5djFlX1MzeXliTUp1OVh1MUhwcEdKaExBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8zYjBiYTYtZmMzMS00ZWM2LTgxNjEt
YWQ4MjdlM2VkZjZjLzEvWmRlY1I4aHJYMVl5cU1QSVk2N0pLVkt6WllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8zYjBiYTYtZmMzMS00ZWM2LTgxNjEtYWQ4MjdlM2VkZjZj
LzEvTDF5djFlX1MzeXliTUp1OVh1MUhwcEdKaExBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgvMMA0G
CSqGSIb3DQEBCwUAA4IBAQAuah8Jb9o2ZWZVO79liQ/lOeLqwxFEE2EYwXWoPOFe
dSUwSit/Zgb62Wk+fclc5zum/kvreN3n5BEFIwU7J0PuBY7QVTq+GYs4a+RvE9tE
TrSMNwUlZ5k7joXG7XX3YPFJvDcIVvhrmGj2KJh7FzEihbktY0HcwBVv29wlgSue
/uvywtsBw0eFIEYkBfWi4vRo93cZQbaBk+1cd7E1SxxeVlAQjLIDs2kH7bMmTJ6M
2IMhpRyhGBqPxkICp2pNq1RMC/ypMkv+PYw8Iw9hqJZO0mWh2U6UYakcszVw+zHw
ml1yhcv2lDbDpDQX8jGghDSPADK0UfldjT98PL0qro3W
-----END CERTIFICATE-----