Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/LZoD34sDnrN3y_73QTX2kyN9b6k.roa
File:                     LZoD34sDnrN3y_73QTX2kyN9b6k.roa (raw, json)
Hash identifier:          IoZnnALkgT6FHthQCMqgOrKOzFNDYA7UUiSgGhGeNdE=
Subject key identifier:   2D:9A:03:DF:8B:03:9E:B3:77:CB:FE:F7:41:35:F6:93:23:7D:6F:A9
Certificate issuer:       /CN=b498c97b14c374a52833db6a4007b54b4662c5a9
Certificate serial:       019E56D9D4979D368F79FE7B0BCB9BDE58BA
Authority key identifier: B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/LZoD34sDnrN3y_73QTX2kyN9b6k.roa
Signing time:             Sat 23 May 2026 21:59:36 +0000
ROA not before:           Sat 23 May 2026 21:59:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        91.196.161.0/24 maxlen: 24
                          91.196.162.0/24 maxlen: 24
                          91.196.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:56:d9:d4:97:9d:36:8f:79:fe:7b:0b:cb:9b:de:58:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b498c97b14c374a52833db6a4007b54b4662c5a9
        Validity
            Not Before: May 23 21:59:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d9a03df8b039eb377cbfef74135f693237d6fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b0:1b:df:25:51:31:9e:27:e1:57:1e:9c:35:
                    32:25:92:47:b1:45:fc:5d:34:d1:6a:fb:68:2c:11:
                    2b:cf:18:b1:e9:68:02:36:25:1a:f0:ed:4f:a6:e2:
                    c1:89:f0:bb:5c:63:58:f9:a1:07:76:a9:14:9e:bd:
                    d6:3a:67:51:36:d3:12:1d:fd:b3:20:26:19:7b:1a:
                    64:4c:25:9c:13:f9:99:cb:01:68:ef:a7:c1:8a:03:
                    a4:70:2e:d8:64:c8:ea:2a:73:9a:16:60:52:e3:91:
                    45:f1:01:d5:2e:06:8d:95:b9:2e:f9:33:57:c3:44:
                    42:63:97:16:34:ac:ee:62:f2:6f:bb:a4:e3:3d:93:
                    47:a6:fc:ff:df:10:24:af:f7:f4:5e:b4:75:8e:ba:
                    3f:9f:8e:28:23:b4:0d:7f:c2:a8:60:c4:b7:38:76:
                    15:82:2a:5d:00:87:b8:da:dd:e0:22:59:6e:11:7b:
                    0b:9b:e3:97:65:20:a6:3e:4b:66:65:fe:43:f8:17:
                    72:9e:d5:7c:98:c0:0d:f3:bf:c7:11:eb:f1:7a:28:
                    5b:11:a8:aa:43:fd:4b:d6:7b:68:ea:73:8e:5e:9d:
                    7c:16:4e:5b:14:eb:bf:f3:8b:e5:2e:d0:4c:81:55:
                    ee:b3:c4:24:e1:90:af:82:d0:b7:07:f8:26:fb:97:
                    ed:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9A:03:DF:8B:03:9E:B3:77:CB:FE:F7:41:35:F6:93:23:7D:6F:A9
            X509v3 Authority Key Identifier:
                keyid:B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/LZoD34sDnrN3y_73QTX2kyN9b6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.161.0-91.196.163.255

    Signature Algorithm: sha256WithRSAEncryption
         c6:5e:df:e0:73:34:3d:63:ee:09:88:fe:a7:6b:d0:b6:fb:f2:
         6e:29:27:4b:25:ae:d3:55:29:14:1b:a4:ea:f0:3d:b6:e8:8f:
         80:f2:35:9f:7f:b0:76:00:26:25:d2:b7:6b:69:d3:10:5a:5e:
         1f:ad:3b:e8:46:d6:f5:9d:f5:05:c0:05:65:d4:4c:75:93:ab:
         37:52:90:01:77:72:88:1b:75:59:e7:6e:e1:4a:3b:e2:d7:e6:
         62:bd:1a:bc:66:e4:da:c8:ff:ca:67:a7:1b:07:e6:1d:8f:11:
         4c:c9:49:da:95:79:44:64:55:6c:85:4c:58:12:92:fb:49:fe:
         95:66:31:aa:bf:68:7c:a5:fd:78:f0:bb:86:23:0f:68:2b:40:
         39:09:08:1d:52:32:16:91:4c:4b:e3:f7:87:19:ec:e5:d4:00:
         39:6b:4d:b6:56:4c:25:39:b2:48:2d:69:8d:01:38:77:38:ae:
         51:78:2a:b5:26:60:f2:58:99:1f:93:7e:54:a8:29:c9:ea:83:
         97:46:72:78:2f:fa:54:f6:83:5b:0e:9f:df:81:54:80:7d:d9:
         08:de:88:35:db:40:9c:1b:bd:51:50:23:8b:58:9d:05:e4:af:
         f4:34:60:ca:80:07:38:e3:5c:f0:70:7e:10:a8:fd:54:5e:21:
         d8:e3:c1:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5W2dSXnTaPef57C8ub3li6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OThjOTdiMTRjMzc0YTUyODMzZGI2YTQwMDdiNTRiNDY2
MmM1YTkwHhcNMjYwNTIzMjE1OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlhMDNkZjhiMDM5ZWIzNzdjYmZlZjc0MTM1ZjY5MzIzN2Q2ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LAb3yVRMZ4n4VcenDUyJZJHsUX8
XTTRavtoLBErzxix6WgCNiUa8O1PpuLBifC7XGNY+aEHdqkUnr3WOmdRNtMSHf2z
ICYZexpkTCWcE/mZywFo76fBigOkcC7YZMjqKnOaFmBS45FF8QHVLgaNlbku+TNX
w0RCY5cWNKzuYvJvu6TjPZNHpvz/3xAkr/f0XrR1jro/n44oI7QNf8KoYMS3OHYV
gipdAIe42t3gIlluEXsLm+OXZSCmPktmZf5D+BdyntV8mMAN87/HEevxeihbEaiq
Q/1L1nto6nOOXp18Fk5bFOu/84vlLtBMgVXus8Qk4ZCvgtC3B/gm+5ft5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC2aA9+LA56zd8v+90E19pMjfW+pMB8GA1UdIwQY
MBaAFLSYyXsUw3SlKDPbakAHtUtGYsWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzct
ODY1NDI2NjQ1N2M2LzEvTFpvRDM0c0Ruck4zeV83M1FUWDJreU45YjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzctODY1NDI2NjQ1N2M2
LzEvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbxKED
BAJbxKAwDQYJKoZIhvcNAQELBQADggEBAMZe3+BzND1j7gmI/qdr0Lb78m4pJ0sl
rtNVKRQbpOrwPbboj4DyNZ9/sHYAJiXSt2tp0xBaXh+tO+hG1vWd9QXABWXUTHWT
qzdSkAF3cogbdVnnbuFKO+LX5mK9Grxm5NrI/8pnpxsH5h2PEUzJSdqVeURkVWyF
TFgSkvtJ/pVmMaq/aHyl/Xjwu4YjD2grQDkJCB1SMhaRTEvj94cZ7OXUADlrTbZW
TCU5skgtaY0BOHc4rlF4KrUmYPJYmR+TflSoKcnqg5dGcngv+lT2g1sOn9+BVIB9
2QjeiDXbQJwbvVFQI4tYnQXkr/Q0YMqABzjjXPBwfhCo/VReIdjjwcI=
-----END CERTIFICATE-----