Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/z7PU2MzlVVAvlrQw6iVcszWYAXo.roa
File:                     z7PU2MzlVVAvlrQw6iVcszWYAXo.roa (raw, json)
Hash identifier:          9X6Zea/pUy8vlr4IvEYXZRJ/+mqoqTxPdepT8vjAq6c=
Subject key identifier:   CF:B3:D4:D8:CC:E5:55:50:2F:96:B4:30:EA:25:5C:B3:35:98:01:7A
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019EA9157AA412649E006B79C19770884791
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/z7PU2MzlVVAvlrQw6iVcszWYAXo.roa
Signing time:             Mon 08 Jun 2026 21:13:37 +0000
ROA not before:           Mon 08 Jun 2026 21:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        5.102.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:15:7a:a4:12:64:9e:00:6b:79:c1:97:70:88:47:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jun  8 21:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfb3d4d8cce555502f96b430ea255cb33598017a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:ed:2c:6f:81:b0:86:51:88:81:05:f0:20:eb:
                    18:ba:d6:2e:ec:13:89:40:4c:c7:88:99:c6:5b:c1:
                    c6:a9:00:55:5c:34:46:50:3b:3c:57:d3:28:25:e4:
                    c0:25:e3:80:60:35:9a:5e:bc:43:72:39:a2:58:52:
                    ee:41:b8:5b:75:1d:66:c4:75:2c:4e:a6:76:e0:ac:
                    3d:d3:7e:0e:05:db:da:29:79:28:f4:31:95:b8:fc:
                    29:12:33:cb:58:d1:18:12:ef:10:08:59:5a:63:17:
                    07:e3:00:ec:5b:42:22:bb:ba:00:4a:4a:3c:f7:ee:
                    bc:6b:2d:17:53:df:b2:a2:0c:f9:f1:8a:88:3c:f8:
                    5c:5e:e4:8c:c9:08:11:ee:fc:10:51:77:83:3a:70:
                    70:b5:69:56:34:8d:8f:9a:eb:ad:45:23:be:20:65:
                    04:d0:9a:2f:2f:ae:70:97:b1:ee:8b:8a:38:0d:c9:
                    2b:e3:a8:2b:c4:0c:ec:73:24:ab:46:35:b8:77:b5:
                    e3:de:13:ba:83:be:18:df:47:1f:92:f9:d4:d0:3e:
                    66:90:b3:1a:0b:b4:23:44:06:dc:bd:67:91:50:df:
                    b0:e2:14:d3:84:86:8f:86:14:e2:a5:f6:9d:75:56:
                    68:a0:55:9f:e4:af:7e:66:70:78:dd:a6:64:f7:8b:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B3:D4:D8:CC:E5:55:50:2F:96:B4:30:EA:25:5C:B3:35:98:01:7A
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/z7PU2MzlVVAvlrQw6iVcszWYAXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0e:99:77:d6:ae:7c:37:10:b3:92:50:5a:db:50:14:d5:12:
         45:de:39:a7:63:88:9d:d4:f5:60:ee:75:f2:3d:5f:18:64:5d:
         1d:e2:44:cb:a5:2a:73:d2:eb:8e:81:93:33:01:60:4b:d6:de:
         16:5b:9d:b9:11:a4:d3:c2:9a:d9:54:2e:ab:09:c4:2c:ee:e0:
         62:0f:e7:90:3a:02:0c:34:5a:8f:f7:6c:cc:86:5e:46:38:33:
         3d:7a:9f:b3:10:02:46:ca:ac:c4:43:4c:24:c8:14:c2:5c:67:
         45:10:96:64:fa:7a:10:37:57:b5:bf:3a:e8:90:86:d0:4d:e4:
         8b:26:ec:16:ce:e5:09:68:bd:ca:58:6a:97:e7:ba:5e:28:e6:
         7b:05:1b:89:b5:16:56:86:3c:dc:2c:16:9b:4c:22:df:ab:95:
         6d:ec:80:2e:5f:56:bd:d8:db:9f:49:26:95:44:5c:d3:69:b7:
         86:7d:a6:6a:cd:ea:1a:bb:67:12:69:8b:50:69:41:0f:a2:a3:
         b9:05:0c:56:d6:40:15:8d:95:3b:3a:46:af:ba:ff:90:58:a1:
         7b:29:9a:72:a7:b0:a0:a5:38:27:b3:56:6f:1f:bc:f2:15:29:
         46:3e:0b:aa:30:d4:09:54:7d:64:e6:1a:93:37:c6:d6:eb:b1:
         28:60:ba:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6pFXqkEmSeAGt5wZdwiEeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwNjA4MjExMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmIzZDRkOGNjZTU1NTUwMmY5NmI0MzBlYTI1NWNiMzM1OTgwMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9+0sb4GwhlGIgQXwIOsYutYu7BOJ
QEzHiJnGW8HGqQBVXDRGUDs8V9MoJeTAJeOAYDWaXrxDcjmiWFLuQbhbdR1mxHUs
TqZ24Kw9034OBdvaKXko9DGVuPwpEjPLWNEYEu8QCFlaYxcH4wDsW0Iiu7oASko8
9+68ay0XU9+yogz58YqIPPhcXuSMyQgR7vwQUXeDOnBwtWlWNI2PmuutRSO+IGUE
0JovL65wl7Hui4o4Dckr46grxAzscySrRjW4d7Xj3hO6g74Y30cfkvnU0D5mkLMa
C7QjRAbcvWeRUN+w4hTThIaPhhTipfaddVZooFWf5K9+ZnB43aZk94uFkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+z1NjM5VVQL5a0MOolXLM1mAF6MB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvejdQVTJNemxWVkF2bHJRdzZpVmNzeldZQVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYlMA0G
CSqGSIb3DQEBCwUAA4IBAQAQDpl31q58NxCzklBa21AU1RJF3jmnY4id1PVg7nXy
PV8YZF0d4kTLpSpz0uuOgZMzAWBL1t4WW525EaTTwprZVC6rCcQs7uBiD+eQOgIM
NFqP92zMhl5GODM9ep+zEAJGyqzEQ0wkyBTCXGdFEJZk+noQN1e1vzrokIbQTeSL
JuwWzuUJaL3KWGqX57peKOZ7BRuJtRZWhjzcLBabTCLfq5Vt7IAuX1a92NufSSaV
RFzTabeGfaZqzeoau2cSaYtQaUEPoqO5BQxW1kAVjZU7Okavuv+QWKF7KZpyp7Cg
pTgns1ZvH7zyFSlGPguqMNQJVH1k5hqTN8bW67EoYLpu
-----END CERTIFICATE-----