Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/ZBdtDqtan4ryfsX_DPoSWN_nnIM.roa
File:                     ZBdtDqtan4ryfsX_DPoSWN_nnIM.roa (raw, json)
Hash identifier:          mMR9AMjlqz3mZdhz4HhiNub8llzDHhmNDp6KeOjkBNo=
Subject key identifier:   64:17:6D:0E:AB:5A:9F:8A:F2:7E:C5:FF:0C:FA:12:58:DF:E7:9C:83
Certificate issuer:       /CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Certificate serial:       019D861869FC37E97F5D39265487ACFBB463
Authority key identifier: 9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/ZBdtDqtan4ryfsX_DPoSWN_nnIM.roa
Signing time:             Mon 13 Apr 2026 09:07:20 +0000
ROA not before:           Mon 13 Apr 2026 09:07:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204287
IP address blocks:        172.216.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:18:69:fc:37:e9:7f:5d:39:26:54:87:ac:fb:b4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
        Validity
            Not Before: Apr 13 09:07:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64176d0eab5a9f8af27ec5ff0cfa1258dfe79c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:79:11:58:c2:2d:2f:d5:2f:25:d7:59:78:e9:
                    26:70:9d:79:e8:d5:cf:31:68:a7:57:21:0e:e7:33:
                    36:32:e3:c0:0f:26:7f:1f:3c:19:d6:75:ac:b0:8e:
                    e4:ee:8b:9a:44:f5:30:52:ff:25:12:11:ff:69:71:
                    e2:44:e1:4c:53:87:ca:4f:53:e3:53:2b:c4:ce:f1:
                    ba:78:4a:62:ea:41:9a:a8:53:53:fb:5a:a0:f6:cd:
                    a2:16:5c:68:ed:bd:5d:14:2f:3f:4e:ca:08:91:37:
                    05:3e:43:b2:1e:66:79:86:b5:19:4b:77:d1:71:8b:
                    c3:0a:13:0d:71:07:f4:b8:7f:e3:65:90:44:ec:93:
                    bb:31:bd:91:28:f0:39:6c:2a:16:2d:17:63:b2:ca:
                    68:4f:ca:27:f0:c0:2e:69:73:45:6d:3a:a8:e8:ac:
                    7a:71:74:c5:26:cd:7d:2c:7d:68:33:56:91:2d:68:
                    08:92:04:c0:9d:89:3a:54:aa:31:6a:24:c0:4e:81:
                    a6:71:01:83:a5:e5:0a:e5:6e:84:50:aa:69:17:59:
                    d1:8b:e0:2c:f1:8f:30:5b:98:e6:3b:b2:23:a2:62:
                    c2:b9:db:99:ac:7d:3e:fb:77:0c:f6:66:80:ce:fc:
                    d6:82:89:34:9d:13:e1:54:d7:f8:da:4d:5f:8a:af:
                    4c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:17:6D:0E:AB:5A:9F:8A:F2:7E:C5:FF:0C:FA:12:58:DF:E7:9C:83
            X509v3 Authority Key Identifier:
                keyid:9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/ZBdtDqtan4ryfsX_DPoSWN_nnIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.216.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:e2:ca:a5:dd:67:97:45:69:46:76:70:ea:ed:8f:0d:8b:69:
         30:de:27:42:52:a2:98:d2:a1:fa:f8:47:a1:3f:07:0a:e3:3e:
         96:79:2b:ec:fd:29:0a:b6:48:b7:55:7f:4e:e0:07:ff:b1:62:
         c1:5f:86:09:39:5b:0b:7f:1b:1a:ea:c1:05:94:2d:86:9b:ee:
         9d:8f:8e:40:62:70:8d:2e:9f:22:50:b6:99:8e:bc:a3:d2:6f:
         c8:9d:73:6d:40:fa:7e:2d:45:ea:11:f4:7f:e7:47:f8:0b:b9:
         2b:37:e5:37:53:0d:6d:36:60:ee:3e:0e:82:23:bb:ee:69:db:
         26:d6:23:d2:d0:16:21:53:5d:3a:59:c9:42:f6:7f:e4:45:3c:
         63:c8:39:5b:ba:ad:16:c9:81:90:9e:f9:35:6e:62:03:b7:c5:
         cb:48:d4:f1:d6:e3:9c:56:55:bb:9f:c3:8d:e2:4e:1b:47:55:
         bf:d5:20:86:fb:8b:d7:a0:74:ca:71:08:bc:95:77:1c:d2:55:
         32:11:f3:89:ec:13:b8:4b:b5:7c:79:a0:78:e1:2b:9b:98:f1:
         25:0a:7b:7a:31:81:ba:cb:c0:58:4f:0c:36:93:c2:4e:ce:65:
         f7:05:ac:96:43:fa:a3:40:da:d3:4c:56:b5:cd:97:d9:24:73:
         ea:6f:59:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GGGn8N+l/XTkmVIes+7RjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjRiMjdkOWYzZGY2ZTE0ZWJjNzllMTQ2ZThiZTMyNzU0
YmY4MDAwHhcNMjYwNDEzMDkwNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDE3NmQwZWFiNWE5ZjhhZjI3ZWM1ZmYwY2ZhMTI1OGRmZTc5YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3kRWMItL9UvJddZeOkmcJ156NXP
MWinVyEO5zM2MuPADyZ/HzwZ1nWssI7k7ouaRPUwUv8lEhH/aXHiROFMU4fKT1Pj
UyvEzvG6eEpi6kGaqFNT+1qg9s2iFlxo7b1dFC8/TsoIkTcFPkOyHmZ5hrUZS3fR
cYvDChMNcQf0uH/jZZBE7JO7Mb2RKPA5bCoWLRdjsspoT8on8MAuaXNFbTqo6Kx6
cXTFJs19LH1oM1aRLWgIkgTAnYk6VKoxaiTAToGmcQGDpeUK5W6EUKppF1nRi+As
8Y8wW5jmO7IjomLCuduZrH0++3cM9maAzvzWgok0nRPhVNf42k1fiq9MYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQXbQ6rWp+K8n7F/wz6Eljf55yDMB8GA1UdIwQY
MBaAFJoksn2fPfbhTrx54UbovjJ1S/gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgt
NDhkNWZmNGJhMjU1LzEvWkJkdERxdGFuNHJ5ZnNYX0RQb1NXTl9ubklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgtNDhkNWZmNGJhMjU1
LzEvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQArNj6MA0G
CSqGSIb3DQEBCwUAA4IBAQAv4sql3WeXRWlGdnDq7Y8Ni2kw3idCUqKY0qH6+Eeh
PwcK4z6WeSvs/SkKtki3VX9O4Af/sWLBX4YJOVsLfxsa6sEFlC2Gm+6dj45AYnCN
Lp8iULaZjryj0m/InXNtQPp+LUXqEfR/50f4C7krN+U3Uw1tNmDuPg6CI7vuadsm
1iPS0BYhU106WclC9n/kRTxjyDlbuq0WyYGQnvk1bmIDt8XLSNTx1uOcVlW7n8ON
4k4bR1W/1SCG+4vXoHTKcQi8lXcc0lUyEfOJ7BO4S7V8eaB44SubmPElCnt6MYG6
y8BYTww2k8JOzmX3BayWQ/qjQNrTTFa1zZfZJHPqb1kG
-----END CERTIFICATE-----