Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/zt6aVptNzEemFtVcszL1t-xA0vs.roa
File:                     zt6aVptNzEemFtVcszL1t-xA0vs.roa (raw, json)
Hash identifier:          pSOP40u7PQPwSGBic+DInKoefhITjHCDk1ttR6rrtpE=
Subject key identifier:   CE:DE:9A:56:9B:4D:CC:47:A6:16:D5:5C:B3:32:F5:B7:EC:40:D2:FB
Certificate issuer:       /CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Certificate serial:       019D8614911FCFFE4393654E47E4AE68D3AF
Authority key identifier: 9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/zt6aVptNzEemFtVcszL1t-xA0vs.roa
Signing time:             Mon 13 Apr 2026 09:03:07 +0000
ROA not before:           Mon 13 Apr 2026 09:03:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147049
IP address blocks:        172.216.248.0/24 maxlen: 24
                          172.216.251.0/24 maxlen: 24
                          172.216.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:14:91:1f:cf:fe:43:93:65:4e:47:e4:ae:68:d3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
        Validity
            Not Before: Apr 13 09:03:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cede9a569b4dcc47a616d55cb332f5b7ec40d2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e9:95:2f:c6:dd:e9:1d:fa:83:a9:64:8b:9f:
                    41:85:c9:3a:2c:77:c2:02:35:41:3b:0c:14:84:5c:
                    4a:87:96:f0:b5:3a:95:6d:9e:13:b5:25:6f:8c:56:
                    0b:57:f1:fc:92:6c:38:f1:30:19:65:2e:68:15:30:
                    85:d1:43:4b:28:7b:05:79:89:54:5c:7d:c7:1b:ff:
                    65:95:0a:cb:a4:2e:2d:1f:eb:c0:b0:16:83:e1:dd:
                    6e:2d:26:5e:8a:33:bc:39:d7:87:aa:4c:cb:cc:35:
                    f9:07:06:63:63:2d:73:b6:4e:a5:e6:41:a5:37:d9:
                    a9:8c:0d:9d:ff:b1:4c:ff:2a:31:32:59:ca:af:0f:
                    c6:cd:2d:2f:f2:0f:17:46:06:57:2a:30:d6:cd:73:
                    61:34:b2:e9:15:07:a1:76:7b:41:6d:06:3f:5e:39:
                    a7:16:88:51:ee:ea:56:a7:9b:09:55:64:4b:93:dc:
                    32:3d:97:66:20:45:d7:1a:f2:40:9c:9f:98:76:2b:
                    d3:88:98:53:09:10:46:eb:d1:3d:f1:ef:f8:7a:59:
                    f0:23:b7:e0:3f:da:a0:af:92:c0:d8:0f:05:e7:ff:
                    0e:10:a8:62:c5:6e:78:6f:dd:8b:db:76:15:ca:1e:
                    c4:38:50:ae:9b:cc:66:72:76:d9:23:5a:f9:0f:77:
                    d3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DE:9A:56:9B:4D:CC:47:A6:16:D5:5C:B3:32:F5:B7:EC:40:D2:FB
            X509v3 Authority Key Identifier:
                keyid:9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/zt6aVptNzEemFtVcszL1t-xA0vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.216.248.0/24
                  172.216.251.0-172.216.252.255

    Signature Algorithm: sha256WithRSAEncryption
         49:70:bd:20:88:a9:bb:5b:32:9e:0f:b5:a1:a6:78:6b:ad:99:
         02:69:19:61:3b:c4:44:5b:df:a5:8b:20:ca:33:fb:fe:59:39:
         a2:e9:7b:bd:8c:7b:75:8b:2d:62:7b:0d:89:54:66:21:72:06:
         de:a6:c3:12:32:39:48:a8:af:b3:68:8c:d7:88:03:67:70:7a:
         57:9f:2f:a1:bf:80:2f:18:a2:86:22:b5:ac:8d:12:9d:8b:d9:
         36:f2:41:b1:be:5a:92:f5:ec:00:06:b0:c6:d9:47:34:9c:0f:
         9c:e1:ad:1c:44:e6:4c:f3:02:71:e0:dc:76:e1:18:94:18:25:
         0f:5f:57:80:63:04:da:93:66:a3:24:07:64:4d:f7:26:bc:b5:
         c9:9f:38:95:3e:f2:7c:2b:e4:7b:44:04:55:3d:30:76:ed:72:
         69:19:02:f9:fe:ca:dc:0f:4c:6a:0f:a9:46:14:c7:41:78:10:
         35:73:9e:42:75:93:82:24:59:29:ff:5e:3a:08:f7:26:8a:5a:
         61:df:92:64:6a:40:d2:04:ad:e2:b7:6e:ce:5e:55:ba:19:82:
         b1:bd:6d:da:01:30:93:c8:4d:9a:b3:dd:47:24:a7:cb:ac:ea:
         3e:b9:70:4e:7a:83:7a:2f:6b:a8:99:57:e6:d3:86:d0:2d:2f:
         4b:c7:57:ba
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2GFJEfz/5Dk2VOR+SuaNOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjRiMjdkOWYzZGY2ZTE0ZWJjNzllMTQ2ZThiZTMyNzU0
YmY4MDAwHhcNMjYwNDEzMDkwMzA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRlOWE1NjliNGRjYzQ3YTYxNmQ1NWNiMzMyZjViN2VjNDBkMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+mVL8bd6R36g6lki59Bhck6LHfC
AjVBOwwUhFxKh5bwtTqVbZ4TtSVvjFYLV/H8kmw48TAZZS5oFTCF0UNLKHsFeYlU
XH3HG/9llQrLpC4tH+vAsBaD4d1uLSZeijO8OdeHqkzLzDX5BwZjYy1ztk6l5kGl
N9mpjA2d/7FM/yoxMlnKrw/GzS0v8g8XRgZXKjDWzXNhNLLpFQehdntBbQY/Xjmn
FohR7upWp5sJVWRLk9wyPZdmIEXXGvJAnJ+YdivTiJhTCRBG69E98e/4elnwI7fg
P9qgr5LA2A8F5/8OEKhixW54b92L23YVyh7EOFCum8xmcnbZI1r5D3fTLwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFM7emlabTcxHphbVXLMy9bfsQNL7MB8GA1UdIwQY
MBaAFJoksn2fPfbhTrx54UbovjJ1S/gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgt
NDhkNWZmNGJhMjU1LzEvenQ2YVZwdE56RWVtRnRWY3N6TDF0LXhBMHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgtNDhkNWZmNGJhMjU1
LzEvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQArNj4MAwD
BACs2PsDBACs2PwwDQYJKoZIhvcNAQELBQADggEBAElwvSCIqbtbMp4PtaGmeGut
mQJpGWE7xERb36WLIMoz+/5ZOaLpe72Me3WLLWJ7DYlUZiFyBt6mwxIyOUior7No
jNeIA2dwelefL6G/gC8YooYitayNEp2L2TbyQbG+WpL17AAGsMbZRzScD5zhrRxE
5kzzAnHg3HbhGJQYJQ9fV4BjBNqTZqMkB2RN9ya8tcmfOJU+8nwr5HtEBFU9MHbt
cmkZAvn+ytwPTGoPqUYUx0F4EDVznkJ1k4IkWSn/XjoI9yaKWmHfkmRqQNIEreK3
bs5eVboZgrG9bdoBMJPITZqz3Uckp8us6j65cE56g3ova6iZV+bThtAtL0vHV7o=
-----END CERTIFICATE-----