Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Kj0sX5EXk_lnEe1oG9enI-9Uxz8.roa
File:                     Kj0sX5EXk_lnEe1oG9enI-9Uxz8.roa (raw, json)
Hash identifier:          QsEGqqedvvJfyYegitKnBcVHLqm6NXGbqrN63e4Vj6c=
Subject key identifier:   2A:3D:2C:5F:91:17:93:F9:67:11:ED:68:1B:D7:A7:23:EF:54:C7:3F
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019D57E039F5EEE7970A88888DB17E457AC3
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Kj0sX5EXk_lnEe1oG9enI-9Uxz8.roa
Signing time:             Sat 04 Apr 2026 09:43:25 +0000
ROA not before:           Sat 04 Apr 2026 09:43:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211056
IP address blocks:        85.133.193.0/24 maxlen: 24
                          85.133.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:e0:39:f5:ee:e7:97:0a:88:88:8d:b1:7e:45:7a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Apr  4 09:43:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a3d2c5f911793f96711ed681bd7a723ef54c73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9b:c4:90:50:2e:33:24:5c:43:bb:d1:64:eb:
                    aa:f6:9f:97:09:1e:3a:0e:56:01:66:e4:65:35:e8:
                    72:36:b7:0f:fe:f4:07:80:de:98:5f:f4:2e:8b:00:
                    59:72:d5:64:33:c5:82:07:92:ac:0d:2e:40:8c:ac:
                    5d:64:4c:72:cc:13:b7:06:a7:e7:b0:d3:cc:98:bf:
                    a8:bb:63:7a:e9:20:60:59:db:16:65:00:3e:9b:6b:
                    96:38:51:16:6d:93:60:b1:1d:b4:94:0a:06:85:ab:
                    cd:8a:17:9d:d5:5c:d1:14:2c:f1:74:70:07:98:ef:
                    67:60:22:bf:40:46:68:30:c8:9e:d9:42:aa:73:79:
                    c6:b8:46:fe:e8:9a:ad:66:53:34:8e:3c:dd:37:bb:
                    48:44:58:5a:09:f8:d1:c4:d3:0b:66:8e:35:31:e0:
                    9f:e8:ec:e4:59:9b:a6:52:19:f3:08:56:32:35:79:
                    c1:93:c5:6f:f5:6b:78:f6:62:9c:ad:da:eb:21:cd:
                    66:35:ed:bc:37:dc:be:54:3e:eb:af:9c:07:3f:84:
                    f8:49:ab:0b:06:ee:fd:72:36:7e:ab:42:69:c8:fa:
                    d0:d6:91:2d:ee:d4:2a:c1:ce:6f:1f:91:c0:cb:39:
                    ab:bc:bf:11:e0:f5:5c:36:bf:85:34:9f:82:95:05:
                    7f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3D:2C:5F:91:17:93:F9:67:11:ED:68:1B:D7:A7:23:EF:54:C7:3F
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Kj0sX5EXk_lnEe1oG9enI-9Uxz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.193.0/24
                  85.133.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:a4:62:c8:74:1b:61:a4:d5:c5:c6:63:9a:2f:c2:ff:c6:28:
         d3:c4:88:b5:c7:3f:e7:06:ef:62:d3:9e:2e:cf:cb:fc:5c:53:
         36:3f:25:c0:bb:40:b5:0b:f0:8f:4b:55:e7:f3:cf:a4:23:f6:
         0d:44:35:1d:be:bd:cd:45:76:da:67:8f:90:02:80:91:d2:2a:
         20:a1:44:f0:75:c0:6e:77:91:02:07:90:3c:d8:09:40:55:73:
         24:80:7a:69:1b:29:63:f7:29:9b:92:28:79:31:fb:97:95:f4:
         b4:fd:f0:c5:a6:bf:a6:1f:26:e8:35:8c:1f:20:55:81:fa:16:
         68:16:6e:f2:39:d0:7f:b2:a1:e8:ac:98:8d:81:1f:f1:09:19:
         22:22:29:eb:cc:5e:98:86:ff:5c:22:3d:97:34:a3:cf:31:ea:
         b7:df:f9:e1:61:a6:6a:9e:a5:34:6c:b5:aa:c4:d7:c6:47:31:
         47:9c:9b:c7:8a:2e:9e:24:c2:95:4b:16:31:77:88:5a:cb:f2:
         1b:9d:67:0f:46:da:a7:fb:91:73:9e:e7:c4:04:32:71:5b:50:
         72:cf:07:c8:6b:26:c7:17:6a:da:18:68:6f:29:39:4d:8c:ce:
         c6:c0:10:cd:62:7e:e1:6c:d5:e5:30:de:59:9d:f7:4e:72:e8:
         7c:65:2a:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1X4Dn17ueXCoiIjbF+RXrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNDA0MDk0MzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNkMmM1ZjkxMTc5M2Y5NjcxMWVkNjgxYmQ3YTcyM2VmNTRjNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpvEkFAuMyRcQ7vRZOuq9p+XCR46
DlYBZuRlNehyNrcP/vQHgN6YX/QuiwBZctVkM8WCB5KsDS5AjKxdZExyzBO3Bqfn
sNPMmL+ou2N66SBgWdsWZQA+m2uWOFEWbZNgsR20lAoGhavNihed1VzRFCzxdHAH
mO9nYCK/QEZoMMie2UKqc3nGuEb+6JqtZlM0jjzdN7tIRFhaCfjRxNMLZo41MeCf
6OzkWZumUhnzCFYyNXnBk8Vv9Wt49mKcrdrrIc1mNe28N9y+VD7rr5wHP4T4SasL
Bu79cjZ+q0JpyPrQ1pEt7tQqwc5vH5HAyzmrvL8R4PVcNr+FNJ+ClQV/0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCo9LF+RF5P5ZxHtaBvXpyPvVMc/MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvS2owc1g1RVhrX2xuRWUxb0c5ZW5JLTlVeHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXBAwQA
VYX5MA0GCSqGSIb3DQEBCwUAA4IBAQAWpGLIdBthpNXFxmOaL8L/xijTxIi1xz/n
Bu9i054uz8v8XFM2PyXAu0C1C/CPS1Xn88+kI/YNRDUdvr3NRXbaZ4+QAoCR0iog
oUTwdcBud5ECB5A82AlAVXMkgHppGylj9ymbkih5MfuXlfS0/fDFpr+mHyboNYwf
IFWB+hZoFm7yOdB/sqHorJiNgR/xCRkiIinrzF6Yhv9cIj2XNKPPMeq33/nhYaZq
nqU0bLWqxNfGRzFHnJvHii6eJMKVSxYxd4hay/IbnWcPRtqn+5FznufEBDJxW1By
zwfIaybHF2raGGhvKTlNjM7GwBDNYn7hbNXlMN5ZnfdOcuh8ZSrk
-----END CERTIFICATE-----