Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/zPteSfOjom7QWMmEMxZDi_vA-iY.roa
File:                     zPteSfOjom7QWMmEMxZDi_vA-iY.roa (raw, json)
Hash identifier:          rrGLmwvmuRirnSrr4c0rl9ZjsO4Ec7TvIhYJsaWhutQ=
Subject key identifier:   CC:FB:5E:49:F3:A3:A2:6E:D0:58:C9:84:33:16:43:8B:FB:C0:FA:26
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019DB9A142F313DD6A166A5A1DE44A36FF68
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/zPteSfOjom7QWMmEMxZDi_vA-iY.roa
Signing time:             Thu 23 Apr 2026 09:17:26 +0000
ROA not before:           Thu 23 Apr 2026 09:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6939
IP address blocks:        132.243.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:a1:42:f3:13:dd:6a:16:6a:5a:1d:e4:4a:36:ff:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Apr 23 09:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccfb5e49f3a3a26ed058c9843316438bfbc0fa26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:04:6f:fb:47:eb:a7:4b:05:9a:ab:07:78:d4:
                    b1:22:60:30:1f:11:5e:f7:bb:0d:15:b1:de:7c:3a:
                    e9:a4:6e:90:55:10:84:32:ad:ae:69:87:50:93:ae:
                    8c:55:d5:94:90:0b:49:9f:52:33:d1:f0:42:eb:06:
                    1c:77:c7:f9:4b:6c:a9:4c:6f:f7:6f:58:6f:8a:91:
                    4f:ed:9f:a5:5e:11:73:25:45:51:1d:30:c9:a7:10:
                    5a:02:eb:52:cc:a8:fb:32:d5:a7:5a:38:41:ca:56:
                    78:a7:87:55:90:c9:37:12:6c:12:81:63:23:7a:e5:
                    7d:f1:56:40:c8:a7:d2:b4:05:56:fd:fd:6a:f3:52:
                    47:40:89:8d:00:b4:7a:fa:6e:54:41:32:07:d6:d0:
                    8b:68:4f:a0:62:9a:a5:91:95:6a:b8:e2:6a:18:ae:
                    6e:98:5c:3e:81:ca:ea:d0:fa:a9:ce:a0:5b:5c:d1:
                    73:e8:ed:75:09:d5:04:70:eb:b0:0e:0c:4e:05:40:
                    54:43:f5:a4:a8:1b:01:e3:e2:c2:a2:fa:2f:c3:be:
                    9e:1f:1b:08:d2:8c:36:c9:d3:03:2f:83:4a:97:37:
                    34:59:d6:16:8c:2d:0e:1b:bc:3a:7b:b5:6d:3d:0f:
                    2c:3f:c9:f4:8c:1b:70:89:5f:40:9b:75:47:9a:ae:
                    9c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:FB:5E:49:F3:A3:A2:6E:D0:58:C9:84:33:16:43:8B:FB:C0:FA:26
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/zPteSfOjom7QWMmEMxZDi_vA-iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:1a:88:02:db:16:d7:1e:2f:e7:60:9f:e4:f9:86:53:63:c4:
         bf:14:bc:52:22:f2:bd:d7:fb:6e:86:cd:6e:a3:aa:10:3c:00:
         a2:24:90:27:f7:e7:cf:6f:6d:ec:3d:ac:70:39:11:d8:83:bb:
         99:16:b4:ac:02:2c:30:62:0b:ef:08:f0:82:4b:6e:2a:7f:58:
         1e:9d:65:aa:16:cf:28:f3:2d:28:57:b0:22:a4:85:e0:c0:16:
         07:3a:e5:06:63:04:8f:46:5f:41:c0:85:be:4f:ec:1d:b9:ad:
         34:c3:23:39:32:d6:92:2d:82:8e:bb:f1:84:dd:59:03:01:dd:
         0b:c2:bb:c9:91:c2:5e:11:d1:df:06:fe:8b:0e:63:df:6e:33:
         67:81:b5:38:03:fe:6c:78:d9:82:94:0d:70:cf:3a:d4:fe:50:
         43:73:07:3b:83:a1:56:f2:63:64:71:bd:92:a4:5d:58:f3:83:
         44:bf:a5:8a:8a:d5:6c:88:ff:79:cb:bd:c6:aa:41:c6:68:52:
         10:dd:16:bd:e3:61:73:90:af:1d:0e:4d:c0:e0:c1:f6:02:ee:
         b4:06:99:36:65:37:da:70:92:dd:aa:b2:dc:14:3b:b4:24:d8:
         43:5f:e2:d9:eb:0c:a6:5f:73:2f:89:03:3f:bd:4c:58:f0:51:
         9f:97:70:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25oULzE91qFmpaHeRKNv9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwNDIzMDkxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2ZiNWU0OWYzYTNhMjZlZDA1OGM5ODQzMzE2NDM4YmZiYzBmYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ARv+0frp0sFmqsHeNSxImAwHxFe
97sNFbHefDrppG6QVRCEMq2uaYdQk66MVdWUkAtJn1Iz0fBC6wYcd8f5S2ypTG/3
b1hvipFP7Z+lXhFzJUVRHTDJpxBaAutSzKj7MtWnWjhBylZ4p4dVkMk3EmwSgWMj
euV98VZAyKfStAVW/f1q81JHQImNALR6+m5UQTIH1tCLaE+gYpqlkZVquOJqGK5u
mFw+gcrq0PqpzqBbXNFz6O11CdUEcOuwDgxOBUBUQ/WkqBsB4+LCovovw76eHxsI
0ow2ydMDL4NKlzc0WdYWjC0OG7w6e7VtPQ8sP8n0jBtwiV9Am3VHmq6cHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMz7Xknzo6Ju0FjJhDMWQ4v7wPomMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvelB0ZVNmT2pvbTdRV01tRU14WkRpX3ZBLWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQChPNEMA0G
CSqGSIb3DQEBCwUAA4IBAQB9GogC2xbXHi/nYJ/k+YZTY8S/FLxSIvK91/tuhs1u
o6oQPACiJJAn9+fPb23sPaxwORHYg7uZFrSsAiwwYgvvCPCCS24qf1genWWqFs8o
8y0oV7AipIXgwBYHOuUGYwSPRl9BwIW+T+wdua00wyM5MtaSLYKOu/GE3VkDAd0L
wrvJkcJeEdHfBv6LDmPfbjNngbU4A/5seNmClA1wzzrU/lBDcwc7g6FW8mNkcb2S
pF1Y84NEv6WKitVsiP95y73GqkHGaFIQ3Ra942FzkK8dDk3A4MH2Au60Bpk2ZTfa
cJLdqrLcFDu0JNhDX+LZ6wymX3MviQM/vUxY8FGfl3AD
-----END CERTIFICATE-----