Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZzQcZ8LgtA58lxWA3z8l77O0pVQ.roa
File:                     ZzQcZ8LgtA58lxWA3z8l77O0pVQ.roa (raw, json)
Hash identifier:          nMDzLh4hxBLa5u/HVkwcT/i59bwxzex5PfPApW9xsY8=
Subject key identifier:   67:34:1C:67:C2:E0:B4:0E:7C:97:15:80:DF:3F:25:EF:B3:B4:A5:54
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019D5A5B9D2CD429C20FB07CAF746E92BC52
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZzQcZ8LgtA58lxWA3z8l77O0pVQ.roa
Signing time:             Sat 04 Apr 2026 21:17:26 +0000
ROA not before:           Sat 04 Apr 2026 21:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        45.90.17.0/24 maxlen: 24
                          185.222.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 03:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:5b:9d:2c:d4:29:c2:0f:b0:7c:af:74:6e:92:bc:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr  4 21:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67341c67c2e0b40e7c971580df3f25efb3b4a554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:93:bf:2f:e6:bb:14:3c:a0:89:49:6e:f1:0e:
                    44:ce:e6:89:db:1b:6e:5d:0f:72:d0:0a:aa:18:41:
                    34:a0:bd:f0:25:d1:ff:ae:9e:81:bb:1b:8a:b5:17:
                    07:8a:cf:d8:33:96:91:20:fb:b6:96:6a:b4:e3:3a:
                    30:af:01:13:9e:38:54:d9:c5:d9:b8:21:28:0b:b7:
                    30:8d:ea:6e:99:8d:e0:ac:fb:14:d4:a7:81:1d:6e:
                    9a:b6:a2:a4:ad:d8:24:33:f8:c4:c8:a2:ce:69:d7:
                    a4:08:4b:34:19:b4:b6:16:0a:49:34:92:08:af:ae:
                    a3:fd:4f:30:7c:6d:d2:71:2f:50:da:64:23:50:5f:
                    0e:ca:89:09:92:0f:6b:29:2a:60:7d:99:0b:85:d2:
                    89:1e:c8:f9:37:f7:8f:b2:6b:15:f0:e1:77:a2:a3:
                    5b:c9:c6:3d:fe:89:78:fa:b3:0c:8b:7b:23:11:c3:
                    71:aa:b2:48:dc:84:d1:e1:04:52:88:39:1e:14:37:
                    f9:39:e1:af:28:eb:06:60:f2:3d:1d:90:86:6e:09:
                    85:f8:85:34:b1:95:dc:5b:c0:cc:73:93:0c:74:73:
                    10:2f:4e:07:98:dc:ed:d6:55:c3:b1:a9:02:0d:2d:
                    4e:10:ff:a0:93:b0:ee:32:6f:27:0b:55:7f:04:91:
                    e4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:34:1C:67:C2:E0:B4:0E:7C:97:15:80:DF:3F:25:EF:B3:B4:A5:54
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZzQcZ8LgtA58lxWA3z8l77O0pVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.17.0/24
                  185.222.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:3b:d7:0e:94:7a:38:c1:72:6c:12:5a:4c:71:79:ff:dc:e5:
         e0:de:9e:57:82:61:6f:f1:aa:3e:8b:b6:c5:5c:f5:b0:36:32:
         a9:0f:62:8d:cc:61:62:bb:54:ac:8c:b4:13:b3:a1:8a:6c:7f:
         f2:1d:0e:cb:bf:fa:0a:4b:30:9e:4a:b6:05:72:b7:ac:bc:42:
         37:f8:a3:28:5f:45:a4:0b:e0:34:25:b4:63:12:e9:e7:c1:d4:
         a6:96:4c:8a:60:c3:cc:77:01:c7:ae:75:58:a0:99:fd:f9:dc:
         40:58:a4:54:b8:be:1e:1f:34:1b:7f:26:4c:e4:42:53:7e:b7:
         19:6d:0b:94:66:bf:85:9d:75:24:6a:99:ff:a6:a9:83:18:03:
         42:14:ae:e1:9b:33:c6:84:ea:39:68:1a:19:01:ed:d1:2d:6d:
         8b:89:05:27:2b:0c:99:13:6a:19:54:f1:4b:ac:9a:b9:6b:df:
         b6:08:45:6c:69:27:7e:0a:e5:c5:31:f4:23:d4:78:ed:7d:20:
         1e:19:49:b3:1b:d7:be:50:bd:d5:2d:4d:ee:65:3c:46:0b:78:
         25:49:3f:e6:40:41:8a:b9:0a:b8:9d:88:32:46:76:29:3d:b4:
         a6:9a:f0:5e:f7:0d:df:5f:bd:3f:e1:b9:47:36:ab:18:54:00:
         ca:e8:8d:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1aW50s1CnCD7B8r3RukrxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNDA0MjExNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM0MWM2N2MyZTBiNDBlN2M5NzE1ODBkZjNmMjVlZmIzYjRhNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5O/L+a7FDygiUlu8Q5EzuaJ2xtu
XQ9y0AqqGEE0oL3wJdH/rp6BuxuKtRcHis/YM5aRIPu2lmq04zowrwETnjhU2cXZ
uCEoC7cwjepumY3grPsU1KeBHW6atqKkrdgkM/jEyKLOadekCEs0GbS2FgpJNJII
r66j/U8wfG3ScS9Q2mQjUF8OyokJkg9rKSpgfZkLhdKJHsj5N/ePsmsV8OF3oqNb
ycY9/ol4+rMMi3sjEcNxqrJI3ITR4QRSiDkeFDf5OeGvKOsGYPI9HZCGbgmF+IU0
sZXcW8DMc5MMdHMQL04HmNzt1lXDsakCDS1OEP+gk7DuMm8nC1V/BJHkNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGc0HGfC4LQOfJcVgN8/Je+ztKVUMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWnpRY1o4TGd0QTU4bHhXQTN6OGw3N08wcFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVoRAwQA
ud4eMA0GCSqGSIb3DQEBCwUAA4IBAQAuO9cOlHo4wXJsElpMcXn/3OXg3p5XgmFv
8ao+i7bFXPWwNjKpD2KNzGFiu1SsjLQTs6GKbH/yHQ7Lv/oKSzCeSrYFcresvEI3
+KMoX0WkC+A0JbRjEunnwdSmlkyKYMPMdwHHrnVYoJn9+dxAWKRUuL4eHzQbfyZM
5EJTfrcZbQuUZr+FnXUkapn/pqmDGANCFK7hmzPGhOo5aBoZAe3RLW2LiQUnKwyZ
E2oZVPFLrJq5a9+2CEVsaSd+CuXFMfQj1HjtfSAeGUmzG9e+UL3VLU3uZTxGC3gl
ST/mQEGKuQq4nYgyRnYpPbSmmvBe9w3fX70/4blHNqsYVADK6I1H
-----END CERTIFICATE-----