Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ZicUZ02N1eUvCal6PMWmf8ikzmg.roa
File:                     ZicUZ02N1eUvCal6PMWmf8ikzmg.roa (raw, json)
Hash identifier:          XC9+u93DV5Xgz3s+Skf+JUuuT8ulGq7q/bcHNoP7ndc=
Subject key identifier:   66:27:14:67:4D:8D:D5:E5:2F:09:A9:7A:3C:C5:A6:7F:C8:A4:CE:68
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       0197F3E39851F4C07EDCDDEBCE3AD5F0FA65
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ZicUZ02N1eUvCal6PMWmf8ikzmg.roa
Signing time:             Thu 10 Jul 2025 10:31:08 +0000
ROA not before:           Thu 10 Jul 2025 10:31:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.69.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:e3:98:51:f4:c0:7e:dc:dd:eb:ce:3a:d5:f0:fa:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Jul 10 10:31:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=662714674d8dd5e52f09a97a3cc5a67fc8a4ce68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:81:a6:f4:4c:63:9d:b1:20:99:1c:65:06:c3:
                    de:55:87:75:70:65:a6:7d:e7:23:fc:43:81:5f:a0:
                    0b:23:ba:8a:49:1d:9e:0e:7b:2b:0e:2b:63:ed:24:
                    16:0b:ff:7a:5c:e6:52:d6:23:17:5b:50:cd:f3:64:
                    a3:a0:bb:a2:e9:67:c3:fa:28:06:5e:3e:e5:f7:33:
                    b0:25:72:f9:40:aa:a2:48:a3:fb:7c:9c:e2:8e:d5:
                    ad:9e:d1:32:21:3e:85:c4:d9:bd:c9:36:09:5b:43:
                    e8:4c:16:d5:56:93:26:f9:ee:98:4d:f1:9a:4d:c7:
                    4f:c0:ea:2e:85:36:58:81:03:82:1e:48:ad:7d:ad:
                    64:8f:a5:ce:f3:ca:13:f2:d2:c3:f4:dc:a0:d9:09:
                    15:d3:81:2e:71:4f:c5:d7:53:b6:5c:1c:16:91:37:
                    81:24:ff:c8:b2:4f:e6:df:ab:c9:56:2b:3d:88:fc:
                    ba:e6:da:b6:9b:00:be:ae:79:58:f0:af:0c:15:7e:
                    4b:2f:a7:13:ae:00:58:76:ff:d1:80:39:03:46:f5:
                    b7:fd:5c:2e:04:42:43:d4:04:f4:72:8d:18:83:63:
                    7f:f0:2e:ba:a2:9f:bf:f1:01:f8:59:e5:5f:13:12:
                    ad:e7:1f:e5:76:61:ed:8a:2c:6f:96:56:57:29:6e:
                    b1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:27:14:67:4D:8D:D5:E5:2F:09:A9:7A:3C:C5:A6:7F:C8:A4:CE:68
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ZicUZ02N1eUvCal6PMWmf8ikzmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:cf:17:8c:0a:75:90:c0:f3:04:e2:17:b0:b4:88:fd:d3:74:
         77:7b:ef:a2:d9:38:dc:87:2e:a0:5e:e7:22:fb:54:23:7e:b4:
         a0:23:16:e3:44:d4:0d:66:e5:24:b9:49:0b:10:d8:25:e1:d5:
         b8:47:2c:96:25:5f:f0:1b:21:4b:3f:c5:34:e1:3a:59:88:c4:
         06:4d:04:3e:d5:45:23:ff:b1:b3:94:49:3a:88:aa:af:7c:4b:
         e1:0d:de:9f:8c:33:de:52:b0:5f:52:88:af:23:e5:a3:74:41:
         01:1d:73:7c:41:d3:51:05:4c:fb:cf:d1:73:18:1b:b9:23:9b:
         09:c2:2c:8d:bb:16:b5:37:b6:ee:c7:86:87:5b:08:f2:11:17:
         75:cb:0c:cf:fe:04:02:1a:b1:b6:5b:32:17:d5:dc:f4:14:b7:
         e2:57:f5:1a:90:89:09:ae:8a:48:2d:5c:84:86:a7:88:e1:a6:
         b5:06:c7:7f:84:2e:fc:ba:5e:37:1a:3c:a9:b5:34:80:a2:ab:
         c8:2a:7c:df:8b:a4:07:a3:fe:39:44:0f:0b:e4:4e:7e:de:60:
         50:e2:99:ef:db:9b:92:9a:74:2a:e8:61:19:ac:ac:11:01:bd:
         7a:c8:2b:b1:47:fb:ec:9a:51:76:48:75:90:f1:56:b2:96:f2:
         3b:90:e5:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz45hR9MB+3N3rzjrV8PplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwNzEwMTAzMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI3MTQ2NzRkOGRkNWU1MmYwOWE5N2EzY2M1YTY3ZmM4YTRjZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIGm9ExjnbEgmRxlBsPeVYd1cGWm
fecj/EOBX6ALI7qKSR2eDnsrDitj7SQWC/96XOZS1iMXW1DN82SjoLui6WfD+igG
Xj7l9zOwJXL5QKqiSKP7fJzijtWtntEyIT6FxNm9yTYJW0PoTBbVVpMm+e6YTfGa
TcdPwOouhTZYgQOCHkitfa1kj6XO88oT8tLD9Nyg2QkV04EucU/F11O2XBwWkTeB
JP/Isk/m36vJVis9iPy65tq2mwC+rnlY8K8MFX5LL6cTrgBYdv/RgDkDRvW3/Vwu
BEJD1AT0co0Yg2N/8C66op+/8QH4WeVfExKt5x/ldmHtiixvllZXKW6xdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYnFGdNjdXlLwmpejzFpn/IpM5oMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvWmljVVowMk4xZVV2Q2FsNlBNV21mOGlrem1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUV4MA0G
CSqGSIb3DQEBCwUAA4IBAQA5zxeMCnWQwPME4hewtIj903R3e++i2Tjchy6gXuci
+1QjfrSgIxbjRNQNZuUkuUkLENgl4dW4RyyWJV/wGyFLP8U04TpZiMQGTQQ+1UUj
/7GzlEk6iKqvfEvhDd6fjDPeUrBfUoivI+WjdEEBHXN8QdNRBUz7z9FzGBu5I5sJ
wiyNuxa1N7bux4aHWwjyERd1ywzP/gQCGrG2WzIX1dz0FLfiV/UakIkJropILVyE
hqeI4aa1Bsd/hC78ul43GjyptTSAoqvIKnzfi6QHo/45RA8L5E5+3mBQ4pnv25uS
mnQq6GEZrKwRAb16yCuxR/vsmlF2SHWQ8VaylvI7kOV8
-----END CERTIFICATE-----