Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zL6dZP8kMp7f2laHMrzLZ9mXpgQ.roa
File:                     zL6dZP8kMp7f2laHMrzLZ9mXpgQ.roa (raw, json)
Hash identifier:          7j3ssH2wX64X7whSJunLPKZb+9ALhKJ2S6b7M3jKYjo=
Subject key identifier:   CC:BE:9D:64:FF:24:32:9E:DF:DA:56:87:32:BC:CB:67:D9:97:A6:04
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D05D5330E2DF7850A801CD08F9A20A39C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zL6dZP8kMp7f2laHMrzLZ9mXpgQ.roa
Signing time:             Thu 19 Mar 2026 11:22:31 +0000
ROA not before:           Thu 19 Mar 2026 11:22:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48207
IP address blocks:        45.88.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 14:13:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:d5:33:0e:2d:f7:85:0a:80:1c:d0:8f:9a:20:a3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 19 11:22:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccbe9d64ff24329edfda568732bccb67d997a604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:09:6e:3f:bc:30:af:39:0c:c8:43:e4:dc:1d:
                    aa:5c:07:6c:16:19:b4:e2:47:ed:a9:06:57:1d:5e:
                    3b:c8:2a:47:d4:b7:f9:76:d9:df:bd:1f:9c:7c:f0:
                    17:81:de:f5:bf:c0:b5:6d:76:44:cf:87:15:69:73:
                    60:85:61:bb:b5:39:b7:cc:86:57:98:f5:8e:6b:5a:
                    0c:91:db:94:fb:10:d1:fa:8e:7c:63:03:77:49:77:
                    46:96:24:1a:aa:2f:12:2e:48:3b:b3:28:1b:5f:3c:
                    c5:1c:04:32:5f:f4:06:72:f0:62:67:22:48:fd:1b:
                    84:a6:9e:89:f0:dd:95:b3:0f:8d:3c:39:e3:87:9f:
                    f6:3f:47:ed:94:9b:20:66:d5:18:1a:60:16:c1:0f:
                    de:ca:51:f6:49:8f:2e:e3:00:e4:47:f5:a4:bf:43:
                    9e:69:46:cf:53:43:c0:5b:69:cf:b0:8c:ed:58:69:
                    ad:dc:2c:5c:26:03:e8:53:9a:01:33:96:84:6c:82:
                    ba:87:57:a2:12:f8:07:d6:d8:9b:3e:a6:ce:de:01:
                    ec:0f:ff:d9:3f:a2:38:6c:b8:e6:9e:85:4c:f8:e4:
                    86:27:4f:dd:48:3b:d5:6f:c1:23:d8:c6:ee:fc:d3:
                    a3:5f:ea:5a:d6:f8:07:df:cc:4c:cd:9a:01:ff:b2:
                    de:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:BE:9D:64:FF:24:32:9E:DF:DA:56:87:32:BC:CB:67:D9:97:A6:04
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zL6dZP8kMp7f2laHMrzLZ9mXpgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b4:1d:d7:8a:be:cd:91:42:7d:7b:d1:db:1c:f6:39:c5:8b:
         32:bc:d6:70:06:b6:6c:f2:f6:52:b6:0d:18:d8:2a:ff:1d:3a:
         03:ff:be:09:b9:3d:45:71:51:8f:f0:40:06:e4:cc:d7:70:2b:
         d7:aa:f9:dc:64:fc:6e:57:ae:44:6a:c4:3b:52:9d:cf:64:4c:
         11:a7:ed:05:59:6e:c0:3b:57:a6:2d:d0:fb:bf:d0:46:05:1c:
         b7:0f:0c:c9:6f:01:93:eb:8a:7e:c8:13:e5:00:9d:4c:db:a6:
         e5:50:e5:e8:42:33:c6:b7:0b:18:0b:1b:6a:ab:14:e1:5b:d0:
         1c:f0:bd:40:b0:c1:66:76:70:c5:29:26:8a:2d:44:6c:a3:17:
         2a:6d:e0:d8:ae:1c:ed:53:9e:a8:08:93:2d:1c:ee:7a:80:60:
         59:d4:59:84:09:e3:d7:a1:89:67:27:47:43:2c:e6:46:53:b2:
         16:8e:f6:3a:4f:fb:46:7a:d8:30:61:5c:de:b2:00:a6:4d:6e:
         27:94:f6:e4:95:e8:f7:b3:05:2b:80:dd:b7:3f:4d:5b:20:55:
         74:1f:ee:b9:64:02:c8:dd:e4:cc:ae:b4:dd:cd:79:81:df:72:
         7c:4f:42:0f:b4:5f:a3:a1:e7:e0:23:cf:23:4b:d9:0c:31:e6:
         86:a6:5e:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0F1TMOLfeFCoAc0I+aIKOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzE5MTEyMjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2JlOWQ2NGZmMjQzMjllZGZkYTU2ODczMmJjY2I2N2Q5OTdhNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwluP7wwrzkMyEPk3B2qXAdsFhm0
4kftqQZXHV47yCpH1Lf5dtnfvR+cfPAXgd71v8C1bXZEz4cVaXNghWG7tTm3zIZX
mPWOa1oMkduU+xDR+o58YwN3SXdGliQaqi8SLkg7sygbXzzFHAQyX/QGcvBiZyJI
/RuEpp6J8N2Vsw+NPDnjh5/2P0ftlJsgZtUYGmAWwQ/eylH2SY8u4wDkR/Wkv0Oe
aUbPU0PAW2nPsIztWGmt3CxcJgPoU5oBM5aEbIK6h1eiEvgH1tibPqbO3gHsD//Z
P6I4bLjmnoVM+OSGJ0/dSDvVb8Ej2Mbu/NOjX+pa1vgH38xMzZoB/7LeWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy+nWT/JDKe39pWhzK8y2fZl6YEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvekw2ZFpQOGtNcDdmMmxhSE1yekxaOW1YcGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVhaMA0G
CSqGSIb3DQEBCwUAA4IBAQAEtB3Xir7NkUJ9e9HbHPY5xYsyvNZwBrZs8vZStg0Y
2Cr/HToD/74JuT1FcVGP8EAG5MzXcCvXqvncZPxuV65EasQ7Up3PZEwRp+0FWW7A
O1emLdD7v9BGBRy3DwzJbwGT64p+yBPlAJ1M26blUOXoQjPGtwsYCxtqqxThW9Ac
8L1AsMFmdnDFKSaKLURsoxcqbeDYrhztU56oCJMtHO56gGBZ1FmECePXoYlnJ0dD
LOZGU7IWjvY6T/tGetgwYVzesgCmTW4nlPbklej3swUrgN23P01bIFV0H+65ZALI
3eTMrrTdzXmB33J8T0IPtF+joefgI88jS9kMMeaGpl4j
-----END CERTIFICATE-----