Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/Z39nPiyL47Feha5WgnFZCSCcy3g.roa
File:                     Z39nPiyL47Feha5WgnFZCSCcy3g.roa (raw, json)
Hash identifier:          9mJiZv7ItrIrPIwP8G0w4T0RBvTILri5Zzv8pQIllIY=
Subject key identifier:   67:7F:67:3E:2C:8B:E3:B1:5E:85:AE:56:82:71:59:09:20:9C:CB:78
Certificate issuer:       /CN=47621066af4f4f58c63ee43fef9b52f5c8fc42a9
Certificate serial:       019DBB39E5BAB1C8CDA69DAF287E8D566920
Authority key identifier: 47:62:10:66:AF:4F:4F:58:C6:3E:E4:3F:EF:9B:52:F5:C8:FC:42:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/Z39nPiyL47Feha5WgnFZCSCcy3g.roa
Signing time:             Thu 23 Apr 2026 16:43:46 +0000
ROA not before:           Thu 23 Apr 2026 16:43:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6665
IP address blocks:        185.206.84.0/22 maxlen: 22
                          185.206.84.0/24 maxlen: 24
                          185.206.85.0/24 maxlen: 24
                          185.206.86.0/24 maxlen: 24
                          185.206.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:39:e5:ba:b1:c8:cd:a6:9d:af:28:7e:8d:56:69:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47621066af4f4f58c63ee43fef9b52f5c8fc42a9
        Validity
            Not Before: Apr 23 16:43:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=677f673e2c8be3b15e85ae5682715909209ccb78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:8c:c4:95:17:fa:5c:19:5a:dd:91:2d:37:
                    a0:71:6b:0c:ba:eb:d6:61:31:6b:41:04:5d:b1:28:
                    28:39:17:5b:58:c5:ad:b2:92:4b:60:e0:b1:e6:9d:
                    51:87:c5:10:38:7c:31:bf:9e:e4:86:a3:9c:7e:ef:
                    cd:7a:2d:8d:f6:ba:29:07:d0:0d:a4:ca:1c:73:6a:
                    9d:7f:c2:a7:33:23:76:b6:51:cd:12:c7:46:80:35:
                    be:97:d2:ca:92:d0:24:23:04:85:46:e1:a3:89:2e:
                    21:97:6b:82:70:ae:77:87:f8:c9:aa:a1:1f:91:3d:
                    9f:f4:6c:89:c6:a6:a8:52:23:2f:0b:4a:e0:10:8f:
                    be:71:c8:2a:ce:ff:2b:b3:3f:e7:32:f2:29:3e:cd:
                    de:bd:7b:5e:80:fb:94:d4:77:13:f8:8f:d1:6a:7d:
                    0c:ab:92:55:47:fa:0d:d1:ad:52:ae:ad:32:78:70:
                    56:14:e2:36:d5:bd:33:b5:56:f5:85:0b:df:63:ce:
                    72:f0:9e:e0:aa:d0:b5:cf:91:01:ce:d6:76:64:d3:
                    f4:6b:58:a1:7c:fa:3b:f2:7a:b3:bd:18:cf:f1:c5:
                    5a:71:cb:b7:af:7d:86:d4:8b:cc:ca:80:e8:3a:13:
                    cc:da:7d:e4:12:82:89:54:9c:57:b4:3c:9c:7a:c3:
                    b6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7F:67:3E:2C:8B:E3:B1:5E:85:AE:56:82:71:59:09:20:9C:CB:78
            X509v3 Authority Key Identifier:
                keyid:47:62:10:66:AF:4F:4F:58:C6:3E:E4:3F:EF:9B:52:F5:C8:FC:42:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/Z39nPiyL47Feha5WgnFZCSCcy3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/adf540-5379-470e-bfb4-a7bbecd5a394/1/R2IQZq9PT1jGPuQ_75tS9cj8Qqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:83:ce:81:46:17:17:c8:8e:28:b7:a9:af:bc:e8:32:ad:5e:
         a3:e4:23:0a:f2:b4:c3:2f:8d:16:51:d9:41:e8:5c:e3:b9:bd:
         59:c4:cf:5e:ce:1e:36:f8:3c:ee:2a:04:c4:54:b0:a0:42:99:
         dd:37:fd:24:d4:5d:a8:39:4a:ed:90:f9:3a:f2:d4:55:88:62:
         d8:05:22:d5:13:e4:aa:7f:5c:d6:a7:6e:53:e9:61:e9:f3:66:
         32:61:44:6a:6a:cb:74:5c:3b:4d:51:a9:90:92:02:39:da:4a:
         9c:e8:29:1b:7f:ae:8b:b1:9b:d4:a0:3c:43:90:b7:7b:3e:ac:
         d7:9f:c6:da:2d:65:e4:52:77:5a:fc:b1:c3:72:3b:5d:d7:4a:
         97:16:b1:5b:a2:f0:64:4d:99:8d:61:5f:89:7a:69:72:6b:66:
         e8:3f:e8:e7:18:c2:d2:18:ed:64:9b:d3:38:cd:25:4e:3f:d9:
         9b:a7:69:48:be:3d:51:05:49:3e:79:c2:c5:cf:1e:dd:a2:d1:
         e9:2c:e3:f8:ac:23:74:85:6f:a9:81:60:21:a7:61:af:16:cf:
         6b:02:9f:a7:10:ad:4b:3d:6b:f7:62:00:b6:42:92:16:93:3e:
         a4:a8:84:38:78:99:30:3d:ba:37:7a:f4:a5:9f:bf:b1:e2:b3:
         d6:98:c1:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ27OeW6scjNpp2vKH6NVmkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NjIxMDY2YWY0ZjRmNThjNjNlZTQzZmVmOWI1MmY1Yzhm
YzQyYTkwHhcNMjYwNDIzMTY0MzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdmNjczZTJjOGJlM2IxNWU4NWFlNTY4MjcxNTkwOTIwOWNjYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D6MxJUX+lwZWt2RLTegcWsMuuvW
YTFrQQRdsSgoORdbWMWtspJLYOCx5p1Rh8UQOHwxv57khqOcfu/Nei2N9ropB9AN
pMocc2qdf8KnMyN2tlHNEsdGgDW+l9LKktAkIwSFRuGjiS4hl2uCcK53h/jJqqEf
kT2f9GyJxqaoUiMvC0rgEI++ccgqzv8rsz/nMvIpPs3evXtegPuU1HcT+I/Ran0M
q5JVR/oN0a1Srq0yeHBWFOI21b0ztVb1hQvfY85y8J7gqtC1z5EBztZ2ZNP0a1ih
fPo78nqzvRjP8cVaccu3r32G1IvMyoDoOhPM2n3kEoKJVJxXtDycesO2TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd/Zz4si+OxXoWuVoJxWQkgnMt4MB8GA1UdIwQY
MBaAFEdiEGavT09Yxj7kP++bUvXI/EKpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjJJUVpxOVBUMWpHUHVRXzc1dFM5Y2o4UXFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hZGY1NDAtNTM3OS00NzBlLWJmYjQt
YTdiYmVjZDVhMzk0LzEvWjM5blBpeUw0N0ZlaGE1V2duRlpDU0NjeTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hZGY1NDAtNTM3OS00NzBlLWJmYjQtYTdiYmVjZDVhMzk0
LzEvUjJJUVpxOVBUMWpHUHVRXzc1dFM5Y2o4UXFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc5UMA0G
CSqGSIb3DQEBCwUAA4IBAQA7g86BRhcXyI4ot6mvvOgyrV6j5CMK8rTDL40WUdlB
6Fzjub1ZxM9ezh42+DzuKgTEVLCgQpndN/0k1F2oOUrtkPk68tRViGLYBSLVE+Sq
f1zWp25T6WHp82YyYURqast0XDtNUamQkgI52kqc6Ckbf66LsZvUoDxDkLd7PqzX
n8baLWXkUnda/LHDcjtd10qXFrFbovBkTZmNYV+Jemlya2boP+jnGMLSGO1km9M4
zSVOP9mbp2lIvj1RBUk+ecLFzx7dotHpLOP4rCN0hW+pgWAhp2GvFs9rAp+nEK1L
PWv3YgC2QpIWkz6kqIQ4eJkwPbo3evSln7+x4rPWmMEz
-----END CERTIFICATE-----