Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa
File:                     ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa (raw, json)
Hash identifier:          r4Yw7FV6MragLYSnWbxNhJIL4Bz5tpt7zooYhdKRX2U=
Subject key identifier:   66:01:B6:D3:EE:77:8D:02:70:B3:20:3D:52:3F:87:0E:55:0D:8B:20
Certificate issuer:       /CN=923a2b3dd7667275f09886df7da079f755ceed59
Certificate serial:       019720363CD5EAA78EF47771B7C540E8C9A4
Authority key identifier: 92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa
Signing time:             Fri 30 May 2025 08:01:54 +0000
ROA not before:           Fri 30 May 2025 08:01:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207143
IP address blocks:        185.101.156.0/22 maxlen: 22
                          185.101.156.0/24 maxlen: 24
                          185.101.157.0/24 maxlen: 24
                          185.101.158.0/24 maxlen: 24
                          185.101.159.0/24 maxlen: 24
                          185.229.88.0/24 maxlen: 24
                          185.229.89.0/24 maxlen: 24
                          185.229.90.0/24 maxlen: 24
                          185.229.91.0/24 maxlen: 24
                          193.203.253.0/24 maxlen: 24
                          204.174.100.0/24 maxlen: 24
                          213.254.165.0/24 maxlen: 24
                          2a11:8b81::/32 maxlen: 32
                          2a11:8b82::/32 maxlen: 32
                          2a11:8b83:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:36:3c:d5:ea:a7:8e:f4:77:71:b7:c5:40:e8:c9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=923a2b3dd7667275f09886df7da079f755ceed59
        Validity
            Not Before: May 30 08:01:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6601b6d3ee778d0270b3203d523f870e550d8b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:12:89:fa:a1:3f:a6:70:e7:a0:9f:a0:55:f6:
                    2c:71:78:b4:74:a2:68:1c:c2:c9:f3:2a:e7:35:d9:
                    8f:ff:d7:d0:5e:54:fa:50:3d:18:47:15:b1:f4:27:
                    a8:7b:50:0d:58:68:f0:a5:6b:b9:6a:25:34:28:7a:
                    1b:ef:f4:02:af:ed:02:b8:83:72:54:4d:d0:9a:8b:
                    a3:4b:01:07:8d:78:93:e4:b5:7a:98:04:eb:0c:03:
                    33:fb:a7:87:3c:f1:ad:30:f2:28:90:16:e7:f0:f3:
                    8f:32:44:e4:89:7c:5a:5d:fa:7c:26:93:12:5d:d7:
                    b3:e3:8a:5c:37:78:d0:40:b1:bf:b3:d1:fc:f9:8a:
                    50:3f:42:08:0a:9f:b4:0d:e5:51:85:bc:e9:fc:21:
                    50:41:98:56:fc:4d:6e:fe:42:9f:35:4f:7b:fb:0c:
                    e1:5c:4d:c9:f6:72:2f:b4:3f:1f:71:32:30:28:59:
                    6f:05:0b:55:cb:e9:6a:8a:fa:54:c2:42:fb:a5:64:
                    e7:70:5c:0e:92:f3:5b:e1:d7:62:8e:94:7f:c3:40:
                    de:18:eb:39:6a:39:93:b9:35:9f:c3:47:cd:a1:50:
                    f9:23:f2:a3:30:1f:8c:3d:84:ac:bf:5d:eb:33:0c:
                    5e:35:58:56:c2:ad:0d:10:1f:3c:20:81:9d:ef:0c:
                    53:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:01:B6:D3:EE:77:8D:02:70:B3:20:3D:52:3F:87:0E:55:0D:8B:20
            X509v3 Authority Key Identifier:
                keyid:92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.156.0/22
                  185.229.88.0/22
                  193.203.253.0/24
                  204.174.100.0/24
                  213.254.165.0/24
                IPv6:
                  2a11:8b81::-2a11:8b82:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:8b83:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:08:77:18:4a:a2:a9:a1:0f:31:9a:71:83:fc:6b:a8:4f:0a:
         52:06:f1:89:1a:0d:ff:ed:9b:62:26:8e:eb:4d:0c:77:86:25:
         5f:0f:e2:4c:0a:7d:c9:45:2d:aa:2f:2e:42:71:55:cc:a7:55:
         3d:bc:1a:70:02:52:af:0a:76:75:32:d0:41:a3:42:c6:3c:ae:
         53:b2:15:a0:4f:15:20:97:84:cf:d2:b1:b4:7b:ae:83:b2:52:
         78:69:4d:dc:d9:52:9c:b3:03:78:be:a3:ba:cb:d4:09:59:b1:
         fa:e3:30:2a:34:60:c9:36:a0:c6:a2:94:2f:1e:7b:38:8b:0d:
         0e:9d:2d:69:d6:d3:47:55:61:68:e5:3c:2c:bf:22:e4:5e:00:
         44:a4:8d:b2:22:76:b2:ba:2b:e7:eb:48:f4:4b:cd:8e:47:4f:
         84:ae:10:53:09:d0:ee:aa:0c:39:f5:ba:30:4c:8b:b2:39:f3:
         c5:41:45:7f:34:b3:12:11:e4:49:80:f9:56:44:50:db:d7:e6:
         21:46:c6:41:4c:80:5d:1c:e5:e3:92:2e:4e:e4:de:4e:4b:a7:
         94:ec:72:ec:a3:ef:3d:2a:1d:f6:b2:37:0f:c9:b2:41:16:a5:
         0e:3b:d6:14:e7:35:96:03:61:7a:d7:b3:d5:82:0f:b8:82:c6:
         ff:78:41:fa
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZcgNjzV6qeO9Hdxt8VA6MmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyM2EyYjNkZDc2NjcyNzVmMDk4ODZkZjdkYTA3OWY3NTVj
ZWVkNTkwHhcNMjUwNTMwMDgwMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAxYjZkM2VlNzc4ZDAyNzBiMzIwM2Q1MjNmODcwZTU1MGQ4YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BKJ+qE/pnDnoJ+gVfYscXi0dKJo
HMLJ8yrnNdmP/9fQXlT6UD0YRxWx9Ceoe1ANWGjwpWu5aiU0KHob7/QCr+0CuINy
VE3QmoujSwEHjXiT5LV6mATrDAMz+6eHPPGtMPIokBbn8POPMkTkiXxaXfp8JpMS
Xdez44pcN3jQQLG/s9H8+YpQP0IICp+0DeVRhbzp/CFQQZhW/E1u/kKfNU97+wzh
XE3J9nIvtD8fcTIwKFlvBQtVy+lqivpUwkL7pWTncFwOkvNb4ddijpR/w0DeGOs5
ajmTuTWfw0fNoVD5I/KjMB+MPYSsv13rMwxeNVhWwq0NEB88IIGd7wxTGQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGYBttPud40CcLMgPVI/hw5VDYsgMB8GA1UdIwQY
MBaAFJI6Kz3XZnJ18JiG332gefdVzu1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjkt
MjczOGJjYjQzZDZkLzEvWmdHMjAtNTNqUUp3c3lBOVVqLUhEbFVOaXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjktMjczOGJjYjQzZDZk
LzEva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAkBAIAATAeAwQCuWWcAwQC
ueVYAwQAwcv9AwQAzK5kAwQA1f6lMB8EAgACMBkwDgMFACoRi4EDBQAqEYuCAwcA
KhGLgwABMA0GCSqGSIb3DQEBCwUAA4IBAQALCHcYSqKpoQ8xmnGD/GuoTwpSBvGJ
Gg3/7ZtiJo7rTQx3hiVfD+JMCn3JRS2qLy5CcVXMp1U9vBpwAlKvCnZ1MtBBo0LG
PK5TshWgTxUgl4TP0rG0e66DslJ4aU3c2VKcswN4vqO6y9QJWbH64zAqNGDJNqDG
opQvHns4iw0OnS1p1tNHVWFo5TwsvyLkXgBEpI2yInayuivn60j0S82OR0+ErhBT
CdDuqgw59bowTIuyOfPFQUV/NLMSEeRJgPlWRFDb1+YhRsZBTIBdHOXjki5O5N5O
S6eU7HLso+89Kh32sjcPybJBFqUOO9YU5zWWA2F617PVgg+4gsb/eEH6
-----END CERTIFICATE-----
Generated at Mon Jun 9 21:29:10 2025 by rpki-client