Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/zD728h1UCihkQAXpX92CPXnx1Gs.roa
File:                     zD728h1UCihkQAXpX92CPXnx1Gs.roa (raw, json)
Hash identifier:          jxmfADV7fNflCtFxiDKR6culeD+Aw9hg4Dg9BnOAg8c=
Subject key identifier:   CC:3E:F6:F2:1D:54:0A:28:64:40:05:E9:5F:DD:82:3D:79:F1:D4:6B
Certificate issuer:       /CN=80d72537cc54ac10b4abfacc72c1b754c171af8f
Certificate serial:       019E5DB6B9981E426AEC94EE0FAF54EED888
Authority key identifier: 80:D7:25:37:CC:54:AC:10:B4:AB:FA:CC:72:C1:B7:54:C1:71:AF:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/zD728h1UCihkQAXpX92CPXnx1Gs.roa
Signing time:             Mon 25 May 2026 05:58:36 +0000
ROA not before:           Mon 25 May 2026 05:58:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47007
IP address blocks:        171.22.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Jun 2026 11:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5d:b6:b9:98:1e:42:6a:ec:94:ee:0f:af:54:ee:d8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d72537cc54ac10b4abfacc72c1b754c171af8f
        Validity
            Not Before: May 25 05:58:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc3ef6f21d540a28644005e95fdd823d79f1d46b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1b:50:98:fa:03:78:91:ff:1e:e1:2f:fd:b9:
                    29:c2:3d:22:47:85:aa:cd:80:11:69:d3:c6:a0:07:
                    64:34:60:8f:bc:d4:69:ea:a7:6c:e7:3a:4d:01:d5:
                    68:58:0f:12:e4:47:22:b2:7f:7b:81:94:db:0c:95:
                    b4:f9:51:bb:77:e0:9d:53:cf:df:1c:bb:c3:2d:95:
                    52:23:d2:40:9d:57:d0:20:51:f6:a2:39:93:06:50:
                    65:51:e9:dc:fb:e7:71:7d:e9:67:b0:e9:cf:7b:cb:
                    91:98:d7:c7:14:06:ee:be:40:db:34:7a:5c:63:0e:
                    3d:37:9b:72:55:13:d2:4d:2b:e4:41:54:be:b4:ef:
                    b3:67:63:6d:d3:53:6b:6a:31:bd:4b:0b:86:ba:6b:
                    58:bc:ec:90:63:f9:3a:f9:02:f8:8e:fe:f0:79:fb:
                    22:d2:a3:6f:8a:cc:1b:4e:4f:07:6a:e0:e6:c6:37:
                    9a:88:f5:86:60:a9:6f:aa:67:7a:31:6b:ae:81:ee:
                    39:44:36:2e:da:ea:2b:a2:fc:f7:00:c9:c0:13:5c:
                    1b:c0:04:55:26:28:44:be:53:a8:43:7b:8a:e9:fb:
                    1b:28:70:94:03:13:d2:41:1d:67:f6:cc:19:00:26:
                    0f:b8:3a:49:49:5d:ea:72:8d:f7:ee:31:f0:c5:59:
                    e0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:3E:F6:F2:1D:54:0A:28:64:40:05:E9:5F:DD:82:3D:79:F1:D4:6B
            X509v3 Authority Key Identifier:
                keyid:80:D7:25:37:CC:54:AC:10:B4:AB:FA:CC:72:C1:B7:54:C1:71:AF:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/zD728h1UCihkQAXpX92CPXnx1Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:75:ea:b1:49:d2:1b:e0:d7:6e:a9:c3:fc:6f:5f:1a:4e:2b:
         aa:1a:86:55:dc:72:2c:cd:f6:6a:81:5b:06:66:ad:09:20:df:
         13:e1:99:5c:b3:fd:41:bb:ff:5c:37:63:b9:cf:e2:64:35:2c:
         98:55:08:b8:01:d8:ae:57:e4:e4:70:48:c4:ca:43:3f:59:a6:
         f6:34:29:56:74:49:54:5a:b2:8c:2a:0a:f8:31:21:30:73:55:
         1e:c4:79:19:ea:fd:06:6d:2d:a0:1a:a3:0e:53:06:24:79:56:
         08:f9:09:89:69:e2:35:b7:2d:f2:1b:42:3d:51:20:bf:d8:3b:
         12:4c:19:a0:94:78:e3:38:94:66:82:b3:5c:2e:28:86:4e:ec:
         ff:67:b7:f7:0e:d5:d1:0d:e9:fb:40:b8:bb:d0:82:b2:c7:a9:
         c1:49:1a:54:a0:c3:a7:16:99:b3:c8:0d:cb:49:ce:95:68:02:
         5b:ab:4e:31:15:97:84:79:7a:41:f0:5b:51:20:6c:68:fe:c5:
         79:c8:09:d4:6f:9e:9e:99:e4:25:a7:27:05:12:84:9c:8d:74:
         97:89:1d:14:71:7b:f5:57:ac:03:92:13:dd:1b:09:84:c6:e9:
         a1:80:1e:64:41:a0:e8:45:80:fa:6a:a8:b8:6f:45:df:73:76:
         b4:ce:11:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5dtrmYHkJq7JTuD69U7tiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDcyNTM3Y2M1NGFjMTBiNGFiZmFjYzcyYzFiNzU0YzE3
MWFmOGYwHhcNMjYwNTI1MDU1ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzNlZjZmMjFkNTQwYTI4NjQ0MDA1ZTk1ZmRkODIzZDc5ZjFkNDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohtQmPoDeJH/HuEv/bkpwj0iR4Wq
zYARadPGoAdkNGCPvNRp6qds5zpNAdVoWA8S5Ecisn97gZTbDJW0+VG7d+CdU8/f
HLvDLZVSI9JAnVfQIFH2ojmTBlBlUenc++dxfelnsOnPe8uRmNfHFAbuvkDbNHpc
Yw49N5tyVRPSTSvkQVS+tO+zZ2Nt01NrajG9SwuGumtYvOyQY/k6+QL4jv7wefsi
0qNviswbTk8HauDmxjeaiPWGYKlvqmd6MWuuge45RDYu2uorovz3AMnAE1wbwARV
JihEvlOoQ3uK6fsbKHCUAxPSQR1n9swZACYPuDpJSV3qco337jHwxVngSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMw+9vIdVAooZEAF6V/dgj158dRrMB8GA1UdIwQY
MBaAFIDXJTfMVKwQtKv6zHLBt1TBca+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05jbE44eFVyQkMwcV9yTWNzRzNWTUZ4cjQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8yMDBmYTQtNDU3OC00YWU4LTlmZmIt
MmVkMjY5Mzg0YTc0LzEvekQ3MjhoMVVDaWhrUUFYcFg5MkNQWG54MUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8yMDBmYTQtNDU3OC00YWU4LTlmZmItMmVkMjY5Mzg0YTc0
LzEvZ05jbE44eFVyQkMwcV9yTWNzRzNWTUZ4cjQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxbYMA0G
CSqGSIb3DQEBCwUAA4IBAQAHdeqxSdIb4NduqcP8b18aTiuqGoZV3HIszfZqgVsG
Zq0JIN8T4Zlcs/1Bu/9cN2O5z+JkNSyYVQi4AdiuV+TkcEjEykM/Wab2NClWdElU
WrKMKgr4MSEwc1UexHkZ6v0GbS2gGqMOUwYkeVYI+QmJaeI1ty3yG0I9USC/2DsS
TBmglHjjOJRmgrNcLiiGTuz/Z7f3DtXRDen7QLi70IKyx6nBSRpUoMOnFpmzyA3L
Sc6VaAJbq04xFZeEeXpB8FtRIGxo/sV5yAnUb56emeQlpycFEoScjXSXiR0UcXv1
V6wDkhPdGwmExumhgB5kQaDoRYD6aqi4b0Xfc3a0zhEW
-----END CERTIFICATE-----