Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/zt_YvrwgG8U0qs9ZxDXsKeZ9EVw.roa
File:                     zt_YvrwgG8U0qs9ZxDXsKeZ9EVw.roa (raw, json)
Hash identifier:          t0BRGsA3yMu+tS9ODb23oVtqY4JggUZywQTE6WaROKA=
Subject key identifier:   CE:DF:D8:BE:BC:20:1B:C5:34:AA:CF:59:C4:35:EC:29:E6:7D:11:5C
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       019CB83FADF78EE719AAFC329767598058FA
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/zt_YvrwgG8U0qs9ZxDXsKeZ9EVw.roa
Signing time:             Wed 04 Mar 2026 09:48:26 +0000
ROA not before:           Wed 04 Mar 2026 09:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215366
IP address blocks:        77.221.54.0/23 maxlen: 23
                          77.221.54.0/24 maxlen: 24
                          77.221.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:3f:ad:f7:8e:e7:19:aa:fc:32:97:67:59:80:58:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Mar  4 09:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cedfd8bebc201bc534aacf59c435ec29e67d115c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:d9:44:0d:45:2a:cc:c6:9f:5f:84:c9:bc:
                    18:c9:b2:fa:90:f9:67:71:99:85:f5:b2:e1:48:17:
                    c5:59:c0:7e:7c:04:68:9f:52:e2:41:bb:04:ce:60:
                    bc:ef:99:96:c2:75:b4:a7:50:18:9b:dd:e3:bc:72:
                    75:24:07:3f:ec:a9:ac:c9:e1:0e:94:98:59:57:23:
                    a1:02:da:d8:4b:1d:ca:69:9d:b2:85:2c:ea:bb:6b:
                    aa:6c:20:18:66:f6:13:96:b4:4a:07:33:3d:51:ba:
                    6b:02:e6:53:ed:16:a1:67:a8:da:e1:7c:e7:7b:ac:
                    3f:37:45:ce:67:bb:7e:c9:ec:89:41:9a:69:35:9a:
                    ca:43:98:1a:4c:be:48:fa:4b:de:32:03:3d:11:2c:
                    f8:46:5b:cf:dd:b2:c1:b4:e9:38:b5:56:fe:9d:d4:
                    37:3e:ba:18:5f:fa:b7:b9:98:01:1a:bf:ba:89:55:
                    77:a3:38:bf:e0:5e:8f:23:22:40:ab:c5:c3:0c:27:
                    1f:e8:c7:3e:e4:e7:08:43:77:ea:7a:64:7e:43:a3:
                    cf:8d:91:10:c2:7b:2e:9e:45:aa:b0:db:42:d5:ff:
                    ce:8e:ad:1f:a7:c0:48:02:83:4b:c6:95:30:dd:de:
                    a1:99:5e:28:1c:bf:af:0a:15:62:13:ab:2e:32:a4:
                    b4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DF:D8:BE:BC:20:1B:C5:34:AA:CF:59:C4:35:EC:29:E6:7D:11:5C
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/zt_YvrwgG8U0qs9ZxDXsKeZ9EVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:99:9a:df:25:99:c2:9a:cf:e7:cc:42:d8:1a:6d:b4:8a:cb:
         cf:a8:7a:9e:49:92:63:91:c8:2d:5c:5a:04:6d:78:e4:04:9f:
         ec:30:70:cf:d1:6a:88:80:80:c8:e9:ec:73:09:a7:d3:49:c5:
         f5:01:9b:3f:e6:11:74:fd:bb:ef:1e:96:50:70:79:56:93:28:
         d8:8c:c9:2f:8c:2c:7c:7b:39:aa:aa:3a:c7:87:cc:8a:8d:61:
         95:a7:03:7a:e5:77:ba:51:c2:60:b8:da:95:6b:20:e1:ca:c8:
         6c:25:f5:04:43:49:6d:b0:4d:b7:a5:45:1d:f5:d6:c8:43:76:
         08:67:b0:4c:3c:b9:1f:bb:d5:13:9e:d5:d4:24:88:41:24:b0:
         61:e7:61:b1:10:10:ef:c2:8b:e3:34:20:53:9c:f3:7a:27:b3:
         05:a2:33:e7:b4:f9:b7:44:45:cb:79:fd:9d:49:c1:b9:51:e5:
         e9:9a:fc:46:e8:e5:1e:ca:d6:de:f2:ff:d7:df:b5:7f:10:7c:
         8a:15:de:c9:ae:cd:36:81:42:ea:d5:81:5b:a7:e6:14:45:20:
         c7:2d:ef:b1:2a:37:c6:a9:fc:79:4b:5f:9d:dd:a8:a8:e2:52:
         c4:50:35:b9:12:39:eb:68:8a:eb:90:97:ac:6f:de:e7:33:8a:
         7b:ed:cc:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4P633jucZqvwyl2dZgFj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjYwMzA0MDk0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRmZDhiZWJjMjAxYmM1MzRhYWNmNTljNDM1ZWMyOWU2N2QxMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6fZRA1FKszGn1+EybwYybL6kPln
cZmF9bLhSBfFWcB+fARon1LiQbsEzmC875mWwnW0p1AYm93jvHJ1JAc/7KmsyeEO
lJhZVyOhAtrYSx3KaZ2yhSzqu2uqbCAYZvYTlrRKBzM9UbprAuZT7RahZ6ja4Xzn
e6w/N0XOZ7t+yeyJQZppNZrKQ5gaTL5I+kveMgM9ESz4RlvP3bLBtOk4tVb+ndQ3
ProYX/q3uZgBGr+6iVV3ozi/4F6PIyJAq8XDDCcf6Mc+5OcIQ3fqemR+Q6PPjZEQ
wnsunkWqsNtC1f/Ojq0fp8BIAoNLxpUw3d6hmV4oHL+vChViE6suMqS0vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7f2L68IBvFNKrPWcQ17CnmfRFcMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvenRfWXZyd2dHOFUwcXM5WnhEWHNLZVo5RVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTd02MA0G
CSqGSIb3DQEBCwUAA4IBAQBKmZrfJZnCms/nzELYGm20isvPqHqeSZJjkcgtXFoE
bXjkBJ/sMHDP0WqIgIDI6exzCafTScX1AZs/5hF0/bvvHpZQcHlWkyjYjMkvjCx8
ezmqqjrHh8yKjWGVpwN65Xe6UcJguNqVayDhyshsJfUEQ0ltsE23pUUd9dbIQ3YI
Z7BMPLkfu9UTntXUJIhBJLBh52GxEBDvwovjNCBTnPN6J7MFojPntPm3REXLef2d
ScG5UeXpmvxG6OUeytbe8v/X37V/EHyKFd7Jrs02gULq1YFbp+YURSDHLe+xKjfG
qfx5S1+d3aio4lLEUDW5EjnraIrrkJesb97nM4p77cxc
-----END CERTIFICATE-----