Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/ZrPtSCJ532i12xugeZ1dO4rY230.roa
File:                     ZrPtSCJ532i12xugeZ1dO4rY230.roa (raw, json)
Hash identifier:          dH4IWysW7Ys5TJ2lt17gZtfQSYeKivQxpHQG4qiY7zQ=
Subject key identifier:   66:B3:ED:48:22:79:DF:68:B5:DB:1B:A0:79:9D:5D:3B:8A:D8:DB:7D
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019EB14862A178478036CCA51CBCAA045FE0
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/ZrPtSCJ532i12xugeZ1dO4rY230.roa
Signing time:             Wed 10 Jun 2026 11:26:11 +0000
ROA not before:           Wed 10 Jun 2026 11:26:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215068
IP address blocks:        92.63.232.0/24 maxlen: 24
                          185.157.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:48:62:a1:78:47:80:36:cc:a5:1c:bc:aa:04:5f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Jun 10 11:26:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66b3ed482279df68b5db1ba0799d5d3b8ad8db7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:1c:3f:62:31:97:e5:f9:cf:27:5f:a4:b6:ff:
                    7b:02:5a:0b:b5:32:2c:b5:ef:39:43:a5:8b:bd:2e:
                    59:65:06:c8:eb:b3:12:1a:fb:60:88:e1:0d:43:c8:
                    a9:cd:a0:38:d7:f7:9f:dd:ae:38:19:39:c2:23:91:
                    27:01:a6:54:11:03:9f:27:bd:b8:92:c1:bc:70:22:
                    df:c7:46:75:09:23:93:05:e9:c0:cc:dd:83:1f:b7:
                    ae:23:66:1b:11:ba:50:fb:22:8f:49:61:54:fb:32:
                    ad:0b:06:99:26:54:b0:c4:8f:a0:e1:34:9c:a9:8c:
                    6f:30:c7:b7:86:b9:b6:01:48:dd:a0:b3:2d:c0:6c:
                    de:a4:3c:26:01:08:21:c7:da:0f:9e:fc:c4:b5:e9:
                    0c:7d:ad:b0:84:28:a8:37:0d:ac:92:36:dc:3a:06:
                    83:b9:31:7f:e9:08:3b:01:57:a1:b9:d0:31:14:68:
                    ca:4d:c1:5c:b7:63:79:4a:3a:66:46:cd:76:ba:6c:
                    45:e1:36:0f:75:4a:28:0e:ac:11:48:54:4d:b4:f0:
                    83:27:d6:0c:33:f2:68:d7:e4:dc:dd:b7:32:7e:61:
                    39:0c:a9:b4:ce:e9:78:96:16:08:67:74:f4:4f:26:
                    6c:54:51:4e:86:3e:4b:81:7c:79:b6:1d:85:2e:eb:
                    0a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B3:ED:48:22:79:DF:68:B5:DB:1B:A0:79:9D:5D:3B:8A:D8:DB:7D
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/ZrPtSCJ532i12xugeZ1dO4rY230.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.232.0/24
                  185.157.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:5a:b4:d4:8d:77:2d:1f:fd:93:cb:b5:3a:9c:87:aa:43:ca:
         29:72:82:97:cf:82:92:93:51:68:3d:b5:08:ba:43:83:dc:82:
         d5:09:4d:7a:ff:86:62:de:13:c4:8d:b5:46:8b:03:d4:9d:73:
         2f:8f:7a:dd:de:c1:64:ab:46:27:8c:87:2d:ff:40:4f:31:d2:
         a2:2b:08:2a:04:21:f4:59:f5:3c:cd:f4:96:13:5a:c6:01:ea:
         65:b0:dd:82:d3:d5:e9:32:12:f8:e1:f9:2e:c7:f6:9c:ce:ce:
         73:fd:6e:1c:6a:2f:b8:3d:bd:c9:a4:0e:a4:8e:43:ae:13:07:
         00:a0:92:95:f8:80:e7:67:38:a6:58:c2:2c:75:7c:b9:36:5c:
         70:c6:3d:18:5c:4e:a0:83:b9:78:3c:8f:e7:b2:02:13:71:98:
         f2:67:3a:11:f1:e0:c9:ac:1f:2a:ec:53:07:ad:76:bf:60:f0:
         e3:f4:b4:b2:9e:45:a9:11:d1:a8:5b:10:38:d1:99:83:0f:83:
         ca:13:54:ed:90:9a:3b:5e:42:72:da:c4:97:3a:2c:e0:9c:95:
         a1:df:da:ba:17:3a:b8:57:85:26:45:1d:f0:35:bf:f3:51:50:
         0a:4a:c3:a9:8f:de:7d:19:db:70:66:36:ff:75:27:7c:d1:41:
         68:55:8b:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6xSGKheEeANsylHLyqBF/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNjEwMTEyNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmIzZWQ0ODIyNzlkZjY4YjVkYjFiYTA3OTlkNWQzYjhhZDhkYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Bw/YjGX5fnPJ1+ktv97AloLtTIs
te85Q6WLvS5ZZQbI67MSGvtgiOENQ8ipzaA41/ef3a44GTnCI5EnAaZUEQOfJ724
ksG8cCLfx0Z1CSOTBenAzN2DH7euI2YbEbpQ+yKPSWFU+zKtCwaZJlSwxI+g4TSc
qYxvMMe3hrm2AUjdoLMtwGzepDwmAQghx9oPnvzEtekMfa2whCioNw2skjbcOgaD
uTF/6Qg7AVehudAxFGjKTcFct2N5SjpmRs12umxF4TYPdUooDqwRSFRNtPCDJ9YM
M/Jo1+Tc3bcyfmE5DKm0zul4lhYIZ3T0TyZsVFFOhj5LgXx5th2FLusKRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGaz7Ugied9otdsboHmdXTuK2Nt9MB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvWnJQdFNDSjUzMmkxMnh1Z2VaMWRPNHJZMjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXD/oAwQA
uZ3ZMA0GCSqGSIb3DQEBCwUAA4IBAQCaWrTUjXctH/2Ty7U6nIeqQ8opcoKXz4KS
k1FoPbUIukOD3ILVCU16/4Zi3hPEjbVGiwPUnXMvj3rd3sFkq0YnjIct/0BPMdKi
KwgqBCH0WfU8zfSWE1rGAeplsN2C09XpMhL44fkux/aczs5z/W4cai+4Pb3JpA6k
jkOuEwcAoJKV+IDnZzimWMIsdXy5Nlxwxj0YXE6gg7l4PI/nsgITcZjyZzoR8eDJ
rB8q7FMHrXa/YPDj9LSynkWpEdGoWxA40ZmDD4PKE1TtkJo7XkJy2sSXOizgnJWh
39q6Fzq4V4UmRR3wNb/zUVAKSsOpj959GdtwZjb/dSd80UFoVYvK
-----END CERTIFICATE-----