Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZvrF4x03e_0rvN9F7j6sOeNDujQ.roa
File:                     ZvrF4x03e_0rvN9F7j6sOeNDujQ.roa (raw, json)
Hash identifier:          WHVIkPKDtLaOzKkbjv7EHAjnZRF15KhTASVWz6iAm+s=
Subject key identifier:   66:FA:C5:E3:1D:37:7B:FD:2B:BC:DF:45:EE:3E:AC:39:E3:43:BA:34
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019EA7A071FD59C2A0BD9F491C7E4D579FF2
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZvrF4x03e_0rvN9F7j6sOeNDujQ.roa
Signing time:             Mon 08 Jun 2026 14:26:10 +0000
ROA not before:           Mon 08 Jun 2026 14:26:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204339
IP address blocks:        46.8.96.0/24 maxlen: 24
                          46.8.178.0/24 maxlen: 24
                          46.8.179.0/24 maxlen: 24
                          46.8.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:a0:71:fd:59:c2:a0:bd:9f:49:1c:7e:4d:57:9f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jun  8 14:26:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66fac5e31d377bfd2bbcdf45ee3eac39e343ba34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:48:ac:4a:88:e6:58:6c:75:79:2a:b9:e7:2a:
                    e2:e8:a9:b4:52:e5:09:54:e6:f6:1d:3d:14:af:48:
                    27:e0:2e:e8:5c:a0:3c:e0:6a:c9:58:e7:81:e8:83:
                    4e:2c:b0:67:d1:49:51:0c:c1:e2:c7:14:c6:21:34:
                    61:3a:bf:f9:86:2e:b0:8c:ec:58:df:d6:4f:7e:92:
                    f7:20:af:8b:7a:3d:9d:b1:85:ee:f7:3e:f9:d4:ca:
                    5d:fa:e4:aa:ec:ff:e2:bc:63:45:d5:bf:31:f1:e5:
                    04:ae:4a:c1:a8:56:4c:b3:ac:ce:0b:66:b8:b3:c4:
                    8e:19:01:6b:4b:e8:27:58:a1:a0:d4:b6:99:5e:37:
                    98:3d:18:c5:80:03:1b:af:9f:84:02:f7:28:d9:46:
                    63:99:33:47:68:ec:4b:88:07:bd:38:c9:75:c8:f9:
                    29:cf:5c:41:35:09:6f:62:8e:db:54:a4:6d:75:64:
                    90:ed:f8:8b:fe:50:5e:87:26:f9:17:67:dc:52:36:
                    a8:15:e1:3c:97:d1:ae:0d:41:1e:28:2d:50:0c:52:
                    67:0a:31:3f:85:41:5c:96:dc:91:99:91:de:fb:c8:
                    e0:cf:72:09:39:18:65:d1:0b:c3:6e:5d:1e:4f:c1:
                    15:23:d2:b5:5b:d9:fa:20:16:40:ff:7b:a3:50:46:
                    58:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FA:C5:E3:1D:37:7B:FD:2B:BC:DF:45:EE:3E:AC:39:E3:43:BA:34
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZvrF4x03e_0rvN9F7j6sOeNDujQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.96.0/24
                  46.8.178.0/23
                  46.8.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:06:49:cb:59:de:cf:54:62:c0:3a:09:b2:d4:9f:9f:08:29:
         18:4d:cd:4b:46:93:62:01:b6:ea:db:17:f2:81:87:09:27:87:
         9c:4c:8e:58:69:80:10:6e:be:4a:71:99:54:8e:f7:1d:b2:f5:
         c6:8b:dd:bf:b5:10:45:a1:14:5e:1a:36:e0:a1:d8:db:06:86:
         0e:37:84:a1:c0:13:d8:df:1c:60:9d:0a:57:4b:c1:4a:bc:53:
         12:a1:89:87:6b:b6:22:d4:61:99:33:8c:87:f0:b4:ff:a7:5f:
         9f:9e:e1:0b:e6:30:2c:e1:b4:d8:e6:de:28:ee:0a:98:9a:f2:
         66:e5:62:c7:aa:7e:1d:43:8c:93:12:7a:45:8c:e8:43:5c:72:
         c0:19:d7:23:61:5b:74:59:29:39:a0:8e:a6:b1:57:16:c9:c5:
         75:b6:2e:c6:3a:64:7a:e2:dc:4a:b5:4f:e6:bf:61:35:cf:e6:
         ee:a5:63:85:17:0c:b8:a5:b7:e7:3b:28:61:9d:95:7b:db:47:
         12:86:78:a2:fe:5f:eb:da:f4:d3:b6:cf:11:29:fd:0f:bb:5d:
         65:97:9d:75:8b:31:c0:e5:aa:65:53:06:0d:4b:fe:a3:dd:3d:
         b5:42:fb:44:82:74:24:76:a4:1b:ef:df:d9:74:bc:33:9e:7f:
         9e:f4:93:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6noHH9WcKgvZ9JHH5NV5/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwNjA4MTQyNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZhYzVlMzFkMzc3YmZkMmJiY2RmNDVlZTNlYWMzOWUzNDNiYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUisSojmWGx1eSq55yri6Km0UuUJ
VOb2HT0Ur0gn4C7oXKA84GrJWOeB6INOLLBn0UlRDMHixxTGITRhOr/5hi6wjOxY
39ZPfpL3IK+Lej2dsYXu9z751Mpd+uSq7P/ivGNF1b8x8eUErkrBqFZMs6zOC2a4
s8SOGQFrS+gnWKGg1LaZXjeYPRjFgAMbr5+EAvco2UZjmTNHaOxLiAe9OMl1yPkp
z1xBNQlvYo7bVKRtdWSQ7fiL/lBehyb5F2fcUjaoFeE8l9GuDUEeKC1QDFJnCjE/
hUFcltyRmZHe+8jgz3IJORhl0QvDbl0eT8EVI9K1W9n6IBZA/3ujUEZYHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGb6xeMdN3v9K7zfRe4+rDnjQ7o0MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWnZyRjR4MDNlXzBydk45RjdqNnNPZU5EdWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALghgAwQB
LgiyAwQALgjaMA0GCSqGSIb3DQEBCwUAA4IBAQAoBknLWd7PVGLAOgmy1J+fCCkY
Tc1LRpNiAbbq2xfygYcJJ4ecTI5YaYAQbr5KcZlUjvcdsvXGi92/tRBFoRReGjbg
odjbBoYON4ShwBPY3xxgnQpXS8FKvFMSoYmHa7Yi1GGZM4yH8LT/p1+fnuEL5jAs
4bTY5t4o7gqYmvJm5WLHqn4dQ4yTEnpFjOhDXHLAGdcjYVt0WSk5oI6msVcWycV1
ti7GOmR64txKtU/mv2E1z+bupWOFFwy4pbfnOyhhnZV720cShnii/l/r2vTTts8R
Kf0Pu11ll511izHA5aplUwYNS/6j3T21QvtEgnQkdqQb79/ZdLwznn+e9JOm
-----END CERTIFICATE-----