Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/zJwEmTnW7QATFaFp9sYIGCKazMQ.roa
File:                     zJwEmTnW7QATFaFp9sYIGCKazMQ.roa (raw, json)
Hash identifier:          +aACYW5m9yGHFrPOwMLE83hHp9dZjYoXg/esUcp2bds=
Subject key identifier:   CC:9C:04:99:39:D6:ED:00:13:15:A1:69:F6:C6:08:18:22:9A:CC:C4
Certificate issuer:       /CN=032b9d2de53710b3158e42f22889109e2c40f43b
Certificate serial:       019ED70B1476C608FAC33280C93DFA427A03
Authority key identifier: 03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/zJwEmTnW7QATFaFp9sYIGCKazMQ.roa
Signing time:             Wed 17 Jun 2026 19:24:48 +0000
ROA not before:           Wed 17 Jun 2026 19:24:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207598
IP address blocks:        185.158.20.0/24 maxlen: 24
                          185.158.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 13:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d7:0b:14:76:c6:08:fa:c3:32:80:c9:3d:fa:42:7a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=032b9d2de53710b3158e42f22889109e2c40f43b
        Validity
            Not Before: Jun 17 19:24:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc9c049939d6ed001315a169f6c60818229accc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3b:6f:b7:7f:aa:e5:50:70:ab:4e:57:c2:d6:
                    35:2d:6f:5a:24:2e:8c:d6:84:be:8e:3b:77:0c:00:
                    80:5b:3c:d2:a5:5d:40:02:4d:62:4d:0c:27:53:da:
                    0b:37:d4:c0:eb:06:46:c7:15:e5:69:14:0a:f8:df:
                    a8:66:f3:9e:2d:21:fc:a3:8e:a4:3d:f7:03:96:b6:
                    88:8e:5c:c3:89:b8:3c:e6:07:b9:85:f9:2c:99:1f:
                    73:55:32:e8:2e:4f:37:51:33:95:e7:6c:e3:0e:db:
                    ad:e3:de:22:ba:87:0a:a7:09:14:a8:3f:4f:74:1f:
                    aa:d0:07:3d:69:68:43:02:d9:bb:a3:52:c0:f4:d8:
                    82:31:9f:6e:b5:5b:c8:bd:a3:c3:53:07:88:4c:9a:
                    ad:7f:a4:81:5f:64:18:47:ee:da:42:29:5f:25:b3:
                    05:a7:41:4f:59:31:3c:41:d7:59:ad:7e:49:80:c8:
                    d9:82:01:b7:a0:0e:db:f8:f0:5c:3a:f0:1e:3b:e8:
                    88:d0:29:ec:00:8d:5c:f9:e3:98:c6:28:33:2d:00:
                    1a:3a:2a:4c:b0:7c:cc:d5:80:de:37:4a:b3:ff:6c:
                    79:98:49:3f:3b:c8:77:4a:65:7d:f6:05:b8:10:2c:
                    0e:40:d1:a5:5d:cf:0e:60:4b:bf:19:e8:0f:ca:50:
                    6c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:9C:04:99:39:D6:ED:00:13:15:A1:69:F6:C6:08:18:22:9A:CC:C4
            X509v3 Authority Key Identifier:
                keyid:03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/zJwEmTnW7QATFaFp9sYIGCKazMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.20.0/24
                  185.158.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:9b:cd:77:4a:d7:ef:97:e0:c2:ab:4e:4d:1b:3c:c2:e1:73:
         91:5d:95:b0:1c:5b:79:37:15:26:c9:f3:b8:52:c8:92:a2:be:
         f6:62:db:8b:e4:d6:24:81:76:54:8e:f1:25:2c:42:56:55:16:
         49:4b:29:0e:6a:ec:2e:9b:ee:cd:22:ce:62:46:6f:2c:f1:b9:
         f8:9b:bf:db:09:22:dc:eb:60:9e:a8:49:f8:03:72:d6:5f:a7:
         03:02:65:52:87:54:3a:64:0e:f9:1f:88:99:91:eb:77:0a:20:
         d8:e9:87:63:10:0d:90:16:77:c8:cd:c0:3c:8a:79:c0:03:5f:
         32:38:e9:2a:79:f3:c9:1e:7e:3b:60:e8:30:39:49:13:bb:5b:
         63:d6:9d:08:eb:11:81:58:d6:b4:36:93:20:87:92:bc:cc:4b:
         a0:c1:1c:c1:fa:d0:cb:04:36:64:e5:fc:81:56:dd:81:e0:46:
         ff:e5:5b:8f:1e:bd:19:55:a6:7f:75:97:30:c6:61:1f:06:39:
         ae:e6:29:6f:2c:d2:64:f7:bf:86:33:34:29:12:ac:44:b2:df:
         66:10:7a:0e:a7:51:3e:c0:df:21:a8:29:f0:42:b1:58:ea:21:
         12:b9:79:cc:ed:7b:9c:3d:03:01:3a:03:3f:9f:78:84:84:4e:
         4a:dd:d3:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7XCxR2xgj6wzKAyT36QnoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMmI5ZDJkZTUzNzEwYjMxNThlNDJmMjI4ODkxMDllMmM0
MGY0M2IwHhcNMjYwNjE3MTkyNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzljMDQ5OTM5ZDZlZDAwMTMxNWExNjlmNmM2MDgxODIyOWFjY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArztvt3+q5VBwq05XwtY1LW9aJC6M
1oS+jjt3DACAWzzSpV1AAk1iTQwnU9oLN9TA6wZGxxXlaRQK+N+oZvOeLSH8o46k
PfcDlraIjlzDibg85ge5hfksmR9zVTLoLk83UTOV52zjDtut494iuocKpwkUqD9P
dB+q0Ac9aWhDAtm7o1LA9NiCMZ9utVvIvaPDUweITJqtf6SBX2QYR+7aQilfJbMF
p0FPWTE8QddZrX5JgMjZggG3oA7b+PBcOvAeO+iI0CnsAI1c+eOYxigzLQAaOipM
sHzM1YDeN0qz/2x5mEk/O8h3SmV99gW4ECwOQNGlXc8OYEu/GegPylBsBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMycBJk51u0AExWhafbGCBgimszEMB8GA1UdIwQY
MBaAFAMrnS3lNxCzFY5C8iiJEJ4sQPQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODIt
NGQxOWE4ZGUwYWJhLzEvekp3RW1Ublc3UUFURmFGcDlzWUlHQ0thek1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODItNGQxOWE4ZGUwYWJh
LzEvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZ4UAwQA
uZ4XMA0GCSqGSIb3DQEBCwUAA4IBAQAcm813Stfvl+DCq05NGzzC4XORXZWwHFt5
NxUmyfO4UsiSor72YtuL5NYkgXZUjvElLEJWVRZJSykOauwum+7NIs5iRm8s8bn4
m7/bCSLc62CeqEn4A3LWX6cDAmVSh1Q6ZA75H4iZket3CiDY6YdjEA2QFnfIzcA8
innAA18yOOkqefPJHn47YOgwOUkTu1tj1p0I6xGBWNa0NpMgh5K8zEugwRzB+tDL
BDZk5fyBVt2B4Eb/5VuPHr0ZVaZ/dZcwxmEfBjmu5ilvLNJk97+GMzQpEqxEst9m
EHoOp1E+wN8hqCnwQrFY6iESuXnM7XucPQMBOgM/n3iEhE5K3dPZ
-----END CERTIFICATE-----