Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/ziWW6n1B_UZcXiD6pfKzphrsK3A.roa
File:                     ziWW6n1B_UZcXiD6pfKzphrsK3A.roa (raw, json)
Hash identifier:          hLVr8gy4usgiH3/VrSF1XURRYPhpaPisnOC7F4Eq2L8=
Subject key identifier:   CE:25:96:EA:7D:41:FD:46:5C:5E:20:FA:A5:F2:B3:A6:1A:EC:2B:70
Certificate issuer:       /CN=b4664607db4c4d3e3c1562f28d20cfb923241810
Certificate serial:       019ED112258998072DCC795514549FED41F6
Authority key identifier: B4:66:46:07:DB:4C:4D:3E:3C:15:62:F2:8D:20:CF:B9:23:24:18:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGZGB9tMTT48FWLyjSDPuSMkGBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/ziWW6n1B_UZcXiD6pfKzphrsK3A.roa
Signing time:             Tue 16 Jun 2026 15:34:47 +0000
ROA not before:           Tue 16 Jun 2026 15:34:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31673
IP address blocks:        194.56.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/tGZGB9tMTT48FWLyjSDPuSMkGBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/tGZGB9tMTT48FWLyjSDPuSMkGBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGZGB9tMTT48FWLyjSDPuSMkGBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 12:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:12:25:89:98:07:2d:cc:79:55:14:54:9f:ed:41:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4664607db4c4d3e3c1562f28d20cfb923241810
        Validity
            Not Before: Jun 16 15:34:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce2596ea7d41fd465c5e20faa5f2b3a61aec2b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:55:c9:af:e1:f6:db:83:92:dc:a7:e6:59:
                    91:74:71:d9:72:2c:3e:42:fe:69:c0:54:5f:8b:a6:
                    2b:3d:37:d3:3e:6a:ec:6f:c6:23:c8:ea:a7:ab:e7:
                    97:fc:81:6d:bc:ca:1d:8c:e1:7e:12:e3:c7:ee:86:
                    e2:59:e0:d8:f4:74:ed:5d:d7:02:56:77:19:e6:8d:
                    b4:1f:b6:e4:5f:3e:fe:19:68:72:40:d1:fe:42:0f:
                    16:46:48:44:f7:37:5b:b4:e9:45:0f:18:88:13:8e:
                    bd:a6:9c:70:75:91:f8:3a:e6:84:0b:ad:2c:9d:2d:
                    1f:26:bf:d3:48:c0:3e:51:13:6f:9c:d1:88:39:f1:
                    c4:39:f4:15:3a:0f:4c:ed:aa:95:5e:63:9f:41:d0:
                    fb:58:4a:33:46:5c:7b:8e:e3:48:c1:9c:c6:f5:d1:
                    50:22:1e:8c:41:ca:0d:37:57:2d:53:b6:5e:c5:58:
                    c3:4e:3c:a0:18:e9:be:d9:d6:31:68:71:45:14:75:
                    61:e8:f3:17:7a:e5:49:c8:cf:9f:79:7b:6c:11:01:
                    59:dd:60:6a:f4:1f:7d:9e:34:8f:6b:d6:e3:75:a5:
                    d8:26:66:08:e5:53:c8:00:5c:7f:44:e6:ac:4f:93:
                    d5:f0:57:3d:63:0b:61:98:d4:18:25:b9:a8:ff:9b:
                    fd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:25:96:EA:7D:41:FD:46:5C:5E:20:FA:A5:F2:B3:A6:1A:EC:2B:70
            X509v3 Authority Key Identifier:
                keyid:B4:66:46:07:DB:4C:4D:3E:3C:15:62:F2:8D:20:CF:B9:23:24:18:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGZGB9tMTT48FWLyjSDPuSMkGBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/ziWW6n1B_UZcXiD6pfKzphrsK3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/336084-d2cf-4346-a720-c4236465a10b/1/tGZGB9tMTT48FWLyjSDPuSMkGBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:9c:2a:0e:bb:35:60:f5:60:54:3c:56:35:dc:d7:67:8d:5b:
         cc:d3:b7:cb:2f:0a:c1:94:4f:3a:8c:26:d0:eb:7e:f7:1b:54:
         aa:a4:78:3c:6f:bc:ca:de:70:90:9b:d8:b1:80:dd:34:8c:dc:
         d6:a5:b8:ab:03:fa:3c:dd:8e:46:bc:b8:40:d1:14:0a:82:59:
         e5:c8:89:b8:46:83:83:bb:92:61:e2:80:79:6c:e2:23:0d:15:
         de:ff:19:52:04:29:62:4b:c4:cd:32:47:3f:1f:75:40:fa:bc:
         52:3a:9c:e3:1b:92:1f:1c:31:7c:c9:0c:db:2a:84:48:b1:e5:
         cd:2d:ff:81:8f:ca:55:f6:8b:47:a2:90:8b:82:ac:8c:7b:e2:
         94:b9:c2:28:99:f2:90:8d:09:73:ea:37:41:f1:46:25:d7:a2:
         6f:72:27:4a:f6:51:62:e2:c7:1d:51:dc:37:f3:cb:cb:49:33:
         a0:23:71:46:53:b3:5c:44:b1:ca:1e:71:03:1f:5b:fc:9f:a7:
         02:03:98:ab:fe:06:ec:0a:23:4c:5c:db:f4:8f:bb:f3:7d:f8:
         3c:94:b7:fa:a0:6c:dc:ec:b9:1b:72:a9:82:1f:83:a2:ed:49:
         ae:66:fd:36:0d:55:37:f5:71:53:8f:1b:eb:a4:7b:28:e3:94:
         89:b1:10:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7REiWJmActzHlVFFSf7UH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjY0NjA3ZGI0YzRkM2UzYzE1NjJmMjhkMjBjZmI5MjMy
NDE4MTAwHhcNMjYwNjE2MTUzNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTI1OTZlYTdkNDFmZDQ2NWM1ZTIwZmFhNWYyYjNhNjFhZWMyYjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjdVya/h9tuDktyn5lmRdHHZciw+
Qv5pwFRfi6YrPTfTPmrsb8YjyOqnq+eX/IFtvModjOF+EuPH7obiWeDY9HTtXdcC
VncZ5o20H7bkXz7+GWhyQNH+Qg8WRkhE9zdbtOlFDxiIE469ppxwdZH4OuaEC60s
nS0fJr/TSMA+URNvnNGIOfHEOfQVOg9M7aqVXmOfQdD7WEozRlx7juNIwZzG9dFQ
Ih6MQcoNN1ctU7ZexVjDTjygGOm+2dYxaHFFFHVh6PMXeuVJyM+feXtsEQFZ3WBq
9B99njSPa9bjdaXYJmYI5VPIAFx/ROasT5PV8Fc9YwthmNQYJbmo/5v9iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4llup9Qf1GXF4g+qXys6Ya7CtwMB8GA1UdIwQY
MBaAFLRmRgfbTE0+PBVi8o0gz7kjJBgQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdaR0I5dE1UVDQ4RldMeWpTRFB1U01rR0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zMzYwODQtZDJjZi00MzQ2LWE3MjAt
YzQyMzY0NjVhMTBiLzEvemlXVzZuMUJfVVpjWGlENnBmS3pwaHJzSzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zMzYwODQtZDJjZi00MzQ2LWE3MjAtYzQyMzY0NjVhMTBi
LzEvdEdaR0I5dE1UVDQ4RldMeWpTRFB1U01rR0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhUMA0G
CSqGSIb3DQEBCwUAA4IBAQAenCoOuzVg9WBUPFY13NdnjVvM07fLLwrBlE86jCbQ
6373G1SqpHg8b7zK3nCQm9ixgN00jNzWpbirA/o83Y5GvLhA0RQKglnlyIm4RoOD
u5Jh4oB5bOIjDRXe/xlSBCliS8TNMkc/H3VA+rxSOpzjG5IfHDF8yQzbKoRIseXN
Lf+Bj8pV9otHopCLgqyMe+KUucIomfKQjQlz6jdB8UYl16JvcidK9lFi4scdUdw3
88vLSTOgI3FGU7NcRLHKHnEDH1v8n6cCA5ir/gbsCiNMXNv0j7vzffg8lLf6oGzc
7LkbcqmCH4Oi7UmuZv02DVU39XFTjxvrpHso45SJsRC7
-----END CERTIFICATE-----