Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/z5Z8Z2tKlaGPktlL14fVg_CdiCU.roa
File:                     z5Z8Z2tKlaGPktlL14fVg_CdiCU.roa (raw, json)
Hash identifier:          iGd31TW0VOTBGCegE7DFxLDTrPbC8L1UiasnIsbIsjk=
Subject key identifier:   CF:96:7C:67:6B:4A:95:A1:8F:92:D9:4B:D7:87:D5:83:F0:9D:88:25
Certificate issuer:       /CN=f22bed3f37cd72826511c574560deb55542550e4
Certificate serial:       019DBA95B5693A18E58FDFA31639C676EE6E
Authority key identifier: F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/z5Z8Z2tKlaGPktlL14fVg_CdiCU.roa
Signing time:             Thu 23 Apr 2026 13:44:26 +0000
ROA not before:           Thu 23 Apr 2026 13:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39686
IP address blocks:        46.22.176.0/23 maxlen: 24
                          195.189.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 16:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:95:b5:69:3a:18:e5:8f:df:a3:16:39:c6:76:ee:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f22bed3f37cd72826511c574560deb55542550e4
        Validity
            Not Before: Apr 23 13:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf967c676b4a95a18f92d94bd787d583f09d8825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:73:39:c1:bd:46:6b:34:71:ae:68:dc:50:
                    6d:03:74:d5:63:79:cc:4b:43:92:38:ed:75:83:91:
                    eb:46:d0:ef:f9:fe:08:55:5d:24:de:6f:ce:e4:0c:
                    ac:36:7c:1f:cf:93:d1:da:be:f3:2f:ea:d1:8e:da:
                    d8:e9:01:0a:6e:7c:3b:82:96:ae:ca:ab:fa:6c:d1:
                    8a:f3:a9:24:d3:ae:c2:39:6f:6e:16:f1:73:84:d1:
                    f8:18:e1:81:8b:f5:cb:c2:bb:aa:f9:a9:7c:47:8c:
                    76:73:fa:2b:d0:bc:5d:68:a6:43:d5:48:01:dd:eb:
                    dd:9a:fb:d4:50:da:cb:f5:06:b9:77:5e:c0:64:e5:
                    38:62:7b:9d:9e:1d:9b:79:de:7d:9d:5f:39:c5:e5:
                    99:ef:a0:f5:1b:90:a7:11:5c:f9:ad:cf:a0:da:d1:
                    0a:69:30:72:51:c7:fd:f9:b6:e1:5b:25:c2:8c:0e:
                    9f:f3:b5:cb:5a:ff:0a:ff:c1:c1:f4:1f:93:a1:23:
                    3e:d5:82:e5:a5:99:58:03:b5:28:77:0e:6c:50:2e:
                    2a:6d:f9:8d:e3:cd:ab:e5:f6:6c:d3:d2:f3:d2:75:
                    f8:14:8b:4c:85:72:e7:f7:c8:65:3e:02:5b:9c:40:
                    54:ce:94:af:ea:56:19:e8:b5:af:63:b3:d8:1b:a5:
                    78:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:96:7C:67:6B:4A:95:A1:8F:92:D9:4B:D7:87:D5:83:F0:9D:88:25
            X509v3 Authority Key Identifier:
                keyid:F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/z5Z8Z2tKlaGPktlL14fVg_CdiCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.176.0/23
                  195.189.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:29:9a:f7:bf:2d:b4:0c:54:01:d9:8e:4b:1a:1c:43:31:2f:
         51:a0:37:49:ee:40:da:cc:1e:d1:31:7d:dd:6c:49:7f:85:5f:
         f3:d8:e7:01:1c:60:ca:33:7f:f7:b2:c0:f3:95:b0:7a:59:31:
         9d:44:4e:bc:3b:79:e0:68:83:54:36:d0:3a:db:31:99:f7:94:
         09:37:d2:4e:cd:7a:48:a8:e3:f7:26:2b:45:12:05:88:1a:08:
         84:bb:ea:00:e0:c1:f6:9c:5a:d4:70:3b:99:7b:d8:ee:20:73:
         c3:49:d9:17:ca:ec:d1:2d:9e:ba:22:7c:ef:ac:0a:d5:53:63:
         ab:02:97:fa:a3:29:7f:df:91:19:cb:73:fb:11:e2:5a:0d:97:
         30:a3:eb:b5:4e:aa:55:56:23:0f:1b:16:87:f9:fe:12:65:9e:
         f3:61:74:73:69:8e:85:42:ef:10:61:7a:7d:24:40:6a:14:f3:
         15:e6:71:21:fe:4a:70:e4:c9:e2:1d:cd:57:74:b4:93:cd:fe:
         3d:31:bb:bf:5e:38:68:d4:e5:4b:03:36:5f:45:41:70:07:86:
         fc:41:7f:58:3c:15:7d:6c:f1:37:a9:f5:cd:03:a4:9f:97:6f:
         1a:e0:eb:49:99:ad:36:37:52:78:fa:e9:01:79:ce:2c:dc:8b:
         67:c2:d3:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ26lbVpOhjlj9+jFjnGdu5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMmJlZDNmMzdjZDcyODI2NTExYzU3NDU2MGRlYjU1NTQy
NTUwZTQwHhcNMjYwNDIzMTM0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjk2N2M2NzZiNGE5NWExOGY5MmQ5NGJkNzg3ZDU4M2YwOWQ4ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBpzOcG9Rms0ca5o3FBtA3TVY3nM
S0OSOO11g5HrRtDv+f4IVV0k3m/O5AysNnwfz5PR2r7zL+rRjtrY6QEKbnw7gpau
yqv6bNGK86kk067COW9uFvFzhNH4GOGBi/XLwruq+al8R4x2c/or0LxdaKZD1UgB
3evdmvvUUNrL9Qa5d17AZOU4Ynudnh2bed59nV85xeWZ76D1G5CnEVz5rc+g2tEK
aTByUcf9+bbhWyXCjA6f87XLWv8K/8HB9B+ToSM+1YLlpZlYA7Uodw5sUC4qbfmN
482r5fZs09Lz0nX4FItMhXLn98hlPgJbnEBUzpSv6lYZ6LWvY7PYG6V4hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+WfGdrSpWhj5LZS9eH1YPwnYglMB8GA1UdIwQY
MBaAFPIr7T83zXKCZRHFdFYN61VUJVDkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODkt
MjkwNjJlODcwYjY0LzEvejVaOFoydEtsYUdQa3RsTDE0ZlZnX0NkaUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODktMjkwNjJlODcwYjY0
LzEvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLhawAwQC
w70UMA0GCSqGSIb3DQEBCwUAA4IBAQByKZr3vy20DFQB2Y5LGhxDMS9RoDdJ7kDa
zB7RMX3dbEl/hV/z2OcBHGDKM3/3ssDzlbB6WTGdRE68O3ngaINUNtA62zGZ95QJ
N9JOzXpIqOP3JitFEgWIGgiEu+oA4MH2nFrUcDuZe9juIHPDSdkXyuzRLZ66Inzv
rArVU2OrApf6oyl/35EZy3P7EeJaDZcwo+u1TqpVViMPGxaH+f4SZZ7zYXRzaY6F
Qu8QYXp9JEBqFPMV5nEh/kpw5MniHc1XdLSTzf49Mbu/Xjho1OVLAzZfRUFwB4b8
QX9YPBV9bPE3qfXNA6Sfl28a4OtJma02N1J4+ukBec4s3ItnwtPE
-----END CERTIFICATE-----