Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZACJ575T_HwtH4jG0DH5leUPuEY.roa
File:                     ZACJ575T_HwtH4jG0DH5leUPuEY.roa (raw, json)
Hash identifier:          NO12e98y2QhMNCLtqarI7nXHbBu7dFYH3l/p8OjqCmA=
Subject key identifier:   64:00:89:E7:BE:53:FC:7C:2D:1F:88:C6:D0:31:F9:95:E5:0F:B8:46
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DC98B5DDE9DA73B8764B5FDDEDF0EB7BD
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZACJ575T_HwtH4jG0DH5leUPuEY.roa
Signing time:             Sun 26 Apr 2026 11:27:27 +0000
ROA not before:           Sun 26 Apr 2026 11:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        212.134.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 11:27:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:8b:5d:de:9d:a7:3b:87:64:b5:fd:de:df:0e:b7:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 26 11:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=640089e7be53fc7c2d1f88c6d031f995e50fb846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3c:7c:0b:f6:8c:ba:d6:cc:16:83:68:60:8d:
                    f2:0f:02:fd:af:cf:7c:fc:6f:85:9a:93:49:52:49:
                    a8:9f:3e:5a:f1:1c:47:df:91:4d:83:a2:4d:58:a1:
                    6a:42:d6:01:92:ca:6f:90:ca:aa:de:97:1e:e8:e0:
                    d1:11:b5:37:6b:a8:7d:22:a3:c7:c3:6f:55:de:3b:
                    e0:ef:1e:9d:fe:6f:3f:69:68:e5:4e:41:67:58:fb:
                    be:8e:43:05:ef:e5:75:a6:a4:db:db:f6:18:45:c8:
                    a0:66:79:50:46:84:05:85:b5:4c:fe:fe:d9:56:19:
                    86:90:d8:b1:43:54:59:f0:14:87:27:22:cf:21:6f:
                    61:7a:6b:a9:a3:85:b1:8c:ea:d6:81:96:0c:1c:bb:
                    39:34:81:51:9d:d9:fc:9f:d5:76:8a:8b:77:17:f5:
                    78:db:15:9a:6a:97:4e:cf:a2:84:92:5d:30:5f:25:
                    19:a1:5d:97:b9:95:3b:f2:bb:e7:14:89:cc:2a:4a:
                    25:81:3e:3a:ad:9f:15:62:02:6a:3c:4e:d2:aa:38:
                    55:8e:06:db:8e:0e:a5:be:07:93:b3:7d:72:81:b6:
                    63:91:72:52:7a:26:f5:e6:70:a0:7d:7a:80:d4:61:
                    d1:23:87:bf:a4:25:02:4a:47:cf:3f:2f:2a:fb:85:
                    4a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:00:89:E7:BE:53:FC:7C:2D:1F:88:C6:D0:31:F9:95:E5:0F:B8:46
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZACJ575T_HwtH4jG0DH5leUPuEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:b8:0a:e0:e9:b9:dd:0e:81:01:38:59:c6:ce:f8:ca:8b:81:
         4e:e6:b1:1a:2b:70:df:25:dd:54:05:19:5b:22:e0:49:75:97:
         38:92:a2:1b:ff:22:5b:da:51:6e:6a:53:12:9b:62:8e:80:1b:
         5c:62:36:be:da:d9:47:8c:81:a9:1f:f4:39:d8:37:c0:02:cb:
         6e:62:e7:74:3d:d8:89:6d:6b:a5:ba:5f:6e:86:28:76:8d:cc:
         64:b3:90:42:53:d2:2f:93:e4:af:4c:e9:41:15:21:8e:a9:c9:
         08:77:b4:99:87:e2:ea:30:24:a2:d7:d7:11:2e:e1:02:70:10:
         90:31:f0:64:c0:ad:f8:0d:d2:d9:25:44:79:19:10:1d:df:7f:
         b0:f2:39:5b:31:cb:bd:a2:3e:92:13:8b:c2:b4:b6:7b:17:e5:
         4c:0f:15:34:d2:41:0b:23:74:ed:e6:11:c8:84:8d:55:b8:91:
         16:1e:da:b1:ce:69:39:59:f3:7b:e9:8e:15:cb:5b:bd:c5:51:
         26:89:67:89:a8:72:2e:37:8b:ff:11:88:15:8a:9c:c7:d2:24:
         03:ad:4a:ff:45:be:30:7a:38:e7:71:81:4d:cd:ca:ae:55:71:
         45:86:02:1a:06:cc:a3:7b:ca:71:a4:02:d4:8b:bb:6a:d0:5b:
         88:04:fe:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Ji13enac7h2S1/d7fDre9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDI2MTEyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDAwODllN2JlNTNmYzdjMmQxZjg4YzZkMDMxZjk5NWU1MGZiODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTx8C/aMutbMFoNoYI3yDwL9r898
/G+FmpNJUkmonz5a8RxH35FNg6JNWKFqQtYBkspvkMqq3pce6ODREbU3a6h9IqPH
w29V3jvg7x6d/m8/aWjlTkFnWPu+jkMF7+V1pqTb2/YYRcigZnlQRoQFhbVM/v7Z
VhmGkNixQ1RZ8BSHJyLPIW9hemupo4WxjOrWgZYMHLs5NIFRndn8n9V2iot3F/V4
2xWaapdOz6KEkl0wXyUZoV2XuZU78rvnFInMKkolgT46rZ8VYgJqPE7SqjhVjgbb
jg6lvgeTs31ygbZjkXJSeib15nCgfXqA1GHRI4e/pCUCSkfPPy8q+4VKOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQAiee+U/x8LR+IxtAx+ZXlD7hGMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWkFDSjU3NVRfSHd0SDRqRzBESDVsZVVQdUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYWMA0G
CSqGSIb3DQEBCwUAA4IBAQCsuArg6bndDoEBOFnGzvjKi4FO5rEaK3DfJd1UBRlb
IuBJdZc4kqIb/yJb2lFualMSm2KOgBtcYja+2tlHjIGpH/Q52DfAAstuYud0PdiJ
bWulul9uhih2jcxks5BCU9Ivk+SvTOlBFSGOqckId7SZh+LqMCSi19cRLuECcBCQ
MfBkwK34DdLZJUR5GRAd33+w8jlbMcu9oj6SE4vCtLZ7F+VMDxU00kELI3Tt5hHI
hI1VuJEWHtqxzmk5WfN76Y4Vy1u9xVEmiWeJqHIuN4v/EYgVipzH0iQDrUr/Rb4w
ejjncYFNzcquVXFFhgIaBsyje8pxpALUi7tq0FuIBP5G
-----END CERTIFICATE-----