Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZnY0gkdrdbJ2-MNdPvFbIVD5_DI.roa
File:                     ZnY0gkdrdbJ2-MNdPvFbIVD5_DI.roa (raw, json)
Hash identifier:          yYg2IMRmboZelqZVkMzXbd0fBpVQzamM1TIBoXGtnhU=
Subject key identifier:   66:76:34:82:47:6B:75:B2:76:F8:C3:5D:3E:F1:5B:21:50:F9:FC:32
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E6EE3DD477D712F68ED6F881B87A4C16A
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZnY0gkdrdbJ2-MNdPvFbIVD5_DI.roa
Signing time:             Thu 28 May 2026 14:01:27 +0000
ROA not before:           Thu 28 May 2026 14:01:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33355
IP address blocks:        87.85.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:e3:dd:47:7d:71:2f:68:ed:6f:88:1b:87:a4:c1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 28 14:01:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66763482476b75b276f8c35d3ef15b2150f9fc32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bb:ce:ee:ca:4f:56:08:02:e0:c6:5c:4f:30:
                    a5:72:c8:e9:01:51:de:76:b8:95:05:f7:09:cc:6a:
                    40:bb:95:8f:5d:02:8e:30:64:8e:8b:41:b8:06:09:
                    d6:2f:e0:2f:9f:23:f0:17:3a:0c:64:a9:e1:8c:8c:
                    ef:7e:36:ee:14:90:66:be:0a:3e:0e:25:e7:c5:b7:
                    09:c9:bf:1e:77:b2:8f:4c:26:dd:38:fa:37:19:90:
                    4a:e9:6a:3b:90:fd:44:27:c1:a1:d4:be:33:f4:0f:
                    a5:22:38:1b:98:91:8b:48:a4:e4:fa:e3:fb:a7:a9:
                    89:23:5f:7a:5b:3c:a3:4b:a8:f7:d8:d0:7b:b3:6f:
                    4b:85:84:49:c1:9d:85:b2:e3:26:3a:62:af:3b:35:
                    95:37:e1:fd:db:a4:0b:6d:13:08:66:5c:cf:73:bb:
                    8e:d7:68:a5:32:b1:fd:3d:43:4c:6e:e9:d9:ac:2c:
                    a1:12:91:95:e0:df:cd:53:fe:5f:b7:6b:41:5a:60:
                    d0:c4:07:14:a8:be:66:c2:9b:8b:a2:35:1a:5c:5e:
                    ba:df:5b:7c:4c:c3:84:80:20:56:4c:e2:64:33:e8:
                    f3:5a:c3:43:64:29:f0:84:50:82:9e:40:45:71:95:
                    3b:24:7d:6d:9f:7d:c6:96:05:75:78:57:58:f8:4d:
                    9d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:76:34:82:47:6B:75:B2:76:F8:C3:5D:3E:F1:5B:21:50:F9:FC:32
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ZnY0gkdrdbJ2-MNdPvFbIVD5_DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.85.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fe:e0:ba:b3:5a:52:41:fa:d0:29:57:f8:05:a4:09:ec:23:
         17:81:76:44:b2:da:6f:d5:cd:bc:36:6e:5a:d7:d1:21:cf:9c:
         0e:dc:7a:e3:c9:ed:e9:da:0b:bd:90:ab:eb:c9:2b:f2:77:88:
         27:d5:29:5c:7d:7d:05:47:87:40:87:27:b0:c3:b8:b1:96:80:
         a6:9c:6e:ff:cb:0a:c0:a1:34:40:16:e9:07:66:c2:6e:07:bd:
         ae:91:18:d9:8e:a9:24:fb:ef:7f:4e:52:d5:79:c6:f7:30:de:
         e6:9b:68:6f:0b:49:7b:1c:52:a2:0d:77:d1:0d:6a:6d:e3:33:
         35:7e:ce:e2:5b:e5:59:db:b5:73:ab:8a:11:a1:9f:77:55:1f:
         3b:5e:04:a2:7f:32:ab:fd:63:a0:0b:05:66:75:3b:32:3f:61:
         7a:28:28:96:5c:e1:53:80:7a:f3:43:b6:7a:eb:8c:88:09:a0:
         74:7d:65:77:04:df:7e:3f:8f:87:c9:f2:90:24:25:18:84:f3:
         e7:44:c6:52:b4:64:0b:90:6f:3f:d6:43:e7:02:30:c2:dd:c7:
         06:07:0a:39:c1:60:d7:47:89:84:d3:db:7b:2d:1c:85:3d:5e:
         da:b7:6b:66:fc:c5:e5:fa:69:2c:76:93:23:7d:ec:fc:3b:9b:
         d7:0e:d9:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5u491HfXEvaO1viBuHpMFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTI4MTQwMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njc2MzQ4MjQ3NmI3NWIyNzZmOGMzNWQzZWYxNWIyMTUwZjlmYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bvO7spPVggC4MZcTzClcsjpAVHe
driVBfcJzGpAu5WPXQKOMGSOi0G4BgnWL+AvnyPwFzoMZKnhjIzvfjbuFJBmvgo+
DiXnxbcJyb8ed7KPTCbdOPo3GZBK6Wo7kP1EJ8Gh1L4z9A+lIjgbmJGLSKTk+uP7
p6mJI196WzyjS6j32NB7s29LhYRJwZ2FsuMmOmKvOzWVN+H926QLbRMIZlzPc7uO
12ilMrH9PUNMbunZrCyhEpGV4N/NU/5ft2tBWmDQxAcUqL5mwpuLojUaXF6631t8
TMOEgCBWTOJkM+jzWsNDZCnwhFCCnkBFcZU7JH1tn33GlgV1eFdY+E2dQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ2NIJHa3WydvjDXT7xWyFQ+fwyMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWm5ZMGdrZHJkYkoyLU1OZFB2RmJJVkQ1X0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV1XrMA0G
CSqGSIb3DQEBCwUAA4IBAQAY/uC6s1pSQfrQKVf4BaQJ7CMXgXZEstpv1c28Nm5a
19Ehz5wO3Hrjye3p2gu9kKvrySvyd4gn1SlcfX0FR4dAhyeww7ixloCmnG7/ywrA
oTRAFukHZsJuB72ukRjZjqkk++9/TlLVecb3MN7mm2hvC0l7HFKiDXfRDWpt4zM1
fs7iW+VZ27Vzq4oRoZ93VR87XgSifzKr/WOgCwVmdTsyP2F6KCiWXOFTgHrzQ7Z6
64yICaB0fWV3BN9+P4+HyfKQJCUYhPPnRMZStGQLkG8/1kPnAjDC3ccGBwo5wWDX
R4mE09t7LRyFPV7at2tm/MXl+mksdpMjfez8O5vXDtls
-----END CERTIFICATE-----