Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Zz55_I-H_UufLJE_eRe-mtsUU54.roa
File:                     Zz55_I-H_UufLJE_eRe-mtsUU54.roa (raw, json)
Hash identifier:          u7R2+/b4iMWPiUkRjI8BD9H1p72nFzcXUmWqveqGyFA=
Subject key identifier:   67:3E:79:FC:8F:87:FD:4B:9F:2C:91:3F:79:17:BE:9A:DB:14:53:9E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D765A9DB3566D51C7AC7319B6B326D885
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Zz55_I-H_UufLJE_eRe-mtsUU54.roa
Signing time:             Fri 10 Apr 2026 07:45:43 +0000
ROA not before:           Fri 10 Apr 2026 07:45:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55177
IP address blocks:        212.134.91.0/24 maxlen: 24
                          212.135.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:5a:9d:b3:56:6d:51:c7:ac:73:19:b6:b3:26:d8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 10 07:45:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=673e79fc8f87fd4b9f2c913f7917be9adb14539e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9c:1c:4e:cc:f3:85:f2:2c:bf:74:5e:6e:b8:
                    e7:ab:3a:42:3d:72:c5:ac:f2:22:e1:6e:15:73:16:
                    af:38:be:fc:ed:6d:32:11:39:25:48:8b:7e:c3:bf:
                    95:1a:22:20:85:4a:25:9e:07:85:3a:a1:0d:9b:49:
                    9e:e7:ef:51:8b:6e:fb:30:4c:58:17:39:b3:c3:3b:
                    14:1d:3f:c6:94:16:50:14:f2:a0:a9:34:58:87:81:
                    ff:85:76:7c:a9:9e:8b:ca:3a:18:63:94:8a:be:04:
                    41:2d:37:7d:1e:b8:7a:05:e7:e1:c3:30:f9:5e:63:
                    c3:70:18:27:ac:63:74:2e:be:24:26:76:5b:51:5b:
                    60:25:d4:6a:12:f8:fa:a5:bc:98:11:16:86:2f:7b:
                    eb:b5:36:ae:95:31:50:0d:01:ee:d7:0e:dd:f0:8e:
                    ea:1c:f6:b9:07:cd:6c:3d:e9:30:e7:a5:da:e2:62:
                    03:6f:d9:d5:85:4b:59:5c:a4:18:70:e6:bb:b9:b0:
                    aa:63:24:2d:5c:a0:2c:0f:44:b3:ae:eb:3d:31:d7:
                    e9:06:9e:40:e3:41:a5:e4:15:b6:bc:2e:fc:40:03:
                    db:5e:3e:6a:bd:32:1a:a3:f1:e1:8a:11:54:7f:44:
                    24:90:d8:ab:a5:02:c4:14:b1:42:bd:4b:36:0a:32:
                    07:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3E:79:FC:8F:87:FD:4B:9F:2C:91:3F:79:17:BE:9A:DB:14:53:9E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Zz55_I-H_UufLJE_eRe-mtsUU54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.91.0/24
                  212.135.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:44:d6:cf:b7:b3:ea:ed:6d:6a:3a:2a:cb:d7:2e:01:67:0f:
         cc:eb:26:45:fa:1a:1c:36:18:41:c0:d5:00:ed:ea:0d:c8:4b:
         54:ce:ba:b3:7d:ab:9a:e6:49:93:e1:66:20:5d:81:7e:60:b4:
         3c:b3:d1:5f:22:74:cc:da:c4:7d:9b:7a:75:95:6e:31:d7:40:
         83:f3:31:a3:75:db:7f:be:2c:c1:08:95:68:6b:5b:42:ba:f4:
         ea:e4:da:45:86:ae:11:4e:37:61:62:e3:b9:2a:fb:b8:0a:ea:
         33:62:b6:47:75:ca:f9:4d:56:d0:3d:aa:e6:93:ba:b9:aa:a9:
         a7:c5:42:fc:3a:2c:35:97:22:c4:b0:b1:80:59:42:68:eb:89:
         39:ac:c1:b0:97:c8:c3:26:2c:aa:86:22:fd:97:f1:ec:be:c4:
         93:5c:78:8f:6f:fc:9d:e7:ec:28:1a:84:3e:5c:ab:0b:c0:22:
         38:11:55:95:cb:b8:46:e1:c3:25:2b:0a:16:13:aa:29:db:41:
         1f:3e:47:6a:bd:e2:44:ef:6d:b3:86:56:e9:7c:ba:70:b0:79:
         82:ba:46:db:09:c2:fa:0f:99:ba:97:36:59:b9:c3:c4:2d:56:
         e0:cc:af:f8:49:67:8a:ea:de:ab:c8:83:f6:c6:9a:e0:67:33:
         8b:91:ea:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ12Wp2zVm1Rx6xzGbazJtiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDEwMDc0NTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNlNzlmYzhmODdmZDRiOWYyYzkxM2Y3OTE3YmU5YWRiMTQ1MzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZwcTszzhfIsv3RebrjnqzpCPXLF
rPIi4W4VcxavOL787W0yETklSIt+w7+VGiIghUolngeFOqENm0me5+9Ri277MExY
FzmzwzsUHT/GlBZQFPKgqTRYh4H/hXZ8qZ6LyjoYY5SKvgRBLTd9Hrh6BefhwzD5
XmPDcBgnrGN0Lr4kJnZbUVtgJdRqEvj6pbyYERaGL3vrtTaulTFQDQHu1w7d8I7q
HPa5B81sPekw56Xa4mIDb9nVhUtZXKQYcOa7ubCqYyQtXKAsD0Szrus9MdfpBp5A
40Gl5BW2vC78QAPbXj5qvTIao/HhihFUf0QkkNirpQLEFLFCvUs2CjIH0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGc+efyPh/1LnyyRP3kXvprbFFOeMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWno1NV9JLUhfVXVmTEpFX2VSZS1tdHNVVTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZbAwQA
1If6MA0GCSqGSIb3DQEBCwUAA4IBAQA7RNbPt7Pq7W1qOirL1y4BZw/M6yZF+hoc
NhhBwNUA7eoNyEtUzrqzfaua5kmT4WYgXYF+YLQ8s9FfInTM2sR9m3p1lW4x10CD
8zGjddt/vizBCJVoa1tCuvTq5NpFhq4RTjdhYuO5Kvu4CuozYrZHdcr5TVbQParm
k7q5qqmnxUL8Oiw1lyLEsLGAWUJo64k5rMGwl8jDJiyqhiL9l/HsvsSTXHiPb/yd
5+woGoQ+XKsLwCI4EVWVy7hG4cMlKwoWE6op20EfPkdqveJE722zhlbpfLpwsHmC
ukbbCcL6D5m6lzZZucPELVbgzK/4SWeK6t6ryIP2xprgZzOLkeqg
-----END CERTIFICATE-----