Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/zj7l-XB4ir-Br4qiRjHhOvxnx2E.roa
File:                     zj7l-XB4ir-Br4qiRjHhOvxnx2E.roa (raw, json)
Hash identifier:          hJIkYZoYjwX+UQUpvmn9CWFY8wR0zPivjXLUKJl5hsQ=
Subject key identifier:   CE:3E:E5:F9:70:78:8A:BF:81:AF:8A:A2:46:31:E1:3A:FC:67:C7:61
Certificate issuer:       /CN=99e9cf3491b6d9e2754cb538845c073ca52785ca
Certificate serial:       019F2368A9B79911FF06CAEAD2245A08BA83
Authority key identifier: 99:E9:CF:34:91:B6:D9:E2:75:4C:B5:38:84:5C:07:3C:A5:27:85:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/menPNJG22eJ1TLU4hFwHPKUnhco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/zj7l-XB4ir-Br4qiRjHhOvxnx2E.roa
Signing time:             Thu 02 Jul 2026 15:18:09 +0000
ROA not before:           Thu 02 Jul 2026 15:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207645
IP address blocks:        45.137.18.0/24 maxlen: 24
                          194.120.133.0/24 maxlen: 24
                          2a0d:b100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/menPNJG22eJ1TLU4hFwHPKUnhco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/menPNJG22eJ1TLU4hFwHPKUnhco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/menPNJG22eJ1TLU4hFwHPKUnhco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:a9:b7:99:11:ff:06:ca:ea:d2:24:5a:08:ba:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99e9cf3491b6d9e2754cb538845c073ca52785ca
        Validity
            Not Before: Jul  2 15:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce3ee5f970788abf81af8aa24631e13afc67c761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:32:1a:81:b4:42:1c:7f:d4:60:17:af:9a:0d:
                    74:11:33:9c:6c:df:6b:41:3f:6b:14:fe:40:23:e7:
                    07:ca:7f:b3:2a:16:1a:96:31:46:ea:7b:cb:22:ea:
                    94:9c:df:b4:5d:a8:36:19:36:8c:c6:a5:ba:ee:1a:
                    3c:6b:02:ac:56:53:71:a2:52:d0:10:d9:1e:ad:3f:
                    42:a2:a5:4a:8b:70:4f:e8:eb:bd:08:e3:cf:01:a5:
                    23:8c:fb:04:2e:d5:15:be:f3:41:98:02:2e:a2:bc:
                    90:18:e2:27:ab:cb:f6:98:2a:33:29:bc:28:81:40:
                    ea:2f:d4:e6:f5:f7:f7:d0:86:b3:25:a7:65:5b:76:
                    46:3b:44:ef:19:45:22:fb:1d:13:54:3b:89:73:fd:
                    01:69:5d:a4:70:9d:df:e9:9c:a6:5f:07:97:24:f5:
                    b1:8d:84:c1:38:fd:40:50:32:22:67:22:fb:d1:d4:
                    a0:68:05:92:04:7c:df:c3:db:4d:6d:9e:0d:52:97:
                    90:d1:e2:fb:07:b3:16:da:fa:1f:24:79:53:93:b4:
                    75:d7:c7:9f:b1:fd:b2:d6:df:30:d9:74:5e:95:28:
                    da:41:af:77:1a:5b:17:ef:fe:fc:69:98:ec:b8:37:
                    ae:39:fb:37:fa:08:1a:39:a7:5e:46:e7:8b:31:3a:
                    11:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:3E:E5:F9:70:78:8A:BF:81:AF:8A:A2:46:31:E1:3A:FC:67:C7:61
            X509v3 Authority Key Identifier:
                keyid:99:E9:CF:34:91:B6:D9:E2:75:4C:B5:38:84:5C:07:3C:A5:27:85:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/menPNJG22eJ1TLU4hFwHPKUnhco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/zj7l-XB4ir-Br4qiRjHhOvxnx2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/menPNJG22eJ1TLU4hFwHPKUnhco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.18.0/24
                  194.120.133.0/24
                IPv6:
                  2a0d:b100::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:18:70:a0:ff:ca:3c:94:77:0b:f2:dd:3a:37:d0:6b:4d:b1:
         0e:aa:fb:ac:32:4d:ed:68:e2:6e:34:e9:e4:c7:b6:5d:38:13:
         bc:a2:fe:cd:4e:92:90:76:a8:cf:8a:15:01:90:b7:76:4b:9a:
         b8:c3:ff:71:60:4d:db:6e:32:70:2b:28:b3:9e:c1:3b:12:3e:
         02:86:ca:77:f1:32:99:ed:7e:d6:db:34:a4:be:7d:f1:81:35:
         21:ca:2e:90:2d:bc:ff:78:65:d3:91:1b:6b:ef:71:02:20:02:
         67:0d:fb:e5:1d:ba:95:c8:f3:0f:90:06:7f:f9:b5:b5:66:61:
         9e:b1:87:82:cd:24:88:06:b8:af:63:a3:73:a7:f7:30:07:7e:
         5e:23:c5:51:44:0c:8e:29:29:3d:00:5f:ba:a1:c4:3a:c2:df:
         d5:91:3c:2f:cc:61:2d:f3:af:8f:8b:45:29:9a:98:41:9e:47:
         d4:cd:c9:d4:61:94:48:4b:43:20:5f:21:8d:4e:4c:b3:14:b1:
         c2:6c:53:04:b3:3e:39:0a:82:f9:36:1a:ab:de:cc:6d:36:7f:
         46:7a:8a:cc:7f:20:61:86:8a:51:c2:fd:29:72:5e:05:20:1d:
         fc:66:d0:47:8e:35:50:45:af:ce:5e:f0:2e:b0:4c:b4:55:d1:
         aa:74:22:4b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ8jaKm3mRH/Bsrq0iRaCLqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZTljZjM0OTFiNmQ5ZTI3NTRjYjUzODg0NWMwNzNjYTUy
Nzg1Y2EwHhcNMjYwNzAyMTUxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTNlZTVmOTcwNzg4YWJmODFhZjhhYTI0NjMxZTEzYWZjNjdjNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDIagbRCHH/UYBevmg10ETOcbN9r
QT9rFP5AI+cHyn+zKhYaljFG6nvLIuqUnN+0Xag2GTaMxqW67ho8awKsVlNxolLQ
ENkerT9CoqVKi3BP6Ou9COPPAaUjjPsELtUVvvNBmAIuoryQGOInq8v2mCozKbwo
gUDqL9Tm9ff30IazJadlW3ZGO0TvGUUi+x0TVDuJc/0BaV2kcJ3f6ZymXweXJPWx
jYTBOP1AUDIiZyL70dSgaAWSBHzfw9tNbZ4NUpeQ0eL7B7MW2vofJHlTk7R118ef
sf2y1t8w2XRelSjaQa93GlsX7/78aZjsuDeuOfs3+ggaOadeRueLMToRhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM4+5flweIq/ga+KokYx4Tr8Z8dhMB8GA1UdIwQY
MBaAFJnpzzSRttnidUy1OIRcBzylJ4XKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWVuUE5KRzIyZUoxVExVNGhGd0hQS1VuaGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYt
YjZkNjRhMDAzZDllLzEvemo3bC1YQjRpci1CcjRxaVJqSGhPdnhueDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYtYjZkNjRhMDAzZDll
LzEvbWVuUE5KRzIyZUoxVExVNGhGd0hQS1VuaGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYkSAwQA
wniFMA0EAgACMAcDBQMqDbEAMA0GCSqGSIb3DQEBCwUAA4IBAQClGHCg/8o8lHcL
8t06N9BrTbEOqvusMk3taOJuNOnkx7ZdOBO8ov7NTpKQdqjPihUBkLd2S5q4w/9x
YE3bbjJwKyiznsE7Ej4Chsp38TKZ7X7W2zSkvn3xgTUhyi6QLbz/eGXTkRtr73EC
IAJnDfvlHbqVyPMPkAZ/+bW1ZmGesYeCzSSIBrivY6Nzp/cwB35eI8VRRAyOKSk9
AF+6ocQ6wt/VkTwvzGEt86+Pi0UpmphBnkfUzcnUYZRIS0MgXyGNTkyzFLHCbFME
sz45CoL5Nhqr3sxtNn9GeorMfyBhhopRwv0pcl4FIB38ZtBHjjVQRa/OXvAusEy0
VdGqdCJL
-----END CERTIFICATE-----
Generated at Fri Jul 3 20:06:02 2026 by rpki-client