Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/Z4c6kCUvzzoVVeXTlvD5zSC2iCg.roa
File:                     Z4c6kCUvzzoVVeXTlvD5zSC2iCg.roa (raw, json)
Hash identifier:          om3PtrySkjqMDy2VhaQO7ArZszjthTZD1eni2xvKrM0=
Subject key identifier:   67:87:3A:90:25:2F:CF:3A:15:55:E5:D3:96:F0:F9:CD:20:B6:88:28
Certificate issuer:       /CN=b732762a5e861e976de53d14786f39e3a669681b
Certificate serial:       01973EE40E635A52D64737CDA6AB208E6797
Authority key identifier: B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/Z4c6kCUvzzoVVeXTlvD5zSC2iCg.roa
Signing time:             Thu 05 Jun 2025 07:00:22 +0000
ROA not before:           Thu 05 Jun 2025 07:00:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208018
IP address blocks:        185.172.204.0/22 maxlen: 22
                          185.172.204.0/23 maxlen: 23
                          185.172.206.0/23 maxlen: 23
                          185.172.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3e:e4:0e:63:5a:52:d6:47:37:cd:a6:ab:20:8e:67:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b732762a5e861e976de53d14786f39e3a669681b
        Validity
            Not Before: Jun  5 07:00:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67873a90252fcf3a1555e5d396f0f9cd20b68828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:57:81:51:0e:5d:94:e0:8a:3d:1f:2f:78:c4:
                    60:f2:ae:96:2e:26:e7:e0:8f:b0:33:e8:35:7b:4d:
                    de:7f:d4:61:2a:a8:72:bc:79:a2:1b:c6:58:2a:83:
                    51:da:ef:4e:d3:21:4c:e5:81:f9:4f:e9:9c:64:1f:
                    13:40:7d:c1:a2:92:0b:85:3b:11:24:77:22:cc:73:
                    a0:5f:02:1f:ad:5f:b9:70:95:61:0a:bb:fd:99:66:
                    72:f1:b9:ad:d4:4a:61:c2:9f:22:0d:7f:b8:ae:1f:
                    b8:44:ff:d2:b4:38:d6:39:c5:78:e6:6c:55:a5:a7:
                    81:51:cc:a0:e3:2d:69:f9:2d:b1:f8:1e:4b:c3:e4:
                    2d:66:88:ae:3b:db:c7:4d:5c:04:14:f2:3e:39:ee:
                    73:c9:84:29:86:41:d7:ae:a7:20:ef:e9:d7:2b:ec:
                    06:5a:55:a8:52:53:45:08:d0:3e:4d:49:53:ec:09:
                    2a:f9:46:e2:58:9e:69:d8:b0:9b:94:89:2c:98:32:
                    8b:a6:d2:be:3c:bf:5c:c7:13:04:d0:b1:e6:ef:a2:
                    1a:43:0d:26:46:1b:f3:87:54:1d:6e:11:9f:a8:7c:
                    0c:6b:e1:58:2f:e6:10:a0:1d:2a:39:18:2c:6c:62:
                    b8:02:26:1e:36:d3:ee:44:2c:6a:3f:64:5b:39:c7:
                    10:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:87:3A:90:25:2F:CF:3A:15:55:E5:D3:96:F0:F9:CD:20:B6:88:28
            X509v3 Authority Key Identifier:
                keyid:B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/Z4c6kCUvzzoVVeXTlvD5zSC2iCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:d2:94:57:9d:ae:cf:48:9e:ed:a9:7e:85:bf:73:ee:d1:9a:
         42:4e:5a:6f:d7:2e:97:c8:bc:93:15:d0:42:b8:57:d3:80:2a:
         8f:13:a7:74:d9:81:84:7b:14:7d:21:21:c8:31:d2:c7:7c:06:
         41:52:45:04:09:ff:08:e9:53:52:39:01:e1:5b:53:50:9b:0c:
         42:eb:99:ff:3d:e9:19:f1:ce:2c:30:17:64:dc:3d:25:72:0a:
         f4:49:ad:90:01:dd:e8:72:ec:5f:54:ee:46:d3:36:d2:12:5e:
         54:b7:85:2a:bd:e3:96:f5:cc:d1:ad:25:77:23:3b:ec:2c:79:
         62:9d:84:9b:1c:dd:f8:15:bb:1d:a1:78:6e:f1:b1:ff:31:79:
         13:e7:a1:05:7c:42:3d:52:b5:23:7e:e0:fb:79:34:44:81:36:
         44:7d:ec:37:b2:a3:b1:b6:a0:c6:80:e8:06:ab:d3:0a:47:b7:
         4d:ed:62:9e:90:8f:9a:66:d6:4a:c4:33:9b:38:fc:dc:7b:02:
         bf:0c:60:7d:78:93:9f:ab:8f:36:4c:d0:78:da:4d:a2:48:2a:
         da:c1:c5:32:b1:ac:80:43:6c:2f:77:c6:68:36:4b:a8:a0:5f:
         24:20:0b:6b:85:16:f0:c6:2b:56:e7:64:eb:f4:37:df:18:6f:
         86:7b:6c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc+5A5jWlLWRzfNpqsgjmeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MzI3NjJhNWU4NjFlOTc2ZGU1M2QxNDc4NmYzOWUzYTY2
OTY4MWIwHhcNMjUwNjA1MDcwMDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg3M2E5MDI1MmZjZjNhMTU1NWU1ZDM5NmYwZjljZDIwYjY4ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFeBUQ5dlOCKPR8veMRg8q6WLibn
4I+wM+g1e03ef9RhKqhyvHmiG8ZYKoNR2u9O0yFM5YH5T+mcZB8TQH3BopILhTsR
JHcizHOgXwIfrV+5cJVhCrv9mWZy8bmt1Ephwp8iDX+4rh+4RP/StDjWOcV45mxV
paeBUcyg4y1p+S2x+B5Lw+QtZoiuO9vHTVwEFPI+Oe5zyYQphkHXrqcg7+nXK+wG
WlWoUlNFCNA+TUlT7Akq+UbiWJ5p2LCblIksmDKLptK+PL9cxxME0LHm76IaQw0m
Rhvzh1QdbhGfqHwMa+FYL+YQoB0qORgsbGK4AiYeNtPuRCxqP2RbOccQswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeHOpAlL886FVXl05bw+c0gtogoMB8GA1UdIwQY
MBaAFLcydipehh6XbeU9FHhvOeOmaWgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDct
NjNiNTJhYTdmOGRhLzEvWjRjNmtDVXZ6em9WVmVYVGx2RDV6U0MyaUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDctNjNiNTJhYTdmOGRh
LzEvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuazMMA0G
CSqGSIb3DQEBCwUAA4IBAQBN0pRXna7PSJ7tqX6Fv3Pu0ZpCTlpv1y6XyLyTFdBC
uFfTgCqPE6d02YGEexR9ISHIMdLHfAZBUkUECf8I6VNSOQHhW1NQmwxC65n/PekZ
8c4sMBdk3D0lcgr0Sa2QAd3ocuxfVO5G0zbSEl5Ut4UqveOW9czRrSV3IzvsLHli
nYSbHN34FbsdoXhu8bH/MXkT56EFfEI9UrUjfuD7eTREgTZEfew3sqOxtqDGgOgG
q9MKR7dN7WKekI+aZtZKxDObOPzcewK/DGB9eJOfq482TNB42k2iSCrawcUysayA
Q2wvd8ZoNkuooF8kIAtrhRbwxitW52Tr9DffGG+Ge2zi
-----END CERTIFICATE-----