Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Zmyyqs877aePE7D0jYO6E17Lc28.roa
File:                     Zmyyqs877aePE7D0jYO6E17Lc28.roa (raw, json)
Hash identifier:          XPAAEJH7K60fS7AqtMSnGORWTY0qIwwQoK4N0xM9yCI=
Subject key identifier:   66:6C:B2:AA:CF:3B:ED:A7:8F:13:B0:F4:8D:83:BA:13:5E:CB:73:6F
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019DB6CFD5F26FF4AF6C78E32956D168F7DE
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Zmyyqs877aePE7D0jYO6E17Lc28.roa
Signing time:             Wed 22 Apr 2026 20:09:27 +0000
ROA not before:           Wed 22 Apr 2026 20:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200131
IP address blocks:        5.180.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:cf:d5:f2:6f:f4:af:6c:78:e3:29:56:d1:68:f7:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 22 20:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=666cb2aacf3beda78f13b0f48d83ba135ecb736f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6e:0e:80:9e:aa:91:f6:14:ab:e1:6e:4a:ce:
                    ea:71:4e:5e:d9:57:88:57:cc:b1:ee:e0:02:08:fe:
                    7f:41:8b:d0:00:fe:42:6d:11:16:24:67:3b:f8:72:
                    9a:dc:b3:46:53:d9:af:70:f9:17:57:86:3a:3a:89:
                    72:7f:73:01:87:71:68:ca:48:8a:56:40:83:d0:5a:
                    f7:c9:81:14:ab:50:6f:ba:8d:61:09:77:e5:ae:f1:
                    c9:9e:93:cb:5b:7d:1d:76:5f:0d:41:fa:25:02:ac:
                    71:71:7b:4c:85:7d:94:33:42:24:11:09:3d:98:61:
                    5e:5f:ca:4e:88:55:c3:94:7c:8d:62:f2:39:59:35:
                    d7:be:c7:33:f1:a6:7e:60:05:d3:b1:fa:8f:f7:28:
                    f0:ef:45:37:1e:59:e5:e8:38:db:eb:1b:89:c4:a6:
                    ac:e5:8c:a6:4f:5f:35:13:02:00:8b:fa:d6:8e:2d:
                    fe:3f:ba:bf:e3:c9:44:56:46:ef:54:1a:b1:83:1a:
                    6f:cf:0c:c7:93:28:bd:dc:b5:37:1d:2d:ec:7b:6b:
                    ef:01:3c:aa:e3:14:b6:d8:ef:e0:f8:65:c2:18:c4:
                    de:c6:6a:a7:57:43:e3:4b:69:cf:f3:ab:8b:d9:c4:
                    c9:f8:05:93:f1:40:ae:e0:12:db:db:11:c2:21:d9:
                    2e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6C:B2:AA:CF:3B:ED:A7:8F:13:B0:F4:8D:83:BA:13:5E:CB:73:6F
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Zmyyqs877aePE7D0jYO6E17Lc28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:45:06:d3:4d:8e:21:d7:fb:0b:f8:04:73:18:36:dc:a9:78:
         16:69:82:96:50:2f:c9:1b:82:90:eb:f6:a4:53:bc:47:e4:e8:
         eb:2b:50:c6:5a:5f:90:2d:b2:f5:1a:c3:fa:f0:c5:f5:8e:0f:
         d6:b4:57:08:c7:a2:de:27:01:e5:37:62:77:36:7f:ca:4a:e4:
         51:8d:9e:67:63:c1:3d:7f:84:e3:93:33:a9:a3:a2:f4:1a:dc:
         fd:ad:bf:15:29:65:ba:eb:e3:4d:d3:55:20:cb:03:6d:7c:44:
         62:14:f4:ed:5c:5b:10:55:86:08:ae:18:46:23:73:db:3f:ee:
         38:33:1e:e4:33:04:19:82:8c:09:81:dd:04:5d:04:9f:aa:a9:
         d2:31:e4:b4:36:cd:6f:92:aa:82:d3:1a:a8:de:b9:df:28:3c:
         df:59:a8:24:b3:09:bd:2c:2d:a6:37:29:d0:e3:d7:63:49:99:
         f0:f3:0a:ab:88:15:9b:6e:30:6f:9a:b5:26:60:ae:70:a5:2c:
         b4:04:a1:ea:f8:f1:5f:b3:32:53:88:83:68:57:e6:59:3a:e8:
         fb:b0:03:a8:42:d2:de:54:2b:a0:3f:ca:4a:b5:25:9f:e0:f4:
         9f:e6:f1:19:6e:c4:65:fd:c2:1f:7b:81:f8:55:c7:d0:8c:cd:
         b6:89:87:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22z9Xyb/SvbHjjKVbRaPfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDIyMjAwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjZjYjJhYWNmM2JlZGE3OGYxM2IwZjQ4ZDgzYmExMzVlY2I3MzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1G4OgJ6qkfYUq+FuSs7qcU5e2VeI
V8yx7uACCP5/QYvQAP5CbREWJGc7+HKa3LNGU9mvcPkXV4Y6Oolyf3MBh3FoykiK
VkCD0Fr3yYEUq1Bvuo1hCXflrvHJnpPLW30ddl8NQfolAqxxcXtMhX2UM0IkEQk9
mGFeX8pOiFXDlHyNYvI5WTXXvscz8aZ+YAXTsfqP9yjw70U3Hlnl6Djb6xuJxKas
5YymT181EwIAi/rWji3+P7q/48lEVkbvVBqxgxpvzwzHkyi93LU3HS3se2vvATyq
4xS22O/g+GXCGMTexmqnV0PjS2nP86uL2cTJ+AWT8UCu4BLb2xHCIdkuXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZssqrPO+2njxOw9I2DuhNey3NvMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWm15eXFzODc3YWVQRTdEMGpZTzZFMTdMYzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQwMA0G
CSqGSIb3DQEBCwUAA4IBAQASRQbTTY4h1/sL+ARzGDbcqXgWaYKWUC/JG4KQ6/ak
U7xH5OjrK1DGWl+QLbL1GsP68MX1jg/WtFcIx6LeJwHlN2J3Nn/KSuRRjZ5nY8E9
f4TjkzOpo6L0Gtz9rb8VKWW66+NN01UgywNtfERiFPTtXFsQVYYIrhhGI3PbP+44
Mx7kMwQZgowJgd0EXQSfqqnSMeS0Ns1vkqqC0xqo3rnfKDzfWagkswm9LC2mNynQ
49djSZnw8wqriBWbbjBvmrUmYK5wpSy0BKHq+PFfszJTiINoV+ZZOuj7sAOoQtLe
VCugP8pKtSWf4PSf5vEZbsRl/cIfe4H4VcfQjM22iYfT
-----END CERTIFICATE-----