Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/zLW6eUC8JGOg-hnvrRo094RNXFo.roa
File:                     zLW6eUC8JGOg-hnvrRo094RNXFo.roa (raw, json)
Hash identifier:          /s1RytH9WVOyABzMaamurrv26Mpv7C2tjQSbPhnFyKE=
Subject key identifier:   CC:B5:BA:79:40:BC:24:63:A0:FA:19:EF:AD:1A:34:F7:84:4D:5C:5A
Certificate issuer:       /CN=f6090b4db06a4d65935141bac98098127a8b8f5a
Certificate serial:       019E851EC6765C187C810C60A2412250DE3B
Authority key identifier: F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/zLW6eUC8JGOg-hnvrRo094RNXFo.roa
Signing time:             Mon 01 Jun 2026 21:37:26 +0000
ROA not before:           Mon 01 Jun 2026 21:37:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216457
IP address blocks:        37.72.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:85:1e:c6:76:5c:18:7c:81:0c:60:a2:41:22:50:de:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6090b4db06a4d65935141bac98098127a8b8f5a
        Validity
            Not Before: Jun  1 21:37:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccb5ba7940bc2463a0fa19efad1a34f7844d5c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:47:4b:bb:59:81:ea:3d:35:0b:02:dc:82:c1:
                    40:b5:e2:99:b2:de:85:83:45:33:45:29:41:4e:95:
                    8d:be:bc:f7:11:6c:37:1e:f2:a8:ee:e1:8e:db:5f:
                    d5:77:18:95:36:9e:2b:33:0d:9c:05:5c:3b:09:b1:
                    63:ea:be:ec:7f:6f:74:49:5b:38:ff:5d:61:a4:0f:
                    85:ca:74:4f:f6:95:87:a1:f6:86:f9:4e:53:08:2a:
                    b1:ba:74:fe:84:62:7c:d2:82:02:cb:91:df:c6:18:
                    3d:48:ed:b2:c1:6a:61:24:b6:89:43:1a:38:4d:ac:
                    be:23:a4:a3:19:7c:45:f4:2a:4b:f4:8e:01:82:16:
                    8f:9c:ce:e0:d5:ea:47:f7:18:1d:23:25:70:a4:b3:
                    c3:c0:0e:05:0e:27:68:bc:25:4a:ba:fb:34:f3:46:
                    c8:31:06:cc:8f:f7:b0:2e:2f:f2:60:d2:18:49:b1:
                    dd:8a:17:4c:96:35:41:12:2b:8b:4f:ab:24:28:67:
                    1e:ec:c8:4d:f4:c3:fd:c6:5b:fb:a5:49:22:2d:ac:
                    d3:09:29:c1:33:1e:5d:f3:f3:97:b2:17:1c:34:22:
                    d1:b6:d0:82:01:46:23:b2:57:9a:e3:8c:ea:df:2a:
                    89:f3:b8:40:29:9d:e4:f1:27:4a:6f:0b:42:58:b7:
                    42:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B5:BA:79:40:BC:24:63:A0:FA:19:EF:AD:1A:34:F7:84:4D:5C:5A
            X509v3 Authority Key Identifier:
                keyid:F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/zLW6eUC8JGOg-hnvrRo094RNXFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:70:9b:9e:2d:6a:0d:7d:55:21:53:d1:74:d9:2c:38:44:c8:
         56:c0:c8:8a:3b:0d:56:ae:26:d4:68:92:69:d2:49:39:b4:76:
         5d:e4:c1:bf:08:69:27:87:d4:cf:e9:b6:5e:75:65:06:1c:05:
         bb:c3:bf:3b:e6:75:17:98:39:7b:86:25:88:54:13:3d:5c:b7:
         8a:f2:70:56:5c:9f:df:a5:d6:a0:11:39:bb:5b:9b:b5:c3:25:
         91:57:5c:fa:f2:a8:d4:2d:a1:3d:0a:a8:7a:af:58:aa:5b:ca:
         43:5c:0e:59:7f:79:ea:78:69:59:35:ab:e5:44:b3:c7:f9:60:
         49:c6:9b:4d:18:12:00:88:a4:b4:5e:ac:3e:94:91:ee:05:ba:
         e5:91:e0:5b:59:03:9d:e4:f4:42:b8:65:89:59:07:eb:ee:ce:
         c2:39:a9:19:70:03:4d:9a:cf:c6:2e:5a:98:0a:98:2d:f6:85:
         ca:bc:6e:ef:fd:e0:cb:ed:ce:34:21:eb:89:58:ca:75:80:d0:
         a2:bb:60:45:a2:5f:93:6e:53:2a:59:9f:ae:2b:82:a4:67:77:
         ce:de:95:61:75:b7:e9:a7:b5:58:c2:e6:cd:ee:62:be:2d:78:
         a1:07:20:12:1d:6e:51:3c:9a:1d:ac:be:16:bf:05:1a:55:a3:
         41:d7:16:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6FHsZ2XBh8gQxgokEiUN47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDkwYjRkYjA2YTRkNjU5MzUxNDFiYWM5ODA5ODEyN2E4
YjhmNWEwHhcNMjYwNjAxMjEzNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I1YmE3OTQwYmMyNDYzYTBmYTE5ZWZhZDFhMzRmNzg0NGQ1YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUdLu1mB6j01CwLcgsFAteKZst6F
g0UzRSlBTpWNvrz3EWw3HvKo7uGO21/VdxiVNp4rMw2cBVw7CbFj6r7sf290SVs4
/11hpA+FynRP9pWHofaG+U5TCCqxunT+hGJ80oICy5Hfxhg9SO2ywWphJLaJQxo4
Tay+I6SjGXxF9CpL9I4BghaPnM7g1epH9xgdIyVwpLPDwA4FDidovCVKuvs080bI
MQbMj/ewLi/yYNIYSbHdihdMljVBEiuLT6skKGce7MhN9MP9xlv7pUkiLazTCSnB
Mx5d8/OXshccNCLRttCCAUYjslea44zq3yqJ87hAKZ3k8SdKbwtCWLdCNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy1unlAvCRjoPoZ760aNPeETVxaMB8GA1UdIwQY
MBaAFPYJC02wak1lk1FBusmAmBJ6i49aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAt
NGUxZGMxNTA1MjYwLzEvekxXNmVVQzhKR09nLWhudnJSbzA5NFJOWEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAtNGUxZGMxNTA1MjYw
LzEvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUiFMA0G
CSqGSIb3DQEBCwUAA4IBAQC4cJueLWoNfVUhU9F02Sw4RMhWwMiKOw1WribUaJJp
0kk5tHZd5MG/CGknh9TP6bZedWUGHAW7w7875nUXmDl7hiWIVBM9XLeK8nBWXJ/f
pdagETm7W5u1wyWRV1z68qjULaE9Cqh6r1iqW8pDXA5Zf3nqeGlZNavlRLPH+WBJ
xptNGBIAiKS0Xqw+lJHuBbrlkeBbWQOd5PRCuGWJWQfr7s7COakZcANNms/GLlqY
Cpgt9oXKvG7v/eDL7c40IeuJWMp1gNCiu2BFol+TblMqWZ+uK4KkZ3fO3pVhdbfp
p7VYwubN7mK+LXihByASHW5RPJodrL4WvwUaVaNB1xYK
-----END CERTIFICATE-----