Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/Z_kHEntOIQqjR21HRSB9RF2Aq7g.roa
File:                     Z_kHEntOIQqjR21HRSB9RF2Aq7g.roa (raw, json)
Hash identifier:          s3eLUqgicT63J5zVzD7cknBmxWjUqrgO3NDTUjsw58M=
Subject key identifier:   67:F9:07:12:7B:4E:21:0A:A3:47:6D:47:45:20:7D:44:5D:80:AB:B8
Certificate issuer:       /CN=3855cbdfc67b1f5501bd22ba03197829253c425a
Certificate serial:       019E50A9F73C0EAC7419E523480A034A2B44
Authority key identifier: 38:55:CB:DF:C6:7B:1F:55:01:BD:22:BA:03:19:78:29:25:3C:42:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/Z_kHEntOIQqjR21HRSB9RF2Aq7g.roa
Signing time:             Fri 22 May 2026 17:09:36 +0000
ROA not before:           Fri 22 May 2026 17:09:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206484
IP address blocks:        185.15.228.0/22 maxlen: 22
                          2a03:b940::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:a9:f7:3c:0e:ac:74:19:e5:23:48:0a:03:4a:2b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3855cbdfc67b1f5501bd22ba03197829253c425a
        Validity
            Not Before: May 22 17:09:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67f907127b4e210aa3476d4745207d445d80abb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:58:6c:f1:9b:dd:eb:bb:6a:f9:bc:28:13:3c:
                    13:95:41:c6:64:96:a4:12:91:f6:c2:48:77:0f:6f:
                    1b:4f:5d:b4:1a:7c:fd:15:10:f4:2a:93:ea:11:84:
                    78:6a:68:a0:d6:e9:27:cd:7e:0f:09:0d:1e:da:f6:
                    18:bd:85:5f:0d:93:58:c6:ab:fd:d6:01:69:69:63:
                    ae:f4:e9:c8:de:b7:9a:0b:54:32:18:f6:b9:a7:f9:
                    56:b4:71:57:a0:6f:63:27:4b:08:32:c5:d7:df:1c:
                    48:d3:31:64:a2:3d:9a:b4:50:1a:6e:a4:61:29:11:
                    3e:84:39:86:c9:5a:4e:05:ca:59:d1:7b:51:3c:35:
                    06:aa:14:35:6b:67:00:55:0d:9a:3e:68:4d:7e:df:
                    6f:0d:8d:bb:d2:3f:32:f9:05:49:66:48:42:a2:07:
                    af:d8:38:bb:44:cc:8b:c2:53:a3:f8:6d:71:4d:42:
                    44:13:09:65:13:db:1e:e5:5a:1a:f2:74:d2:6b:ff:
                    7f:27:d6:19:ec:69:a6:df:58:07:ee:ea:6a:86:07:
                    90:fa:ab:8c:d2:a1:3d:ee:91:4b:c1:19:29:2d:bb:
                    6f:ed:54:96:90:db:6f:da:5e:42:be:41:16:61:bb:
                    13:17:71:ec:80:3b:3f:55:f3:bd:f6:00:2e:5f:34:
                    49:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F9:07:12:7B:4E:21:0A:A3:47:6D:47:45:20:7D:44:5D:80:AB:B8
            X509v3 Authority Key Identifier:
                keyid:38:55:CB:DF:C6:7B:1F:55:01:BD:22:BA:03:19:78:29:25:3C:42:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/Z_kHEntOIQqjR21HRSB9RF2Aq7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c6c174-ca7f-435d-a9a1-d76fe9df0cbb/1/OFXL38Z7H1UBvSK6Axl4KSU8Qlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.228.0/22
                IPv6:
                  2a03:b940::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:90:1e:5c:91:fe:bb:6e:6f:bd:9a:60:ed:8e:2e:8d:03:19:
         1c:c9:9a:53:70:2c:d7:52:02:e5:c7:f0:6f:be:ce:18:9f:71:
         45:06:b9:3a:91:94:73:8a:87:b6:74:12:d0:8b:62:62:4f:d2:
         e4:ea:f7:59:6d:fc:e3:eb:02:00:c9:89:69:29:da:2e:06:0f:
         6d:6a:11:3c:40:f5:98:f8:dd:ae:25:df:44:d9:83:30:44:cf:
         b0:9f:96:c9:6e:ae:ef:b7:c0:f6:25:21:d3:4f:95:be:d8:47:
         86:f7:fb:bd:a2:eb:2e:11:aa:ad:9f:29:75:7d:9f:02:c5:fa:
         1e:24:56:e4:f6:a7:c7:b1:96:7b:07:2b:4e:f6:73:52:87:30:
         00:7f:47:56:b1:bb:65:6e:0a:5b:20:71:a5:8a:9f:72:1e:2e:
         e5:e2:dd:6b:f8:86:c0:96:22:98:00:27:11:1b:c3:f3:d4:4f:
         3c:f5:f8:45:60:81:22:5b:07:55:f0:37:95:ae:6b:e1:77:b1:
         ee:f9:9a:88:2e:85:25:2d:8c:d4:6d:07:6d:f2:50:d8:33:6d:
         fe:f3:a6:7c:e4:ce:ff:de:77:c7:9f:22:e8:8a:0f:5d:3d:1d:
         df:6b:4a:fe:cb:36:21:a5:6b:f9:43:e9:35:5c:59:72:a8:74:
         bf:1a:76:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ5Qqfc8Dqx0GeUjSAoDSitEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NTVjYmRmYzY3YjFmNTUwMWJkMjJiYTAzMTk3ODI5MjUz
YzQyNWEwHhcNMjYwNTIyMTcwOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Y5MDcxMjdiNGUyMTBhYTM0NzZkNDc0NTIwN2Q0NDVkODBhYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFhs8Zvd67tq+bwoEzwTlUHGZJak
EpH2wkh3D28bT120Gnz9FRD0KpPqEYR4amig1uknzX4PCQ0e2vYYvYVfDZNYxqv9
1gFpaWOu9OnI3reaC1QyGPa5p/lWtHFXoG9jJ0sIMsXX3xxI0zFkoj2atFAabqRh
KRE+hDmGyVpOBcpZ0XtRPDUGqhQ1a2cAVQ2aPmhNft9vDY270j8y+QVJZkhCogev
2Di7RMyLwlOj+G1xTUJEEwllE9se5Voa8nTSa/9/J9YZ7Gmm31gH7upqhgeQ+quM
0qE97pFLwRkpLbtv7VSWkNtv2l5CvkEWYbsTF3HsgDs/VfO99gAuXzRJXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGf5BxJ7TiEKo0dtR0UgfURdgKu4MB8GA1UdIwQY
MBaAFDhVy9/Gex9VAb0iugMZeCklPEJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0ZYTDM4WjdIMVVCdlNLNkF4bDRLU1U4UWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNmMxNzQtY2E3Zi00MzVkLWE5YTEt
ZDc2ZmU5ZGYwY2JiLzEvWl9rSEVudE9JUXFqUjIxSFJTQjlSRjJBcTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNmMxNzQtY2E3Zi00MzVkLWE5YTEtZDc2ZmU5ZGYwY2Ji
LzEvT0ZYTDM4WjdIMVVCdlNLNkF4bDRLU1U4UWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ/kMA0E
AgACMAcDBQAqA7lAMA0GCSqGSIb3DQEBCwUAA4IBAQBRkB5ckf67bm+9mmDtji6N
AxkcyZpTcCzXUgLlx/Bvvs4Yn3FFBrk6kZRzioe2dBLQi2JiT9Lk6vdZbfzj6wIA
yYlpKdouBg9tahE8QPWY+N2uJd9E2YMwRM+wn5bJbq7vt8D2JSHTT5W+2EeG9/u9
ousuEaqtnyl1fZ8CxfoeJFbk9qfHsZZ7BytO9nNShzAAf0dWsbtlbgpbIHGlip9y
Hi7l4t1r+IbAliKYACcRG8Pz1E889fhFYIEiWwdV8DeVrmvhd7Hu+ZqILoUlLYzU
bQdt8lDYM23+86Z85M7/3nfHnyLoig9dPR3fa0r+yzYhpWv5Q+k1XFlyqHS/GnaQ
-----END CERTIFICATE-----