Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/Zs_ivbzNbCdzrDYmTRUERoNrI1k.roa
File:                     Zs_ivbzNbCdzrDYmTRUERoNrI1k.roa (raw, json)
Hash identifier:          l2r/ELpQRHQu5YACnZlfRZAXHd+I+xjTFmIje6JupP4=
Subject key identifier:   66:CF:E2:BD:BC:CD:6C:27:73:AC:36:26:4D:15:04:46:83:6B:23:59
Certificate issuer:       /CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
Certificate serial:       019DE065EC611621506EE10EF2D696433CDD
Authority key identifier: 5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/Zs_ivbzNbCdzrDYmTRUERoNrI1k.roa
Signing time:             Thu 30 Apr 2026 21:57:49 +0000
ROA not before:           Thu 30 Apr 2026 21:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51306
IP address blocks:        151.216.47.0/24 maxlen: 24
                          194.127.244.0/22 maxlen: 24
                          2a07:cf80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e0:65:ec:61:16:21:50:6e:e1:0e:f2:d6:96:43:3c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
        Validity
            Not Before: Apr 30 21:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66cfe2bdbccd6c2773ac36264d150446836b2359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e4:aa:b8:56:18:59:fa:77:fe:89:7a:49:ed:
                    9f:6f:53:58:53:df:dd:e7:5a:38:ab:86:3f:08:71:
                    3c:51:32:b9:ff:1d:55:f7:2f:51:da:f1:ab:63:3d:
                    fa:20:a4:5e:ea:71:8d:19:d5:53:8d:a7:09:3c:98:
                    63:83:ab:50:6a:3e:bc:ba:bd:36:0c:ee:f7:44:d0:
                    aa:40:63:ee:6d:38:70:40:f5:1b:24:d3:df:d9:e3:
                    62:06:70:9b:80:4a:6a:e8:d3:6d:fd:43:7a:0a:ac:
                    2b:2e:5f:49:cb:1b:99:05:cf:45:4a:ca:f0:ca:98:
                    85:47:35:87:46:0b:5d:a2:e7:fc:8f:59:36:fa:62:
                    eb:4b:33:fd:ec:e1:cf:a2:ec:6f:77:58:39:69:b7:
                    85:47:4f:20:00:57:98:ff:c9:58:11:a0:c0:e5:54:
                    98:97:e9:f2:39:7e:58:74:71:27:3e:c8:55:7c:0b:
                    be:a0:83:a0:ea:8a:36:0a:71:4b:5a:6a:19:94:b2:
                    b7:ff:f6:bd:ce:db:b9:04:da:9d:1a:06:dc:32:6d:
                    4c:30:78:1a:c3:9d:07:7f:0a:18:82:9f:71:6e:72:
                    56:eb:0e:bf:2c:02:a6:4b:7f:13:59:51:e6:dd:7c:
                    d2:2b:dd:69:b6:2f:76:4a:09:de:c4:a1:99:ed:90:
                    47:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CF:E2:BD:BC:CD:6C:27:73:AC:36:26:4D:15:04:46:83:6B:23:59
            X509v3 Authority Key Identifier:
                keyid:5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/Zs_ivbzNbCdzrDYmTRUERoNrI1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.216.47.0/24
                  194.127.244.0/22
                IPv6:
                  2a07:cf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:f7:7d:a6:ef:d5:f8:6b:e1:cf:c0:42:38:18:b0:98:e3:bd:
         61:84:01:bd:32:f0:20:6c:22:b4:e6:86:4e:e8:a7:fa:06:b3:
         be:ed:17:2c:93:f3:28:23:2a:f5:c1:58:ca:be:51:f8:42:2d:
         3b:4a:03:0e:b2:13:39:69:63:34:13:44:21:48:fa:01:d5:a6:
         6d:58:2c:aa:38:0d:8a:f4:20:a4:ed:81:7c:d4:2c:f0:50:86:
         b5:d5:13:66:f2:2f:6b:dd:06:0d:5f:e9:32:2e:22:7d:8a:8c:
         bc:37:c9:03:1c:4a:8b:9a:88:d7:46:4f:cd:0b:5c:90:e8:4f:
         fe:7b:c5:57:11:e7:d7:18:45:d6:44:d4:ed:2a:4a:1f:b2:e5:
         eb:3b:a4:ad:47:a1:bc:9d:1e:42:c8:a5:92:4b:58:07:70:35:
         d2:90:32:1c:a9:96:cb:0b:e6:e5:0d:8f:ed:f1:ef:79:87:80:
         af:0a:66:05:9b:3f:2c:b3:df:32:c9:12:78:cb:0d:40:0f:a3:
         95:e6:33:bb:a0:df:f8:84:23:73:eb:12:16:b2:26:fa:f7:7a:
         db:9c:f8:c1:62:7c:47:a7:ed:52:b8:e6:3d:7e:12:b2:84:01:
         9c:f7:23:c6:69:bd:cb:a4:f6:09:dd:0c:00:ac:d6:c3:54:41:
         92:41:72:f4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ3gZexhFiFQbuEO8taWQzzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDk0M2E0MWNlMjdlN2I3YmNmZGZmNjlhODljM2UzMzdl
YTYzYjUwHhcNMjYwNDMwMjE1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmNmZTJiZGJjY2Q2YzI3NzNhYzM2MjY0ZDE1MDQ0NjgzNmIyMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOSquFYYWfp3/ol6Se2fb1NYU9/d
51o4q4Y/CHE8UTK5/x1V9y9R2vGrYz36IKRe6nGNGdVTjacJPJhjg6tQaj68ur02
DO73RNCqQGPubThwQPUbJNPf2eNiBnCbgEpq6NNt/UN6CqwrLl9JyxuZBc9FSsrw
ypiFRzWHRgtdouf8j1k2+mLrSzP97OHPouxvd1g5abeFR08gAFeY/8lYEaDA5VSY
l+nyOX5YdHEnPshVfAu+oIOg6oo2CnFLWmoZlLK3//a9ztu5BNqdGgbcMm1MMHga
w50HfwoYgp9xbnJW6w6/LAKmS38TWVHm3XzSK91pti92SgnexKGZ7ZBHLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGbP4r28zWwnc6w2Jk0VBEaDayNZMB8GA1UdIwQY
MBaAFFrZQ6Qc4n57e8/f9pqJw+M36mO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQt
ODRmOTA1OTM5MTNjLzEvWnNfaXZiek5iQ2R6ckRZbVRSVUVSb05ySTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQtODRmOTA1OTM5MTNj
LzEvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAl9gvAwQC
wn/0MA0EAgACMAcDBQAqB8+AMA0GCSqGSIb3DQEBCwUAA4IBAQBp932m79X4a+HP
wEI4GLCY471hhAG9MvAgbCK05oZO6Kf6BrO+7Rcsk/MoIyr1wVjKvlH4Qi07SgMO
shM5aWM0E0QhSPoB1aZtWCyqOA2K9CCk7YF81CzwUIa11RNm8i9r3QYNX+kyLiJ9
ioy8N8kDHEqLmojXRk/NC1yQ6E/+e8VXEefXGEXWRNTtKkofsuXrO6StR6G8nR5C
yKWSS1gHcDXSkDIcqZbLC+blDY/t8e95h4CvCmYFmz8ss98yyRJ4yw1AD6OV5jO7
oN/4hCNz6xIWsib693rbnPjBYnxHp+1SuOY9fhKyhAGc9yPGab3LpPYJ3QwArNbD
VEGSQXL0
-----END CERTIFICATE-----