Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/Z3gEPjuGoaYcAc2mKEaTF07YHOo.roa
File:                     Z3gEPjuGoaYcAc2mKEaTF07YHOo.roa (raw, json)
Hash identifier:          drUQc/cIGCRZlaPcgP1i77u2yGDeJbZ8Lsn9UZSA/uI=
Subject key identifier:   67:78:04:3E:3B:86:A1:A6:1C:01:CD:A6:28:46:93:17:4E:D8:1C:EA
Certificate issuer:       /CN=dc621dcdc7ad0be331d7c9a447f2a164e42ea4fd
Certificate serial:       019B76EADFC2FEDA439A622FCE524F83D483
Authority key identifier: DC:62:1D:CD:C7:AD:0B:E3:31:D7:C9:A4:47:F2:A1:64:E4:2E:A4:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/Z3gEPjuGoaYcAc2mKEaTF07YHOo.roa
Signing time:             Thu 01 Jan 2026 00:17:42 +0000
ROA not before:           Thu 01 Jan 2026 00:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48390
IP address blocks:        185.20.3.0/24 maxlen: 24
                          2a0c:d0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:df:c2:fe:da:43:9a:62:2f:ce:52:4f:83:d4:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc621dcdc7ad0be331d7c9a447f2a164e42ea4fd
        Validity
            Not Before: Jan  1 00:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6778043e3b86a1a61c01cda6284693174ed81cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a4:29:bc:d6:e2:24:e9:e1:37:59:c6:57:24:
                    79:aa:78:d4:68:1f:4c:b8:cd:89:bd:f9:c3:1d:66:
                    45:9e:21:c5:f2:ab:e8:de:80:61:93:99:ca:b1:dd:
                    43:da:61:ec:77:1e:26:37:a3:6f:78:42:70:b8:99:
                    70:75:1b:a7:07:56:4c:0d:e5:03:c8:9b:6e:45:cb:
                    55:03:77:82:8f:80:07:85:18:c6:d6:02:8e:ea:21:
                    2e:da:88:c1:7e:c4:75:0f:34:94:eb:70:cd:41:d7:
                    62:d7:90:18:59:a7:7a:e9:ec:75:dc:0c:0f:f9:a2:
                    61:a0:9c:45:9c:e7:37:ec:6e:5b:eb:9b:a7:24:97:
                    f8:fd:e5:6e:5d:3e:5b:50:39:69:bf:ea:f1:d4:70:
                    5f:b6:fd:49:81:ef:f7:b4:80:9f:a0:5b:e0:b1:66:
                    30:38:52:32:1c:e9:01:f5:ee:43:98:d4:93:d4:24:
                    88:57:e7:27:17:f4:c3:5a:0f:15:4e:af:87:a3:1b:
                    53:94:d4:cc:d4:7b:5c:99:62:d4:64:dd:48:17:47:
                    28:60:35:a4:1f:7f:cd:47:38:06:e0:23:4d:8a:5d:
                    f8:48:a9:24:e1:26:3f:64:a7:9e:73:7d:0e:a3:c6:
                    28:10:a6:e3:c7:82:a9:6e:4b:26:6d:f8:29:46:4b:
                    ef:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:78:04:3E:3B:86:A1:A6:1C:01:CD:A6:28:46:93:17:4E:D8:1C:EA
            X509v3 Authority Key Identifier:
                keyid:DC:62:1D:CD:C7:AD:0B:E3:31:D7:C9:A4:47:F2:A1:64:E4:2E:A4:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/Z3gEPjuGoaYcAc2mKEaTF07YHOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.3.0/24
                IPv6:
                  2a0c:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:fb:ec:d8:f9:05:b1:8c:48:07:23:8a:4d:1f:fe:50:5b:72:
         e5:96:a1:5b:06:0d:44:97:fa:20:c4:a9:94:6f:e4:d1:8a:ee:
         5a:ac:59:0d:3e:b6:94:34:d2:f8:c9:9e:a6:97:87:1a:f8:b8:
         d7:51:ab:6c:f0:50:63:aa:0a:40:00:73:88:57:b2:03:a5:38:
         27:8f:29:7e:73:06:a1:d9:90:f1:63:a9:f9:13:b7:af:71:4d:
         04:78:fa:49:c6:29:fc:e0:55:a7:4f:f0:8a:81:6e:a0:85:97:
         e0:e0:75:63:eb:f8:45:33:21:af:d0:84:94:1c:4a:7b:a4:2f:
         ae:df:96:00:80:2c:17:8d:df:f3:36:e4:3e:f9:64:e3:28:a6:
         49:78:3f:75:ec:68:af:c4:c2:d6:02:e5:46:dc:02:3a:33:97:
         52:16:1f:6c:b4:4f:12:b0:9a:d2:cc:72:b0:e7:bf:98:7f:b5:
         6d:71:81:55:0a:58:4b:53:f5:bd:08:d1:6f:8f:04:ab:39:69:
         f2:f9:71:90:e3:be:a6:48:4e:be:79:aa:75:91:cd:c6:41:be:
         f7:7e:e0:53:83:08:5c:2d:b2:cd:bc:95:02:a7:21:6e:45:39:
         66:d0:26:ab:60:1f:b8:7e:c9:b3:32:58:8d:fe:36:fa:37:0e:
         b2:c0:32:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt26t/C/tpDmmIvzlJPg9SDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNjIxZGNkYzdhZDBiZTMzMWQ3YzlhNDQ3ZjJhMTY0ZTQy
ZWE0ZmQwHhcNMjYwMTAxMDAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc4MDQzZTNiODZhMWE2MWMwMWNkYTYyODQ2OTMxNzRlZDgxY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6QpvNbiJOnhN1nGVyR5qnjUaB9M
uM2JvfnDHWZFniHF8qvo3oBhk5nKsd1D2mHsdx4mN6NveEJwuJlwdRunB1ZMDeUD
yJtuRctVA3eCj4AHhRjG1gKO6iEu2ojBfsR1DzSU63DNQddi15AYWad66ex13AwP
+aJhoJxFnOc37G5b65unJJf4/eVuXT5bUDlpv+rx1HBftv1Jge/3tICfoFvgsWYw
OFIyHOkB9e5DmNST1CSIV+cnF/TDWg8VTq+HoxtTlNTM1HtcmWLUZN1IF0coYDWk
H3/NRzgG4CNNil34SKkk4SY/ZKeec30Oo8YoEKbjx4KpbksmbfgpRkvvrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGd4BD47hqGmHAHNpihGkxdO2BzqMB8GA1UdIwQY
MBaAFNxiHc3HrQvjMdfJpEfyoWTkLqT9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0dJZHpjZXRDLU14MThta1JfS2haT1F1cFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8xMjAwODQtYzg4Ni00N2NlLTkwNDAt
OTYyMWIyMDg4YzJkLzEvWjNnRVBqdUdvYVljQWMybUtFYVRGMDdZSE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8xMjAwODQtYzg4Ni00N2NlLTkwNDAtOTYyMWIyMDg4YzJk
LzEvM0dJZHpjZXRDLU14MThta1JfS2haT1F1cFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRQDMA0E
AgACMAcDBQMqDNDAMA0GCSqGSIb3DQEBCwUAA4IBAQBc++zY+QWxjEgHI4pNH/5Q
W3LllqFbBg1El/ogxKmUb+TRiu5arFkNPraUNNL4yZ6ml4ca+LjXUats8FBjqgpA
AHOIV7IDpTgnjyl+cwah2ZDxY6n5E7evcU0EePpJxin84FWnT/CKgW6ghZfg4HVj
6/hFMyGv0ISUHEp7pC+u35YAgCwXjd/zNuQ++WTjKKZJeD917GivxMLWAuVG3AI6
M5dSFh9stE8SsJrSzHKw57+Yf7VtcYFVClhLU/W9CNFvjwSrOWny+XGQ476mSE6+
eap1kc3GQb73fuBTgwhcLbLNvJUCpyFuRTlm0CarYB+4fsmzMliN/jb6Nw6ywDKE
-----END CERTIFICATE-----