Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/ZwbE6iJuhOqSlTd6nz-JgpAF4fM.roa
File:                     ZwbE6iJuhOqSlTd6nz-JgpAF4fM.roa (raw, json)
Hash identifier:          v52Dzc19mHueWoSFW6XDDWD5yvdBIL0zDQiUyzndmos=
Subject key identifier:   67:06:C4:EA:22:6E:84:EA:92:95:37:7A:9F:3F:89:82:90:05:E1:F3
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019D3F4D83EAB8325ACC5F7ECAACC6A835AC
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/ZwbE6iJuhOqSlTd6nz-JgpAF4fM.roa
Signing time:             Mon 30 Mar 2026 15:12:17 +0000
ROA not before:           Mon 30 Mar 2026 15:12:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401819
IP address blocks:        212.66.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:4d:83:ea:b8:32:5a:cc:5f:7e:ca:ac:c6:a8:35:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Mar 30 15:12:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6706c4ea226e84ea9295377a9f3f89829005e1f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9b:28:01:40:8a:ae:a0:00:92:0c:c7:c4:54:
                    66:4a:a5:4f:df:75:00:f6:39:c3:ec:32:9b:46:bb:
                    8a:54:b5:68:57:b2:bc:7e:15:5e:d3:d5:52:32:f7:
                    e9:83:76:0d:0b:fb:3c:5c:69:10:60:a8:fc:e8:55:
                    c1:88:5b:3a:15:b8:75:6a:75:18:ec:76:76:af:f9:
                    92:13:7b:15:51:db:1f:83:5b:23:eb:8a:f3:37:25:
                    64:20:25:f9:08:70:6c:de:be:0f:bb:02:1a:45:1e:
                    70:88:1c:1e:4e:4d:62:03:ab:93:90:11:0c:90:00:
                    d2:ee:a9:be:01:5b:f8:9c:7f:ee:c5:1b:1f:b3:a1:
                    6b:9a:30:51:e5:a3:8f:1c:19:9b:58:f0:2c:3f:70:
                    5c:f8:19:fb:bb:7c:ad:78:ae:fb:b9:70:f5:df:28:
                    cf:0b:f1:d2:54:2b:d5:42:62:34:4f:69:d0:52:47:
                    da:18:86:31:68:71:de:42:59:31:17:60:96:60:04:
                    70:21:78:39:ba:b8:a6:03:6e:73:c1:95:b9:3a:26:
                    1f:b1:c9:5a:52:90:6b:94:78:48:65:9a:49:97:58:
                    28:41:b9:e6:ba:31:06:87:b9:d9:86:50:1b:a1:7c:
                    a1:39:d5:13:e7:11:03:10:cc:0b:db:2e:08:ca:8c:
                    3b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:06:C4:EA:22:6E:84:EA:92:95:37:7A:9F:3F:89:82:90:05:E1:F3
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/ZwbE6iJuhOqSlTd6nz-JgpAF4fM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.66.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e0:3b:56:4f:81:ab:3a:16:1b:11:ea:03:5b:67:b9:d9:b4:
         61:89:ff:87:03:26:d8:76:5a:08:c2:40:e7:db:82:fc:ef:bb:
         4b:81:48:4e:cf:3f:64:69:2c:c9:8c:30:69:1a:47:ca:07:4a:
         d7:af:31:be:fc:97:13:8a:4e:ad:a8:b2:19:78:b1:36:3e:98:
         b0:8e:ce:ec:79:f8:90:17:e1:db:44:9a:86:dc:3d:d0:52:b2:
         6e:31:e9:af:b1:10:76:1a:4d:4b:df:4e:92:03:d8:6d:84:d7:
         aa:01:19:a4:4b:1a:5a:6b:9f:fc:e7:8d:d0:38:96:db:43:cf:
         30:ff:51:2f:f7:8a:bf:23:03:f5:ea:e1:fa:05:8f:97:d8:98:
         ca:f8:6c:01:15:42:ab:c4:47:17:2d:d7:10:b7:d1:9f:ba:a2:
         96:8f:30:df:57:ef:b9:e9:67:f0:ec:af:ce:d9:2d:21:98:cf:
         4a:8e:7a:cd:d7:d5:cf:d0:57:ab:64:3d:9a:fc:a1:9a:f6:5f:
         34:46:89:cc:9d:8a:4a:b9:2b:e9:4e:d5:58:61:0b:78:af:2f:
         16:64:1d:94:9f:c1:7b:9e:aa:25:b0:51:e2:e0:11:00:00:0d:
         c1:f3:08:a1:c8:68:36:ef:0c:44:74:ef:66:16:ee:47:5b:7e:
         56:6a:d2:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/TYPquDJazF9+yqzGqDWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwMzMwMTUxMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA2YzRlYTIyNmU4NGVhOTI5NTM3N2E5ZjNmODk4MjkwMDVlMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpsoAUCKrqAAkgzHxFRmSqVP33UA
9jnD7DKbRruKVLVoV7K8fhVe09VSMvfpg3YNC/s8XGkQYKj86FXBiFs6Fbh1anUY
7HZ2r/mSE3sVUdsfg1sj64rzNyVkICX5CHBs3r4PuwIaRR5wiBweTk1iA6uTkBEM
kADS7qm+AVv4nH/uxRsfs6FrmjBR5aOPHBmbWPAsP3Bc+Bn7u3yteK77uXD13yjP
C/HSVCvVQmI0T2nQUkfaGIYxaHHeQlkxF2CWYARwIXg5urimA25zwZW5OiYfscla
UpBrlHhIZZpJl1goQbnmujEGh7nZhlAboXyhOdUT5xEDEMwL2y4Iyow7pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcGxOoiboTqkpU3ep8/iYKQBeHzMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvWndiRTZpSnVoT3FTbFRkNm56LUpncEFGNGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EIwMA0G
CSqGSIb3DQEBCwUAA4IBAQCz4DtWT4GrOhYbEeoDW2e52bRhif+HAybYdloIwkDn
24L877tLgUhOzz9kaSzJjDBpGkfKB0rXrzG+/JcTik6tqLIZeLE2Ppiwjs7sefiQ
F+HbRJqG3D3QUrJuMemvsRB2Gk1L306SA9hthNeqARmkSxpaa5/8543QOJbbQ88w
/1Ev94q/IwP16uH6BY+X2JjK+GwBFUKrxEcXLdcQt9GfuqKWjzDfV++56Wfw7K/O
2S0hmM9KjnrN19XP0FerZD2a/KGa9l80RonMnYpKuSvpTtVYYQt4ry8WZB2Un8F7
nqolsFHi4BEAAA3B8wihyGg27wxEdO9mFu5HW35WatIM
-----END CERTIFICATE-----