Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ZvSntlMRiI0KhwgM99Sp3FJTmvs.roa
File:                     ZvSntlMRiI0KhwgM99Sp3FJTmvs.roa (raw, json)
Hash identifier:          0fCY8nksAFxmuBH0voIaK/wx1tefrnct7WFNbFomHtw=
Subject key identifier:   66:F4:A7:B6:53:11:88:8D:0A:87:08:0C:F7:D4:A9:DC:52:53:9A:FB
Certificate issuer:       /CN=27c5f36413e7af472813fe3a714e2ecdaa21f2e8
Certificate serial:       019B7E3876C61ADFAF1E3EA3CED8CFF150F1
Authority key identifier: 27:C5:F3:64:13:E7:AF:47:28:13:FE:3A:71:4E:2E:CD:AA:21:F2:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ZvSntlMRiI0KhwgM99Sp3FJTmvs.roa
Signing time:             Fri 02 Jan 2026 10:19:48 +0000
ROA not before:           Fri 02 Jan 2026 10:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60497
IP address blocks:        185.30.172.0/24 maxlen: 24
                          185.30.173.0/24 maxlen: 24
                          185.30.174.0/24 maxlen: 24
                          185.30.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:76:c6:1a:df:af:1e:3e:a3:ce:d8:cf:f1:50:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c5f36413e7af472813fe3a714e2ecdaa21f2e8
        Validity
            Not Before: Jan  2 10:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66f4a7b65311888d0a87080cf7d4a9dc52539afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a1:b5:32:c0:4c:51:91:4f:d9:e9:47:b2:3d:
                    05:f8:c8:75:3d:e8:8b:a9:0c:14:fc:57:24:c6:71:
                    dc:a8:f3:9d:c1:da:9e:cb:29:9c:27:52:08:3b:e6:
                    26:c1:37:30:b3:22:ab:b3:43:95:1f:e9:54:bd:24:
                    9a:57:2f:ce:92:3e:3d:04:4f:75:c3:e8:cf:33:dd:
                    2c:ec:c0:c9:c4:7e:fd:6e:36:6d:34:3a:32:3e:13:
                    46:dc:f4:a4:40:01:53:d5:0b:be:0d:8c:ff:c2:76:
                    9b:ef:43:96:f0:ba:2a:55:4a:aa:5c:52:a9:74:1b:
                    f3:1a:65:f6:79:16:a0:2c:73:1f:4e:0b:92:04:6f:
                    89:b8:50:1f:ae:70:e6:d3:e9:b5:50:e9:67:7d:46:
                    43:8a:02:11:b8:02:fe:04:18:7a:b7:2c:fe:ab:62:
                    ee:54:61:0d:cc:5f:25:9c:4d:b3:46:28:9f:da:50:
                    bc:ff:84:51:96:c6:e1:69:ae:87:ca:3d:d2:fa:0b:
                    b8:af:5d:2f:2b:d4:4d:60:a0:79:80:e2:57:42:ad:
                    7f:d7:c5:5d:e4:ff:1f:22:c1:88:89:39:14:d7:0d:
                    ec:ec:a7:13:27:5f:73:fd:23:ce:67:c0:c5:4e:2a:
                    8b:32:f9:73:79:20:72:09:76:ae:f0:d1:68:de:bf:
                    2e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F4:A7:B6:53:11:88:8D:0A:87:08:0C:F7:D4:A9:DC:52:53:9A:FB
            X509v3 Authority Key Identifier:
                keyid:27:C5:F3:64:13:E7:AF:47:28:13:FE:3A:71:4E:2E:CD:AA:21:F2:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ZvSntlMRiI0KhwgM99Sp3FJTmvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:b9:07:1f:62:1f:4b:cb:fd:9b:5a:dc:d1:3b:21:a4:f5:99:
         b2:57:9b:f5:b3:cf:67:07:8f:f8:4a:20:bb:cc:5c:73:c7:68:
         58:a0:46:b3:8b:ba:c5:19:c7:c0:86:d6:07:47:46:0a:09:d1:
         04:a7:ea:f4:9f:d4:ca:22:8f:44:eb:c0:51:92:b7:ec:74:84:
         d2:ab:a0:37:a0:d7:98:5f:e6:4b:6a:df:f5:a9:26:0a:23:81:
         5e:7d:75:33:98:60:19:d0:90:1a:9a:10:91:3d:93:7d:58:16:
         d2:be:41:94:74:c3:66:27:ba:5f:8e:34:1b:ae:3a:b9:71:04:
         8b:bb:68:9e:83:e5:51:fc:f9:26:d0:a8:1e:0e:f0:a8:dd:6b:
         c9:83:ce:b3:8a:f8:3e:4b:10:b0:9e:fc:26:3d:dd:af:ba:fe:
         2e:2b:7e:9b:c0:5a:59:19:6c:cd:27:19:05:38:f0:28:dc:c3:
         8e:45:1c:34:42:c9:69:b1:8a:36:0e:8d:bb:91:39:3a:42:31:
         6a:80:c9:27:f9:69:6a:a1:44:df:e7:33:30:25:8e:4b:3b:ae:
         1e:17:8e:35:0d:e2:65:5e:82:53:dd:a6:76:d4:4c:d5:a7:3d:
         7d:8f:84:df:f9:0c:d5:dd:f5:12:08:5e:de:2d:2c:e8:c6:73:
         14:1f:a0:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHbGGt+vHj6jztjP8VDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzVmMzY0MTNlN2FmNDcyODEzZmUzYTcxNGUyZWNkYWEy
MWYyZTgwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmY0YTdiNjUzMTE4ODhkMGE4NzA4MGNmN2Q0YTlkYzUyNTM5YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qG1MsBMUZFP2elHsj0F+Mh1PeiL
qQwU/FckxnHcqPOdwdqeyymcJ1IIO+YmwTcwsyKrs0OVH+lUvSSaVy/Okj49BE91
w+jPM90s7MDJxH79bjZtNDoyPhNG3PSkQAFT1Qu+DYz/wnab70OW8LoqVUqqXFKp
dBvzGmX2eRagLHMfTguSBG+JuFAfrnDm0+m1UOlnfUZDigIRuAL+BBh6tyz+q2Lu
VGENzF8lnE2zRiif2lC8/4RRlsbhaa6Hyj3S+gu4r10vK9RNYKB5gOJXQq1/18Vd
5P8fIsGIiTkU1w3s7KcTJ19z/SPOZ8DFTiqLMvlzeSByCXau8NFo3r8u3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGb0p7ZTEYiNCocIDPfUqdxSU5r7MB8GA1UdIwQY
MBaAFCfF82QT569HKBP+OnFOLs2qIfLoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhYelpCUG5yMGNvRV80NmNVNHV6YW9oOHVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8xODhmYzktYjliNS00MDcyLWJjOTMt
NzkxMzI5NDZiNjk5LzEvWnZTbnRsTVJpSTBLaHdnTTk5U3AzRkpUbXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8xODhmYzktYjliNS00MDcyLWJjOTMtNzkxMzI5NDZiNjk5
LzEvSjhYelpCUG5yMGNvRV80NmNVNHV6YW9oOHVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR6sMA0G
CSqGSIb3DQEBCwUAA4IBAQA9uQcfYh9Ly/2bWtzROyGk9ZmyV5v1s89nB4/4SiC7
zFxzx2hYoEazi7rFGcfAhtYHR0YKCdEEp+r0n9TKIo9E68BRkrfsdITSq6A3oNeY
X+ZLat/1qSYKI4FefXUzmGAZ0JAamhCRPZN9WBbSvkGUdMNmJ7pfjjQbrjq5cQSL
u2ieg+VR/Pkm0KgeDvCo3WvJg86zivg+SxCwnvwmPd2vuv4uK36bwFpZGWzNJxkF
OPAo3MOORRw0QslpsYo2Do27kTk6QjFqgMkn+WlqoUTf5zMwJY5LO64eF441DeJl
XoJT3aZ21EzVpz19j4Tf+QzV3fUSCF7eLSzoxnMUH6BG
-----END CERTIFICATE-----