Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Zvb7SBKHsAU3EmJUt7-IFoJVFJ8.roa
File:                     Zvb7SBKHsAU3EmJUt7-IFoJVFJ8.roa (raw, json)
Hash identifier:          0Z2iU2FmufTy50JcKoi7RDnhXiwYp01rDNe706CWXgs=
Subject key identifier:   66:F6:FB:48:12:87:B0:05:37:12:62:54:B7:BF:88:16:82:55:14:9F
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019C8EAEBF4AAE96A2BA0B41D850A516F446
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Zvb7SBKHsAU3EmJUt7-IFoJVFJ8.roa
Signing time:             Tue 24 Feb 2026 08:05:42 +0000
ROA not before:           Tue 24 Feb 2026 08:05:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197730
IP address blocks:        45.135.238.0/24 maxlen: 24
                          2a0b:1f00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:ae:bf:4a:ae:96:a2:ba:0b:41:d8:50:a5:16:f4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Feb 24 08:05:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66f6fb481287b00537126254b7bf88168255149f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bd:60:35:4d:20:c4:35:51:96:6f:ac:b9:5d:
                    5f:94:8a:17:4a:fe:17:6b:99:73:17:21:0f:f5:d1:
                    fd:fa:35:25:02:8c:f9:f3:54:82:7c:b3:8c:53:95:
                    68:cb:0e:89:6e:41:9e:8c:94:ee:38:fc:c4:cc:f0:
                    d7:7b:7c:56:ce:b3:2b:a4:9b:34:00:22:db:26:d6:
                    e8:1a:fb:a0:26:81:89:26:82:70:63:4d:57:e4:6d:
                    18:20:89:a7:20:9d:a5:f2:0f:be:f6:96:22:d6:15:
                    3c:3c:f9:cb:77:be:4d:0b:ce:8e:d4:e4:33:7d:e7:
                    29:9a:e4:08:e1:d4:eb:98:cb:d4:f5:62:7a:71:12:
                    1d:2d:b4:96:cd:48:23:ee:09:da:ef:61:b5:c2:3b:
                    73:88:77:b1:c0:55:24:82:a3:6d:25:17:52:1a:c3:
                    56:61:b2:e0:21:84:97:62:a2:0e:53:73:22:f5:71:
                    75:6b:6a:d1:5c:c8:09:da:1d:c9:98:8b:3b:ab:63:
                    80:88:0d:71:41:7f:e9:fb:82:fa:46:03:fb:64:6a:
                    71:7e:2e:05:88:b5:87:5a:c1:09:f0:b4:b5:0b:ab:
                    2a:8d:a9:14:d6:6c:f5:27:17:ff:9a:fd:87:75:67:
                    2b:8e:92:ce:90:78:46:5d:16:36:f4:b3:56:44:bf:
                    2c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F6:FB:48:12:87:B0:05:37:12:62:54:B7:BF:88:16:82:55:14:9F
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Zvb7SBKHsAU3EmJUt7-IFoJVFJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.238.0/24
                IPv6:
                  2a0b:1f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:59:6d:31:a9:38:47:c4:b8:87:cd:01:7a:b4:5d:a2:e3:4b:
         cb:7f:b3:3c:4d:45:e9:fe:55:06:b9:a7:8d:72:85:07:74:5c:
         ad:b3:54:10:7d:e8:ff:62:50:99:a9:c3:ea:3e:97:60:4b:7d:
         b9:5e:b2:ab:45:f6:19:fa:37:45:36:30:a0:79:ac:f6:2c:ae:
         13:4a:3b:e6:0e:4e:03:93:81:bd:e2:91:cd:a8:1f:f1:b0:f3:
         7d:1e:d8:ba:b5:1c:36:fc:79:db:f4:33:3e:9e:d9:27:94:44:
         9d:fd:60:42:4c:51:dc:80:ba:ab:fa:64:47:f2:68:7e:d8:7b:
         40:d8:e8:a1:3f:ea:42:98:b8:61:2a:f8:54:e0:14:45:57:6a:
         2b:fa:a8:a8:63:e0:7d:48:c3:12:5d:38:3e:2b:fd:5a:63:2b:
         9c:be:bb:8d:54:60:d3:f2:1e:8a:16:db:d9:14:0c:82:65:12:
         ad:db:6a:de:8b:6b:8b:a7:3d:0a:31:00:21:08:d1:0e:61:17:
         7a:c2:0e:6b:5d:5d:98:fe:33:5c:37:6b:34:ea:89:79:51:f9:
         43:d2:12:dd:c9:2d:34:73:1b:e0:51:75:e3:25:82:d4:06:1d:
         c3:b0:71:cd:5b:8b:c3:e1:84:d9:73:5b:d6:26:36:0a:21:b9:
         72:93:86:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyOrr9KrpaiugtB2FClFvRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMjI0MDgwNTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmY2ZmI0ODEyODdiMDA1MzcxMjYyNTRiN2JmODgxNjgyNTUxNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp71gNU0gxDVRlm+suV1flIoXSv4X
a5lzFyEP9dH9+jUlAoz581SCfLOMU5Voyw6JbkGejJTuOPzEzPDXe3xWzrMrpJs0
ACLbJtboGvugJoGJJoJwY01X5G0YIImnIJ2l8g++9pYi1hU8PPnLd75NC86O1OQz
fecpmuQI4dTrmMvU9WJ6cRIdLbSWzUgj7gna72G1wjtziHexwFUkgqNtJRdSGsNW
YbLgIYSXYqIOU3Mi9XF1a2rRXMgJ2h3JmIs7q2OAiA1xQX/p+4L6RgP7ZGpxfi4F
iLWHWsEJ8LS1C6sqjakU1mz1Jxf/mv2HdWcrjpLOkHhGXRY29LNWRL8srQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGb2+0gSh7AFNxJiVLe/iBaCVRSfMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvWnZiN1NCS0hzQVUzRW1KVXQ3LUlGb0pWRko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYfuMA0E
AgACMAcDBQAqCx8AMA0GCSqGSIb3DQEBCwUAA4IBAQAnWW0xqThHxLiHzQF6tF2i
40vLf7M8TUXp/lUGuaeNcoUHdFyts1QQfej/YlCZqcPqPpdgS325XrKrRfYZ+jdF
NjCgeaz2LK4TSjvmDk4Dk4G94pHNqB/xsPN9Hti6tRw2/Hnb9DM+ntknlESd/WBC
TFHcgLqr+mRH8mh+2HtA2OihP+pCmLhhKvhU4BRFV2or+qioY+B9SMMSXTg+K/1a
YyucvruNVGDT8h6KFtvZFAyCZRKt22rei2uLpz0KMQAhCNEOYRd6wg5rXV2Y/jNc
N2s06ol5UflD0hLdyS00cxvgUXXjJYLUBh3DsHHNW4vD4YTZc1vWJjYKIblyk4Z9
-----END CERTIFICATE-----