Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/zuanRU6GjD_pKM_NpLif7F2dutc.roa
File:                     zuanRU6GjD_pKM_NpLif7F2dutc.roa (raw, json)
Hash identifier:          Iwopv9pLKL4yIGea+CD2F7DsAC5y9wfK3pZKzWTqDe4=
Subject key identifier:   CE:E6:A7:45:4E:86:8C:3F:E9:28:CF:CD:A4:B8:9F:EC:5D:9D:BA:D7
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019EBADA595D8DCBB2614101917C79054AD1
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/zuanRU6GjD_pKM_NpLif7F2dutc.roa
Signing time:             Fri 12 Jun 2026 08:02:12 +0000
ROA not before:           Fri 12 Jun 2026 08:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154162
IP address blocks:        209.248.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:da:59:5d:8d:cb:b2:61:41:01:91:7c:79:05:4a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: Jun 12 08:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cee6a7454e868c3fe928cfcda4b89fec5d9dbad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5b:78:51:8a:85:43:4a:4f:d5:d6:f6:60:7a:
                    92:8b:13:8f:55:60:d4:c6:00:1a:a8:77:12:49:7e:
                    94:34:5f:45:cd:0a:92:2e:7f:8f:77:28:65:de:c3:
                    16:45:7d:c5:0d:54:3d:f7:ab:de:dd:e2:d0:f6:c1:
                    f1:d7:fe:7b:6d:10:a2:66:f4:38:a5:f2:35:06:15:
                    55:52:31:49:09:26:90:7b:6a:8d:5d:a0:1e:92:18:
                    15:16:ea:d6:39:7d:f7:c5:6b:60:6e:8f:ba:52:0e:
                    60:f8:8c:33:65:6f:8d:23:4d:28:3a:6b:d5:c7:13:
                    d3:ef:f4:6c:b9:87:27:30:37:bd:7f:e8:3a:b6:55:
                    6c:a3:02:f9:94:83:d7:e7:4d:3b:c4:3b:3b:4e:c9:
                    ad:5f:6b:7d:c9:27:9b:57:db:4c:23:f2:c2:a8:f9:
                    be:17:96:d8:4b:4f:37:30:1d:e8:2c:02:01:7c:6b:
                    79:df:52:c5:6b:4b:5e:77:26:20:0c:a1:72:69:d7:
                    10:13:cd:1a:69:cf:60:16:e4:fd:fa:d0:a7:51:f6:
                    d2:0e:ab:75:59:3c:04:9b:69:ad:74:fa:a8:ed:dc:
                    58:bb:28:8f:3c:2c:5b:58:8a:d2:13:53:8f:53:8a:
                    97:40:3f:81:0a:23:04:be:8b:34:48:35:4b:c6:08:
                    9a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E6:A7:45:4E:86:8C:3F:E9:28:CF:CD:A4:B8:9F:EC:5D:9D:BA:D7
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/zuanRU6GjD_pKM_NpLif7F2dutc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:4b:40:be:84:8d:c2:0e:96:11:5b:41:6f:36:7b:fe:d0:ce:
         6d:f2:8f:8b:f7:68:9e:08:48:cd:5b:77:08:7b:78:33:2f:16:
         74:3f:39:55:ff:20:c4:6b:b5:82:be:71:44:81:70:29:a9:e2:
         61:98:5b:b2:da:56:f2:fc:72:df:16:6e:f2:c0:1c:64:e9:d7:
         74:31:98:97:ba:49:61:05:00:9e:55:59:57:ac:57:9d:df:e8:
         d9:9f:46:d2:bb:6f:ad:0f:0c:f7:b4:97:59:92:82:0b:91:ca:
         d8:05:0c:10:d7:91:ed:75:3e:b5:8b:94:f6:44:1b:a9:ed:5a:
         74:00:95:39:ca:12:5d:38:48:64:72:0a:b3:d6:a7:76:d6:45:
         2a:2c:31:f7:c9:2c:c0:ba:b0:25:51:78:38:a3:25:8d:6f:9c:
         11:50:94:56:d8:97:5e:d5:64:20:6f:0c:63:ea:c2:d3:48:63:
         57:bc:ff:52:28:fc:c6:10:74:cd:ce:4d:55:de:59:75:08:98:
         a2:b9:dc:f6:e8:2b:2e:68:53:5e:7e:1e:d2:97:44:90:a4:c8:
         50:6c:c2:49:b6:70:1b:34:31:bf:b1:ea:ed:39:c9:4c:44:09:
         01:97:67:69:27:ce:4e:55:7c:57:50:4a:6a:5f:7a:5b:53:ca:
         0a:e6:f0:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ662lldjcuyYUEBkXx5BUrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwNjEyMDgwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWU2YTc0NTRlODY4YzNmZTkyOGNmY2RhNGI4OWZlYzVkOWRiYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlt4UYqFQ0pP1db2YHqSixOPVWDU
xgAaqHcSSX6UNF9FzQqSLn+Pdyhl3sMWRX3FDVQ996ve3eLQ9sHx1/57bRCiZvQ4
pfI1BhVVUjFJCSaQe2qNXaAekhgVFurWOX33xWtgbo+6Ug5g+IwzZW+NI00oOmvV
xxPT7/RsuYcnMDe9f+g6tlVsowL5lIPX5007xDs7TsmtX2t9ySebV9tMI/LCqPm+
F5bYS083MB3oLAIBfGt531LFa0tedyYgDKFyadcQE80aac9gFuT9+tCnUfbSDqt1
WTwEm2mtdPqo7dxYuyiPPCxbWIrSE1OPU4qXQD+BCiMEvos0SDVLxgia3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7mp0VOhow/6SjPzaS4n+xdnbrXMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvenVhblJVNkdqRF9wS01fTnBMaWY3RjJkdXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0fggMA0G
CSqGSIb3DQEBCwUAA4IBAQBNS0C+hI3CDpYRW0FvNnv+0M5t8o+L92ieCEjNW3cI
e3gzLxZ0PzlV/yDEa7WCvnFEgXApqeJhmFuy2lby/HLfFm7ywBxk6dd0MZiXuklh
BQCeVVlXrFed3+jZn0bSu2+tDwz3tJdZkoILkcrYBQwQ15HtdT61i5T2RBup7Vp0
AJU5yhJdOEhkcgqz1qd21kUqLDH3ySzAurAlUXg4oyWNb5wRUJRW2Jde1WQgbwxj
6sLTSGNXvP9SKPzGEHTNzk1V3ll1CJiiudz26CsuaFNefh7Sl0SQpMhQbMJJtnAb
NDG/sertOclMRAkBl2dpJ85OVXxXUEpqX3pbU8oK5vCu
-----END CERTIFICATE-----