Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/1zyWlwCVdN8MJ6qZjzYjBqnYAnw.roa
File:                     1zyWlwCVdN8MJ6qZjzYjBqnYAnw.roa (raw, json)
Hash identifier:          toIU7uuVTY27+ajqkukCV0TuJOjX95XqjEeyJC7634I=
Subject key identifier:   D7:3C:96:97:00:95:74:DF:0C:27:AA:99:8F:36:23:06:A9:D8:02:7C
Certificate issuer:       /CN=9cce3b1197d0cf9511540572a58fd372dcc07489
Certificate serial:       019E207B115A222CEFB1D60AFF2A1B8A4A46
Authority key identifier: 9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/1zyWlwCVdN8MJ6qZjzYjBqnYAnw.roa
Signing time:             Wed 13 May 2026 08:36:36 +0000
ROA not before:           Wed 13 May 2026 08:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48958
IP address blocks:        185.159.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 05:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:7b:11:5a:22:2c:ef:b1:d6:0a:ff:2a:1b:8a:4a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cce3b1197d0cf9511540572a58fd372dcc07489
        Validity
            Not Before: May 13 08:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d73c9697009574df0c27aa998f362306a9d8027c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:94:b8:e2:fe:b1:c1:72:f0:ba:a2:c9:b4:35:
                    f4:10:5b:6a:52:6d:07:cc:71:61:6d:e5:87:02:dd:
                    70:cf:a4:6d:6b:61:27:83:00:02:8d:5a:5c:9c:33:
                    12:9f:d2:7f:4a:e0:a2:3c:3a:ee:b0:77:50:27:c9:
                    27:a5:a7:db:77:5e:da:64:27:5b:05:70:74:75:e2:
                    f7:a5:3b:ec:7f:be:81:7b:44:37:cd:73:2e:b2:b6:
                    a4:a1:cf:fd:b4:15:a7:85:5a:be:e2:27:37:43:b1:
                    b2:26:dc:12:3d:65:af:ea:26:83:ec:29:e9:02:0a:
                    40:b2:de:54:ae:5c:1e:06:a3:14:e1:d9:7c:ef:48:
                    14:5e:eb:ca:4e:8e:8d:35:48:c0:ae:de:88:db:60:
                    fe:13:f0:b4:72:ca:01:d7:e2:70:5b:b3:bf:b1:b7:
                    ed:ae:4b:86:2a:df:e6:91:a1:1a:f2:f1:30:36:88:
                    e3:e1:72:38:ff:bc:09:14:df:16:ab:10:fc:fb:86:
                    2f:39:fe:a7:d6:d8:8a:9b:6f:e8:27:3c:68:62:84:
                    90:8d:81:4d:02:74:9f:53:9b:8c:b2:e1:86:d8:55:
                    f5:9d:da:dc:b7:a3:17:fe:dc:c9:61:db:54:4a:c5:
                    62:25:d8:74:0a:9f:bf:da:72:05:57:47:e1:d3:a8:
                    13:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3C:96:97:00:95:74:DF:0C:27:AA:99:8F:36:23:06:A9:D8:02:7C
            X509v3 Authority Key Identifier:
                keyid:9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/1zyWlwCVdN8MJ6qZjzYjBqnYAnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:e4:74:97:72:f5:a5:fd:cd:09:5d:b8:a1:4a:bc:e2:39:b1:
         38:17:a2:06:cb:fe:52:c3:33:d4:7f:fc:18:60:f8:36:6b:65:
         09:d5:be:6e:1e:9f:1e:f9:7a:00:ab:a7:a9:5f:93:b3:8f:18:
         9a:6e:fe:d8:80:75:6e:f4:7e:20:91:d2:35:06:82:4a:42:23:
         ac:72:aa:22:b7:3c:d9:ef:f0:99:2b:4a:65:2e:26:7d:b0:66:
         c0:8e:c6:63:fd:01:9c:a4:2c:87:e7:9c:e6:ae:ff:aa:42:ea:
         25:4d:22:36:fa:21:cb:92:7f:e5:0d:7a:0e:fb:ac:05:5d:ea:
         55:4f:d6:25:03:30:25:f7:61:b9:43:18:0d:79:40:a8:70:97:
         7d:9c:a3:b4:00:5d:1b:50:78:73:42:4f:d6:fa:be:8e:ec:17:
         60:9e:07:a6:2b:d7:40:e2:bc:ed:c6:75:e6:03:7f:b8:2e:cc:
         01:7b:8a:70:3c:59:94:10:ca:5b:06:3a:dd:ff:06:85:d7:01:
         fc:75:8a:2c:da:8f:63:54:e2:f8:bb:d4:60:2e:83:78:75:a4:
         0e:2f:1c:ba:f7:a2:0c:da:ed:9f:c2:0d:de:8a:e2:c7:57:00:
         5e:17:c2:41:a1:9e:79:e9:f8:d5:d5:1d:6d:7f:1a:0f:96:e3:
         72:76:54:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gexFaIizvsdYK/yobikpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljY2UzYjExOTdkMGNmOTUxMTU0MDU3MmE1OGZkMzcyZGNj
MDc0ODkwHhcNMjYwNTEzMDgzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNjOTY5NzAwOTU3NGRmMGMyN2FhOTk4ZjM2MjMwNmE5ZDgwMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pS44v6xwXLwuqLJtDX0EFtqUm0H
zHFhbeWHAt1wz6Rta2EngwACjVpcnDMSn9J/SuCiPDrusHdQJ8knpafbd17aZCdb
BXB0deL3pTvsf76Be0Q3zXMusrakoc/9tBWnhVq+4ic3Q7GyJtwSPWWv6iaD7Cnp
AgpAst5UrlweBqMU4dl870gUXuvKTo6NNUjArt6I22D+E/C0csoB1+JwW7O/sbft
rkuGKt/mkaEa8vEwNojj4XI4/7wJFN8WqxD8+4YvOf6n1tiKm2/oJzxoYoSQjYFN
AnSfU5uMsuGG2FX1ndrct6MX/tzJYdtUSsViJdh0Cp+/2nIFV0fh06gT1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNc8lpcAlXTfDCeqmY82Iwap2AJ8MB8GA1UdIwQY
MBaAFJzOOxGX0M+VEVQFcqWP03LcwHSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgt
YTA0NWZmOGUyYWMwLzEvMXp5V2x3Q1ZkTjhNSjZxWmp6WWpCcW5ZQW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgtYTA0NWZmOGUyYWMw
LzEvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ8oMA0G
CSqGSIb3DQEBCwUAA4IBAQC15HSXcvWl/c0JXbihSrziObE4F6IGy/5SwzPUf/wY
YPg2a2UJ1b5uHp8e+XoAq6epX5Ozjxiabv7YgHVu9H4gkdI1BoJKQiOscqoitzzZ
7/CZK0plLiZ9sGbAjsZj/QGcpCyH55zmrv+qQuolTSI2+iHLkn/lDXoO+6wFXepV
T9YlAzAl92G5QxgNeUCocJd9nKO0AF0bUHhzQk/W+r6O7BdgngemK9dA4rztxnXm
A3+4LswBe4pwPFmUEMpbBjrd/waF1wH8dYos2o9jVOL4u9RgLoN4daQOLxy696IM
2u2fwg3eiuLHVwBeF8JBoZ556fjV1R1tfxoPluNydlTY
-----END CERTIFICATE-----