Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/hzG3EgOx_N3fgyx_9u23eo8eYmM.roa
File:                     hzG3EgOx_N3fgyx_9u23eo8eYmM.roa (raw, json)
Hash identifier:          ll5FuHzISV8wV67N7kq5bfMOA6gO76/cY1UBY4egjOc=
Subject key identifier:   87:31:B7:12:03:B1:FC:DD:DF:83:2C:7F:F6:ED:B7:7A:8F:1E:62:63
Certificate issuer:       /CN=958061d8000cb83d3b8967e66fb8a4c27e912262
Certificate serial:       019D3EC51946BCEFEA282E4CB76D5D881636
Authority key identifier: 95:80:61:D8:00:0C:B8:3D:3B:89:67:E6:6F:B8:A4:C2:7E:91:22:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/hzG3EgOx_N3fgyx_9u23eo8eYmM.roa
Signing time:             Mon 30 Mar 2026 12:43:17 +0000
ROA not before:           Mon 30 Mar 2026 12:43:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203760
IP address blocks:        185.124.184.0/22 maxlen: 22
                          2a06:b480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:c5:19:46:bc:ef:ea:28:2e:4c:b7:6d:5d:88:16:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=958061d8000cb83d3b8967e66fb8a4c27e912262
        Validity
            Not Before: Mar 30 12:43:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8731b71203b1fcdddf832c7ff6edb77a8f1e6263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e8:7d:e4:a7:ff:d3:90:f1:b7:59:fd:09:9a:
                    78:1f:4b:63:6e:ac:12:eb:87:b9:3a:b4:8f:73:ef:
                    30:6b:8d:9d:eb:1e:d8:5d:1e:84:cc:56:a1:1a:5f:
                    d1:70:b0:0a:42:d4:8f:92:fd:65:16:0f:2b:0e:a6:
                    aa:af:43:45:3e:17:84:dc:25:c8:58:05:23:a8:51:
                    47:d7:ed:f9:25:cd:ee:80:0e:e4:61:95:71:89:ad:
                    ce:39:c2:2a:bf:54:5e:2a:7d:4b:82:d4:0a:09:11:
                    b7:1c:59:46:e5:03:b0:f7:f3:22:6f:52:38:34:68:
                    96:53:23:6e:f8:24:91:43:32:e1:f0:71:35:ea:7e:
                    8e:c6:81:65:9d:ae:9a:c7:c8:42:c8:e2:1d:fe:3b:
                    65:24:53:dd:09:61:11:3d:f6:b0:66:ac:f7:55:f4:
                    54:a3:61:2d:0f:1f:24:f8:4f:63:69:62:a2:8a:35:
                    ce:88:30:cb:a6:8e:10:ab:73:d5:a1:97:06:4b:f6:
                    2c:2a:e1:c7:3e:c5:74:7d:29:58:a6:4e:8e:61:2c:
                    53:4c:eb:15:c4:41:f7:b9:19:db:2d:58:86:9c:43:
                    9b:d7:78:43:4b:7a:2b:1a:be:d7:a8:62:85:1e:a6:
                    66:30:b9:bd:92:f8:7a:3f:20:e5:a4:10:7b:05:9e:
                    93:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:31:B7:12:03:B1:FC:DD:DF:83:2C:7F:F6:ED:B7:7A:8F:1E:62:63
            X509v3 Authority Key Identifier:
                keyid:95:80:61:D8:00:0C:B8:3D:3B:89:67:E6:6F:B8:A4:C2:7E:91:22:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/hzG3EgOx_N3fgyx_9u23eo8eYmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.184.0/22
                IPv6:
                  2a06:b480::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:e0:76:84:42:73:9c:7f:fa:67:b4:77:77:14:47:cc:f5:f2:
         01:d0:fc:3a:07:45:7b:f9:5c:9c:d8:13:44:3d:4a:ab:21:bd:
         52:7c:9d:b5:09:e4:09:7d:c0:c9:22:c0:0f:cf:d4:c4:07:9e:
         99:8f:e5:80:9b:bf:78:50:36:67:53:14:75:ca:f2:67:18:de:
         53:c1:e6:1d:03:d1:2c:55:af:ae:6b:63:64:b9:5f:22:fe:f3:
         30:de:90:76:8d:6f:bb:78:12:a0:cc:b6:e1:e3:3e:f0:d8:81:
         e0:59:05:a8:27:88:c7:a0:e3:05:5d:df:c3:fe:3c:75:0e:bb:
         ad:ed:76:01:d6:c4:dd:36:ad:c5:84:0f:33:b8:34:e0:8c:85:
         84:af:cd:bb:7d:14:59:9e:ef:d7:cb:36:04:70:e8:8e:8b:94:
         b4:13:1b:c4:60:c4:80:1c:83:56:90:08:d8:d8:24:93:3b:89:
         02:4f:13:b5:82:7e:91:18:3d:98:20:f3:94:36:d6:3e:85:9f:
         1a:6b:2c:4d:2a:34:6c:36:c7:6f:17:91:d9:d8:c7:81:37:a4:
         da:55:44:15:ca:39:dd:b7:ce:79:90:89:a4:a8:59:03:65:5a:
         27:e6:1c:bf:8b:92:21:1e:50:98:02:94:34:04:a4:ad:cb:c6:
         c5:ff:dd:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0+xRlGvO/qKC5Mt21diBY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODA2MWQ4MDAwY2I4M2QzYjg5NjdlNjZmYjhhNGMyN2U5
MTIyNjIwHhcNMjYwMzMwMTI0MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMxYjcxMjAzYjFmY2RkZGY4MzJjN2ZmNmVkYjc3YThmMWU2MjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOh95Kf/05Dxt1n9CZp4H0tjbqwS
64e5OrSPc+8wa42d6x7YXR6EzFahGl/RcLAKQtSPkv1lFg8rDqaqr0NFPheE3CXI
WAUjqFFH1+35Jc3ugA7kYZVxia3OOcIqv1ReKn1LgtQKCRG3HFlG5QOw9/Mib1I4
NGiWUyNu+CSRQzLh8HE16n6OxoFlna6ax8hCyOId/jtlJFPdCWERPfawZqz3VfRU
o2EtDx8k+E9jaWKiijXOiDDLpo4Qq3PVoZcGS/YsKuHHPsV0fSlYpk6OYSxTTOsV
xEH3uRnbLViGnEOb13hDS3orGr7XqGKFHqZmMLm9kvh6PyDlpBB7BZ6TcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIcxtxIDsfzd34Msf/btt3qPHmJjMB8GA1UdIwQY
MBaAFJWAYdgADLg9O4ln5m+4pMJ+kSJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlCaDJBQU11RDA3aVdmbWI3aWt3bjZSSW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xMjJmNmEtYzEzMi00OWFhLWI0OTYt
YjkyY2UyMWNhNDA5LzEvaHpHM0VnT3hfTjNmZ3l4Xzl1MjNlbzhlWW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xMjJmNmEtYzEzMi00OWFhLWI0OTYtYjkyY2UyMWNhNDA5
LzEvbFlCaDJBQU11RDA3aVdmbWI3aWt3bjZSSW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXy4MA0E
AgACMAcDBQMqBrSAMA0GCSqGSIb3DQEBCwUAA4IBAQBK4HaEQnOcf/pntHd3FEfM
9fIB0Pw6B0V7+Vyc2BNEPUqrIb1SfJ21CeQJfcDJIsAPz9TEB56Zj+WAm794UDZn
UxR1yvJnGN5TweYdA9EsVa+ua2NkuV8i/vMw3pB2jW+7eBKgzLbh4z7w2IHgWQWo
J4jHoOMFXd/D/jx1Drut7XYB1sTdNq3FhA8zuDTgjIWEr827fRRZnu/XyzYEcOiO
i5S0ExvEYMSAHINWkAjY2CSTO4kCTxO1gn6RGD2YIPOUNtY+hZ8aayxNKjRsNsdv
F5HZ2MeBN6TaVUQVyjndt855kImkqFkDZVon5hy/i5IhHlCYApQ0BKSty8bF/904
-----END CERTIFICATE-----