Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/7GMNamFaVxNl3WNisJcYkTD_zfs.roa
File:                     7GMNamFaVxNl3WNisJcYkTD_zfs.roa (raw, json)
Hash identifier:          HADPfR7/EErIN7lxD64OuOkMNhzpIIVuPWcxcLTTEgA=
Subject key identifier:   EC:63:0D:6A:61:5A:57:13:65:DD:63:62:B0:97:18:91:30:FF:CD:FB
Certificate issuer:       /CN=5ab2ba9abf81d6cf8033cdcdebc8df8f7e22c28c
Certificate serial:       019E4A51136F459B0C6F6C58C6362D9E8113
Authority key identifier: 5A:B2:BA:9A:BF:81:D6:CF:80:33:CD:CD:EB:C8:DF:8F:7E:22:C2:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WrK6mr-B1s-AM83N68jfj34iwow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/7GMNamFaVxNl3WNisJcYkTD_zfs.roa
Signing time:             Thu 21 May 2026 11:34:47 +0000
ROA not before:           Thu 21 May 2026 11:34:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200020
IP address blocks:        185.68.52.0/24 maxlen: 24
                          185.228.200.0/22 maxlen: 24
                          2a0b:7180::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/WrK6mr-B1s-AM83N68jfj34iwow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/WrK6mr-B1s-AM83N68jfj34iwow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WrK6mr-B1s-AM83N68jfj34iwow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:51:13:6f:45:9b:0c:6f:6c:58:c6:36:2d:9e:81:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ab2ba9abf81d6cf8033cdcdebc8df8f7e22c28c
        Validity
            Not Before: May 21 11:34:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec630d6a615a571365dd6362b097189130ffcdfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:58:ac:74:5d:a3:67:cb:ed:c8:bd:0c:57:97:
                    f5:9f:ef:2d:0c:93:8b:7b:5f:b2:48:15:62:79:ba:
                    88:64:20:3c:5a:cf:c6:64:7f:26:fb:fe:53:ca:6a:
                    cb:73:2d:e1:78:d9:75:8f:9a:54:07:53:99:d1:10:
                    c6:23:f0:35:9d:13:91:53:f8:a2:39:b8:64:25:7c:
                    6b:99:16:45:8b:de:ce:05:b7:48:fa:89:63:cb:01:
                    7b:b3:3f:4c:6c:dd:fd:a9:b5:17:90:7e:a8:01:62:
                    6b:01:6f:98:68:11:f3:17:4b:74:81:1c:7f:9e:eb:
                    45:ca:b7:a8:30:44:f5:48:d9:37:b0:8f:03:90:35:
                    3e:5f:89:77:ff:c5:9c:23:e2:7f:7f:5e:bb:a1:1d:
                    b8:a6:e4:0b:16:36:17:b3:28:05:6b:e8:eb:fd:8d:
                    c3:7d:71:af:79:91:f5:03:0e:17:4c:6c:f7:04:20:
                    7b:bc:f9:16:08:cb:16:3a:63:b2:8c:32:e9:2e:20:
                    6e:0a:97:1c:51:2c:d1:46:69:13:bf:92:98:94:dc:
                    c8:88:9e:f2:1a:e6:35:df:f9:8b:ef:73:2e:6f:9b:
                    57:a3:5e:e1:a7:81:21:2d:91:d5:8b:20:fe:68:1c:
                    17:5a:03:25:f3:d2:a7:2d:92:10:7d:ec:83:bd:21:
                    de:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:63:0D:6A:61:5A:57:13:65:DD:63:62:B0:97:18:91:30:FF:CD:FB
            X509v3 Authority Key Identifier:
                keyid:5A:B2:BA:9A:BF:81:D6:CF:80:33:CD:CD:EB:C8:DF:8F:7E:22:C2:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WrK6mr-B1s-AM83N68jfj34iwow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/7GMNamFaVxNl3WNisJcYkTD_zfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a608c5-496d-499e-af41-6dfbbde52dea/1/WrK6mr-B1s-AM83N68jfj34iwow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.52.0/24
                  185.228.200.0/22
                IPv6:
                  2a0b:7180::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:04:c7:f7:f8:f8:a6:6e:5e:63:8e:b6:cf:8b:0d:5f:a3:92:
         91:fe:56:47:7f:13:d1:70:cf:d8:4f:63:29:b8:51:75:38:d2:
         20:6f:1e:04:54:d0:59:c4:e7:25:7e:d0:7a:ad:40:40:61:75:
         84:eb:95:0a:4b:cc:44:8d:7e:e7:df:1f:c9:8d:3b:1a:49:ce:
         af:94:0d:b7:a9:97:83:a3:64:59:ae:37:2d:4c:d9:b6:61:42:
         47:26:9e:6b:e3:1e:b2:e6:87:a3:cd:2e:c0:4e:05:60:a3:e2:
         ee:b5:91:c2:c0:84:0f:89:60:bf:0b:0d:06:9f:0b:58:ae:6a:
         2d:1e:21:6c:57:f9:d2:93:e3:c0:15:75:53:f6:f2:c6:b0:12:
         e4:30:61:b1:f1:0a:5b:f5:5b:e8:70:ea:d9:cd:66:79:24:cf:
         1e:8b:f0:5e:51:20:b8:69:53:9a:2e:c1:e4:70:2d:8b:a2:85:
         e8:8d:32:d3:bb:72:9e:4f:8d:84:fd:90:df:f7:c3:b6:b6:ea:
         fa:0f:01:22:3e:aa:ad:f8:0e:e8:1d:75:44:8c:3a:db:ca:5e:
         13:47:67:73:79:58:99:8c:2f:58:10:19:2d:c8:d2:7f:44:99:
         c0:a5:a2:89:59:a5:a3:83:97:c4:57:22:fb:73:b9:ed:34:3f:
         20:3d:aa:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ5KURNvRZsMb2xYxjYtnoETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYjJiYTlhYmY4MWQ2Y2Y4MDMzY2RjZGViYzhkZjhmN2Uy
MmMyOGMwHhcNMjYwNTIxMTEzNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzYzMGQ2YTYxNWE1NzEzNjVkZDYzNjJiMDk3MTg5MTMwZmZjZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVisdF2jZ8vtyL0MV5f1n+8tDJOL
e1+ySBViebqIZCA8Ws/GZH8m+/5TymrLcy3heNl1j5pUB1OZ0RDGI/A1nRORU/ii
ObhkJXxrmRZFi97OBbdI+oljywF7sz9MbN39qbUXkH6oAWJrAW+YaBHzF0t0gRx/
nutFyreoMET1SNk3sI8DkDU+X4l3/8WcI+J/f167oR24puQLFjYXsygFa+jr/Y3D
fXGveZH1Aw4XTGz3BCB7vPkWCMsWOmOyjDLpLiBuCpccUSzRRmkTv5KYlNzIiJ7y
GuY13/mL73Mub5tXo17hp4EhLZHViyD+aBwXWgMl89KnLZIQfeyDvSHeAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOxjDWphWlcTZd1jYrCXGJEw/837MB8GA1UdIwQY
MBaAFFqyupq/gdbPgDPNzevI349+IsKMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3JLNm1yLUIxcy1BTTgzTjY4amZqMzRpd293LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hNjA4YzUtNDk2ZC00OTllLWFmNDEt
NmRmYmJkZTUyZGVhLzEvN0dNTmFtRmFWeE5sM1dOaXNKY1lrVERfemZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hNjA4YzUtNDk2ZC00OTllLWFmNDEtNmRmYmJkZTUyZGVh
LzEvV3JLNm1yLUIxcy1BTTgzTjY4amZqMzRpd293LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUQ0AwQC
ueTIMA0EAgACMAcDBQAqC3GAMA0GCSqGSIb3DQEBCwUAA4IBAQAEBMf3+Pimbl5j
jrbPiw1fo5KR/lZHfxPRcM/YT2MpuFF1ONIgbx4EVNBZxOclftB6rUBAYXWE65UK
S8xEjX7n3x/JjTsaSc6vlA23qZeDo2RZrjctTNm2YUJHJp5r4x6y5oejzS7ATgVg
o+LutZHCwIQPiWC/Cw0GnwtYrmotHiFsV/nSk+PAFXVT9vLGsBLkMGGx8Qpb9Vvo
cOrZzWZ5JM8ei/BeUSC4aVOaLsHkcC2LooXojTLTu3KeT42E/ZDf98O2tur6DwEi
Pqqt+A7oHXVEjDrbyl4TR2dzeViZjC9YEBktyNJ/RJnApaKJWaWjg5fEVyL7c7nt
ND8gPaoh
-----END CERTIFICATE-----