Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/ZV_Bi68mHok_O16u73hg9_unbe4.roa
File:                     ZV_Bi68mHok_O16u73hg9_unbe4.roa (raw, json)
Hash identifier:          pKZE1Xox+v3hSObod0mFA3GCqvyH07tUN5ZBH647nOs=
Subject key identifier:   65:5F:C1:8B:AF:26:1E:89:3F:3B:5E:AE:EF:78:60:F7:FB:A7:6D:EE
Certificate issuer:       /CN=e6143c3308ed134ef16701c9057dc9e3d07f56ab
Certificate serial:       019E97B48260884E416CAEAF67F86B1947D7
Authority key identifier: E6:14:3C:33:08:ED:13:4E:F1:67:01:C9:05:7D:C9:E3:D0:7F:56:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hQ8MwjtE07xZwHJBX3J49B_Vqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/ZV_Bi68mHok_O16u73hg9_unbe4.roa
Signing time:             Fri 05 Jun 2026 12:14:09 +0000
ROA not before:           Fri 05 Jun 2026 12:14:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197728
IP address blocks:        91.239.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/5hQ8MwjtE07xZwHJBX3J49B_Vqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/5hQ8MwjtE07xZwHJBX3J49B_Vqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hQ8MwjtE07xZwHJBX3J49B_Vqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:b4:82:60:88:4e:41:6c:ae:af:67:f8:6b:19:47:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6143c3308ed134ef16701c9057dc9e3d07f56ab
        Validity
            Not Before: Jun  5 12:14:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=655fc18baf261e893f3b5eaeef7860f7fba76dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:38:d0:e6:c0:a8:08:e1:c4:f2:72:31:d8:57:
                    d9:c5:fe:b7:e6:be:a8:56:76:fd:a3:f0:63:c3:bd:
                    2e:3b:7f:f8:e5:64:c0:01:a8:2b:ef:be:17:95:49:
                    84:e5:25:b4:9c:b8:a8:91:73:0e:15:04:32:a0:2c:
                    4c:4b:f0:da:16:79:50:0d:c1:5b:80:37:24:e5:11:
                    29:46:52:f0:c2:c4:93:5d:ce:da:2f:ae:6b:be:cf:
                    bb:93:69:4d:04:af:b2:16:77:24:70:93:40:5a:37:
                    75:69:cc:e0:46:25:f0:62:b8:41:88:f6:ff:cb:6c:
                    c2:e5:0a:b6:87:97:67:16:3e:5e:34:f6:cc:3a:a1:
                    25:bb:02:af:e9:be:b8:bd:5f:74:f3:cc:49:39:73:
                    72:91:9d:35:2e:ba:39:ff:52:c5:c9:37:ff:eb:e8:
                    24:53:0d:6d:cc:fc:eb:34:3b:c8:0a:64:b4:40:9e:
                    6e:49:2d:58:c3:5b:7e:50:e3:43:93:4e:54:36:02:
                    6e:29:cb:ab:25:d7:81:36:a7:84:28:8c:c4:a5:e0:
                    45:19:5f:a6:82:e6:69:58:de:50:2f:7a:a0:fd:a5:
                    f2:e1:b1:3b:7f:a4:c0:20:2c:40:6a:9d:7c:3d:29:
                    cc:ec:08:b0:0e:b0:74:ef:b7:0e:f8:2a:ed:57:75:
                    e9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:5F:C1:8B:AF:26:1E:89:3F:3B:5E:AE:EF:78:60:F7:FB:A7:6D:EE
            X509v3 Authority Key Identifier:
                keyid:E6:14:3C:33:08:ED:13:4E:F1:67:01:C9:05:7D:C9:E3:D0:7F:56:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hQ8MwjtE07xZwHJBX3J49B_Vqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/ZV_Bi68mHok_O16u73hg9_unbe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8f6b4c-f872-484c-90c2-41c9f7448033/1/5hQ8MwjtE07xZwHJBX3J49B_Vqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:2d:1e:28:b0:cc:a3:8e:95:1c:85:01:06:87:5a:6b:bc:46:
         0e:67:56:22:d2:44:27:f6:e5:f7:48:7d:4d:3e:78:a4:a1:e6:
         bb:60:3d:6a:18:19:34:5d:5d:41:8e:ca:19:21:c2:d9:85:2a:
         52:e9:16:b7:b9:24:0e:aa:c5:f7:f8:09:53:89:8d:30:ef:9d:
         ae:7f:d1:a0:71:82:4f:05:21:f9:9c:53:73:a8:8c:04:da:3c:
         f4:4c:b5:92:e3:16:75:a0:a4:ec:c9:5c:fc:6a:5f:e2:78:90:
         de:18:09:92:fd:82:db:38:81:f2:71:cd:56:11:34:22:b2:06:
         f3:96:fb:d9:7f:63:b7:60:94:2a:0c:97:97:66:22:45:3a:11:
         e7:8f:e3:e0:41:91:94:7c:75:13:42:cb:b1:8d:95:d3:c6:6f:
         50:f9:19:67:ed:2b:86:1c:e6:5f:e1:0c:d6:bd:1a:18:ac:31:
         41:82:d9:cd:ad:19:f4:8a:d2:b1:04:f8:66:2f:b0:7f:da:a5:
         ad:a5:1f:30:5c:59:b9:fd:11:39:d4:67:f7:d3:a4:cf:b9:3b:
         9e:80:b2:a8:c0:8a:51:99:4b:9d:a4:cb:d6:9a:48:5d:4f:37:
         51:4b:99:62:f5:73:df:42:22:db:5d:d3:c3:94:2a:17:82:e6:
         0e:fa:e1:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XtIJgiE5BbK6vZ/hrGUfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MTQzYzMzMDhlZDEzNGVmMTY3MDFjOTA1N2RjOWUzZDA3
ZjU2YWIwHhcNMjYwNjA1MTIxNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTVmYzE4YmFmMjYxZTg5M2YzYjVlYWVlZjc4NjBmN2ZiYTc2ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zjQ5sCoCOHE8nIx2FfZxf635r6o
Vnb9o/Bjw70uO3/45WTAAagr774XlUmE5SW0nLiokXMOFQQyoCxMS/DaFnlQDcFb
gDck5REpRlLwwsSTXc7aL65rvs+7k2lNBK+yFnckcJNAWjd1aczgRiXwYrhBiPb/
y2zC5Qq2h5dnFj5eNPbMOqEluwKv6b64vV9088xJOXNykZ01Lro5/1LFyTf/6+gk
Uw1tzPzrNDvICmS0QJ5uSS1Yw1t+UONDk05UNgJuKcurJdeBNqeEKIzEpeBFGV+m
guZpWN5QL3qg/aXy4bE7f6TAICxAap18PSnM7AiwDrB077cO+CrtV3XpfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVfwYuvJh6JPzteru94YPf7p23uMB8GA1UdIwQY
MBaAFOYUPDMI7RNO8WcByQV9yePQf1arMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWhROE13anRFMDd4WndISkJYM0o0OUJfVnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS84ZjZiNGMtZjg3Mi00ODRjLTkwYzIt
NDFjOWY3NDQ4MDMzLzEvWlZfQmk2OG1Ib2tfTzE2dTczaGc5X3VuYmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS84ZjZiNGMtZjg3Mi00ODRjLTkwYzItNDFjOWY3NDQ4MDMz
LzEvNWhROE13anRFMDd4WndISkJYM0o0OUJfVnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++sMA0G
CSqGSIb3DQEBCwUAA4IBAQB6LR4osMyjjpUchQEGh1prvEYOZ1Yi0kQn9uX3SH1N
Pnikoea7YD1qGBk0XV1BjsoZIcLZhSpS6Ra3uSQOqsX3+AlTiY0w752uf9GgcYJP
BSH5nFNzqIwE2jz0TLWS4xZ1oKTsyVz8al/ieJDeGAmS/YLbOIHycc1WETQisgbz
lvvZf2O3YJQqDJeXZiJFOhHnj+PgQZGUfHUTQsuxjZXTxm9Q+Rln7SuGHOZf4QzW
vRoYrDFBgtnNrRn0itKxBPhmL7B/2qWtpR8wXFm5/RE51Gf306TPuTuegLKowIpR
mUudpMvWmkhdTzdRS5li9XPfQiLbXdPDlCoXguYO+uFE
-----END CERTIFICATE-----