Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/Zwspllzg46eGGBAmk75fKGUNIMs.roa
File:                     Zwspllzg46eGGBAmk75fKGUNIMs.roa (raw, json)
Hash identifier:          SP7acjr2fc/Seb508pgEvQAcmNKQjk7dz5FLGa5z8Eg=
Subject key identifier:   67:0B:29:96:5C:E0:E3:A7:86:18:10:26:93:BE:5F:28:65:0D:20:CB
Certificate issuer:       /CN=5f0211c91e9e0d35cb513345913e0a1a61bfd249
Certificate serial:       0198576EB29D27F526EB8FC8E99022E4026A
Authority key identifier: 5F:02:11:C9:1E:9E:0D:35:CB:51:33:45:91:3E:0A:1A:61:BF:D2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/Zwspllzg46eGGBAmk75fKGUNIMs.roa
Signing time:             Tue 29 Jul 2025 18:25:29 +0000
ROA not before:           Tue 29 Jul 2025 18:25:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213333
IP address blocks:        167.150.81.0/24 maxlen: 24
                          2001:67c:1520::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:57:6e:b2:9d:27:f5:26:eb:8f:c8:e9:90:22:e4:02:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0211c91e9e0d35cb513345913e0a1a61bfd249
        Validity
            Not Before: Jul 29 18:25:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=670b29965ce0e3a78618102693be5f28650d20cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:bc:12:72:db:3f:c5:32:d0:e4:c9:de:a5:
                    2f:70:4c:65:27:d2:d1:15:c4:d9:3d:40:d9:7e:5f:
                    0d:1b:65:0c:ef:e8:de:ed:6b:08:da:c9:1d:88:76:
                    de:b9:3a:87:00:56:cd:68:3d:86:55:80:88:82:1e:
                    f7:d3:7c:59:a3:96:58:bd:10:f5:36:1b:59:27:4e:
                    06:c6:90:3b:15:39:34:d8:b3:f9:e4:74:77:72:32:
                    da:01:51:44:e4:27:28:f0:82:e9:61:db:71:cc:9a:
                    ce:83:c3:9d:5c:e2:c1:ad:cb:ad:bf:fd:e6:7f:9b:
                    f2:c3:15:0b:60:f0:bb:1b:34:5c:99:eb:fa:ee:17:
                    26:e2:48:8f:ac:a8:2b:4f:5b:30:7b:3c:2a:da:86:
                    22:45:b7:5e:5e:92:1d:d2:32:0f:24:be:86:9b:68:
                    2c:94:10:1e:49:75:da:cd:28:07:67:1e:f0:ae:4e:
                    81:c8:2c:75:37:2d:c6:4c:6f:aa:50:4d:55:eb:10:
                    7b:f8:5d:7b:03:5e:ab:91:da:f8:d7:b8:43:64:bc:
                    9c:55:b9:01:67:69:fb:42:76:97:ab:87:a5:f2:c1:
                    ac:ab:c3:e6:df:cc:cf:a9:73:5e:fd:d3:33:39:ef:
                    b3:5b:c1:cf:b9:9a:84:06:fb:a4:cd:90:b9:c0:1f:
                    58:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:0B:29:96:5C:E0:E3:A7:86:18:10:26:93:BE:5F:28:65:0D:20:CB
            X509v3 Authority Key Identifier:
                keyid:5F:02:11:C9:1E:9E:0D:35:CB:51:33:45:91:3E:0A:1A:61:BF:D2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/Zwspllzg46eGGBAmk75fKGUNIMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.81.0/24
                IPv6:
                  2001:67c:1520::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:c1:5f:05:87:9f:a2:34:22:a7:27:2e:8d:db:f8:17:06:e1:
         21:40:47:c5:ce:95:30:de:78:55:42:7a:f1:f7:99:d4:7f:59:
         c5:3a:95:ed:63:11:ae:66:be:73:21:6a:fc:dd:ba:69:54:98:
         fe:8e:7c:2b:66:9b:6a:65:03:0e:77:5c:b0:fa:39:82:84:f3:
         89:08:6a:93:99:9a:5e:cd:51:32:36:6e:81:8b:8f:8b:ff:c9:
         a4:7e:61:67:ba:c9:a8:ae:ae:03:90:c9:35:26:de:f5:49:3d:
         d9:12:e2:c2:3b:b5:91:08:7c:a2:68:dd:c3:61:e0:d8:61:96:
         b8:41:9d:fd:00:51:35:a4:61:cc:63:dd:01:96:be:c9:9e:40:
         1f:b7:3b:37:9f:f5:55:a1:de:79:1c:37:c7:9a:32:76:6e:74:
         ad:e9:41:4f:a0:2a:8b:70:85:bf:76:99:91:8c:f1:99:16:13:
         b3:d0:2d:10:a3:af:3d:ba:87:f8:56:9f:ee:ec:b0:8f:7f:c3:
         f3:ae:a5:bc:90:66:a7:e6:f2:e5:49:67:d6:53:3f:26:5b:f8:
         cf:c1:ed:da:9c:cc:a9:07:49:bc:f4:da:8d:fa:d1:a1:7d:3d:
         15:e6:05:7e:70:c1:65:5c:c3:b8:84:0a:ac:70:bb:22:c2:31:
         d9:a7:61:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhXbrKdJ/Um64/I6ZAi5AJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIxMWM5MWU5ZTBkMzVjYjUxMzM0NTkxM2UwYTFhNjFi
ZmQyNDkwHhcNMjUwNzI5MTgyNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzBiMjk5NjVjZTBlM2E3ODYxODEwMjY5M2JlNWYyODY1MGQyMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9e8EnLbP8Uy0OTJ3qUvcExlJ9LR
FcTZPUDZfl8NG2UM7+je7WsI2skdiHbeuTqHAFbNaD2GVYCIgh7303xZo5ZYvRD1
NhtZJ04GxpA7FTk02LP55HR3cjLaAVFE5Cco8ILpYdtxzJrOg8OdXOLBrcutv/3m
f5vywxULYPC7GzRcmev67hcm4kiPrKgrT1swezwq2oYiRbdeXpId0jIPJL6Gm2gs
lBAeSXXazSgHZx7wrk6ByCx1Ny3GTG+qUE1V6xB7+F17A16rkdr417hDZLycVbkB
Z2n7QnaXq4el8sGsq8Pm38zPqXNe/dMzOe+zW8HPuZqEBvukzZC5wB9Y7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGcLKZZc4OOnhhgQJpO+XyhlDSDLMB8GA1UdIwQY
MBaAFF8CEckeng01y1EzRZE+Chphv9JJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJUnlSNmVEVFhMVVRORmtUNEtHbUdfMGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82NmQwNTctNzdlNS00MjQxLTgwYWEt
MjFmZDM1Y2Y0YmI5LzEvWndzcGxsemc0NmVHR0JBbWs3NWZLR1VOSU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82NmQwNTctNzdlNS00MjQxLTgwYWEtMjFmZDM1Y2Y0YmI5
LzEvWHdJUnlSNmVEVFhMVVRORmtUNEtHbUdfMGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAp5ZRMA8E
AgACMAkDBwAgAQZ8FSAwDQYJKoZIhvcNAQELBQADggEBAGbBXwWHn6I0IqcnLo3b
+BcG4SFAR8XOlTDeeFVCevH3mdR/WcU6le1jEa5mvnMhavzdumlUmP6OfCtmm2pl
Aw53XLD6OYKE84kIapOZml7NUTI2boGLj4v/yaR+YWe6yaiurgOQyTUm3vVJPdkS
4sI7tZEIfKJo3cNh4NhhlrhBnf0AUTWkYcxj3QGWvsmeQB+3Ozef9VWh3nkcN8ea
MnZudK3pQU+gKotwhb92mZGM8ZkWE7PQLRCjrz26h/hWn+7ssI9/w/OupbyQZqfm
8uVJZ9ZTPyZb+M/B7dqczKkHSbz02o360aF9PRXmBX5wwWVcw7iECqxwuyLCMdmn
Yaw=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:22:56 2025 by rpki-client