Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/rZZQYoQ-ii1ULymg1gCODzd0s4o.roa
File:                     rZZQYoQ-ii1ULymg1gCODzd0s4o.roa (raw, json)
Hash identifier:          sgyKwwfW2KwaDdlaRSgHtW+s4rE3CgoGYd/sjsljqxY=
Subject key identifier:   AD:96:50:62:84:3E:8A:2D:54:2F:29:A0:D6:00:8E:0F:37:74:B3:8A
Certificate issuer:       /CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
Certificate serial:       019D673F29CBD5B9FFF8757C6ADA3EED40D3
Authority key identifier: 9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/rZZQYoQ-ii1ULymg1gCODzd0s4o.roa
Signing time:             Tue 07 Apr 2026 09:21:25 +0000
ROA not before:           Tue 07 Apr 2026 09:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199492
IP address blocks:        185.229.22.0/23 maxlen: 24
                          2a0d:5e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:3f:29:cb:d5:b9:ff:f8:75:7c:6a:da:3e:ed:40:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
        Validity
            Not Before: Apr  7 09:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad965062843e8a2d542f29a0d6008e0f3774b38a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:4c:bd:c4:b8:d9:59:b8:32:eb:ac:8f:de:
                    16:38:02:ea:ef:22:4e:de:21:44:21:35:1f:54:57:
                    20:4a:5f:87:97:38:05:71:6d:06:d6:cf:47:7e:00:
                    69:4c:94:5c:d3:0a:ad:0d:90:72:51:3c:46:c3:dd:
                    2c:aa:49:5f:fc:1c:3e:10:7f:a0:a2:45:10:c3:f4:
                    6e:e9:15:2b:42:d1:34:af:df:95:61:0c:9b:fd:c7:
                    a1:ab:42:36:92:c8:5c:ff:9e:28:e3:0d:39:ef:06:
                    9a:6a:69:5a:d7:cc:9e:b0:4d:3d:80:8f:95:9e:10:
                    bc:41:96:97:60:a8:22:72:c4:df:6c:42:90:df:c2:
                    d3:f2:47:7f:ca:00:ea:d3:4e:25:52:c2:3b:91:9e:
                    2b:5f:a4:39:8d:15:91:c9:0e:56:2b:e4:11:08:87:
                    20:92:0b:d1:10:52:8d:e3:98:52:e6:56:4e:9d:98:
                    f7:38:a9:4b:e2:86:66:8b:d8:dd:fb:13:43:5e:86:
                    a9:cc:36:a3:15:6c:2f:cb:c3:5a:76:eb:c4:09:30:
                    d1:13:a2:d8:57:07:be:89:b4:ec:34:fb:ef:1b:c5:
                    91:c9:c7:71:9e:8e:77:35:1c:bf:5b:b4:52:e3:3b:
                    2f:86:52:f2:14:44:b4:e8:e9:c1:6d:dd:b1:6a:5d:
                    e2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:96:50:62:84:3E:8A:2D:54:2F:29:A0:D6:00:8E:0F:37:74:B3:8A
            X509v3 Authority Key Identifier:
                keyid:9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/rZZQYoQ-ii1ULymg1gCODzd0s4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.22.0/23
                IPv6:
                  2a0d:5e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:51:33:8a:ec:47:49:4d:e1:63:b5:e6:63:59:5f:23:5e:73:
         84:db:4a:fe:05:08:b4:8f:e8:34:24:53:e0:60:29:c7:65:30:
         75:41:e2:7b:ad:00:0e:4b:7b:8c:bb:55:2a:58:6d:ec:1b:5e:
         41:2b:65:da:d1:a3:01:88:c1:c0:34:f1:9b:64:98:a3:45:0a:
         27:97:57:a1:a3:a2:04:27:75:6f:0b:13:d0:37:fa:d9:96:35:
         54:c0:5d:5d:42:c0:17:68:7a:25:bf:cd:03:c4:50:04:74:51:
         15:4a:54:c8:70:65:35:31:f6:b8:05:0b:7a:e7:40:d0:28:52:
         6d:b1:79:6d:13:33:72:b3:5b:50:b5:68:1b:f0:c0:6d:fb:85:
         9e:7c:a9:54:a9:f0:d9:67:49:42:ad:a0:e7:51:17:49:59:46:
         a5:4f:c7:3c:8e:03:c0:e1:fb:99:bd:6d:a2:ee:50:05:b0:68:
         10:64:68:d0:e8:bf:1e:5a:13:d8:22:49:d8:02:7a:59:86:a3:
         d7:06:ea:10:9a:34:dc:ea:71:8a:b0:c2:86:25:73:fa:ad:78:
         85:45:ba:ca:2e:ee:0c:b0:ae:01:f5:0e:a5:32:3e:d9:6e:37:
         5f:26:67:2d:d1:7f:9f:43:be:17:5f:87:71:d0:2e:56:d7:d7:
         39:42:b6:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1nPynL1bn/+HV8ato+7UDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjMxNDNhMmU3M2YyMDllNjlkOTdjNGI4Zjc4Y2RhNWY0
MzcwMDUwHhcNMjYwNDA3MDkyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk2NTA2Mjg0M2U4YTJkNTQyZjI5YTBkNjAwOGUwZjM3NzRiMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheZMvcS42Vm4Muusj94WOALq7yJO
3iFEITUfVFcgSl+HlzgFcW0G1s9HfgBpTJRc0wqtDZByUTxGw90sqklf/Bw+EH+g
okUQw/Ru6RUrQtE0r9+VYQyb/cehq0I2kshc/54o4w057waaamla18yesE09gI+V
nhC8QZaXYKgicsTfbEKQ38LT8kd/ygDq004lUsI7kZ4rX6Q5jRWRyQ5WK+QRCIcg
kgvREFKN45hS5lZOnZj3OKlL4oZmi9jd+xNDXoapzDajFWwvy8NaduvECTDRE6LY
Vwe+ibTsNPvvG8WRycdxno53NRy/W7RS4zsvhlLyFES06OnBbd2xal3i0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK2WUGKEPootVC8poNYAjg83dLOKMB8GA1UdIwQY
MBaAFJ6zFDouc/IJ5p2XxLj3jNpfQ3AFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYt
NTAxNjE4NDExYzc2LzEvclpaUVlvUS1paTFVTHltZzFnQ09EemQwczRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYtNTAxNjE4NDExYzc2
LzEvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBueUWMA0E
AgACMAcDBQMqDV4AMA0GCSqGSIb3DQEBCwUAA4IBAQBrUTOK7EdJTeFjteZjWV8j
XnOE20r+BQi0j+g0JFPgYCnHZTB1QeJ7rQAOS3uMu1UqWG3sG15BK2Xa0aMBiMHA
NPGbZJijRQonl1eho6IEJ3VvCxPQN/rZljVUwF1dQsAXaHolv80DxFAEdFEVSlTI
cGU1Mfa4BQt650DQKFJtsXltEzNys1tQtWgb8MBt+4WefKlUqfDZZ0lCraDnURdJ
WUalT8c8jgPA4fuZvW2i7lAFsGgQZGjQ6L8eWhPYIknYAnpZhqPXBuoQmjTc6nGK
sMKGJXP6rXiFRbrKLu4MsK4B9Q6lMj7ZbjdfJmct0X+fQ74XX4dx0C5W19c5QrZm
-----END CERTIFICATE-----