Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZidyNMEgKgNzgx0a-1UdSL_Swps.roa
File:                     ZidyNMEgKgNzgx0a-1UdSL_Swps.roa (raw, json)
Hash identifier:          L/335+kz8KdyP6cK0H7CpTrJY9MXBpPX16IIONAaVQs=
Subject key identifier:   66:27:72:34:C1:20:2A:03:73:83:1D:1A:FB:55:1D:48:BF:D2:C2:9B
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       019A0BC6B488A20E5EAF2D4576F22F98A942
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZidyNMEgKgNzgx0a-1UdSL_Swps.roa
Signing time:             Wed 22 Oct 2025 11:56:03 +0000
ROA not before:           Wed 22 Oct 2025 11:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        147.161.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:c6:b4:88:a2:0e:5e:af:2d:45:76:f2:2f:98:a9:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Oct 22 11:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66277234c1202a0373831d1afb551d48bfd2c29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f0:a9:22:7a:2f:63:9f:65:9a:55:9f:28:48:
                    bc:1b:38:33:a0:df:41:99:91:42:93:13:7a:52:c1:
                    e3:97:ea:dd:53:40:3f:28:df:0b:06:63:13:4a:4d:
                    c1:6b:1b:ed:db:d7:b3:48:a1:fc:aa:c3:3d:fb:89:
                    ee:5d:c2:e1:7a:a0:9e:47:c4:79:59:59:45:15:c7:
                    7c:c9:f0:84:43:5e:b2:b0:21:14:57:8d:5d:67:9f:
                    30:f2:60:dd:71:01:95:eb:67:7a:b2:e8:ea:ce:15:
                    bb:0b:61:6c:a2:2f:72:57:34:aa:c3:1b:40:88:95:
                    52:c4:57:73:97:4a:02:75:26:8a:e2:b3:37:5b:b1:
                    51:98:63:3c:42:13:a5:3f:e8:63:b5:99:5b:92:58:
                    3a:3c:6f:51:ba:0f:44:d1:e1:01:ea:6b:57:c0:c8:
                    16:b7:b5:e5:72:4c:04:af:0f:51:64:37:ce:5c:d2:
                    76:d0:91:ab:e9:01:c3:34:9b:44:a2:1a:3f:9d:75:
                    3d:e2:87:51:5a:12:03:c2:30:aa:12:09:9b:54:af:
                    2e:2c:52:42:27:ee:e0:3e:9e:a7:92:66:63:45:f4:
                    2f:6d:85:48:c7:b5:1d:22:59:7b:19:80:74:eb:5c:
                    31:d1:3d:88:fe:8e:80:1f:6e:e1:4c:64:8d:ef:64:
                    3e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:27:72:34:C1:20:2A:03:73:83:1D:1A:FB:55:1D:48:BF:D2:C2:9B
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZidyNMEgKgNzgx0a-1UdSL_Swps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:c9:dc:2d:31:f2:e0:f8:0c:69:22:cc:b9:d5:60:81:8d:1b:
         fd:59:c7:33:ef:74:c3:13:33:4c:33:ec:f7:e2:64:46:00:e4:
         21:76:7e:31:d1:b2:4b:ef:e4:f3:f7:49:2b:b2:99:81:dd:0b:
         f6:4c:9e:48:33:79:8d:f7:e1:89:72:95:ff:4c:77:ed:a9:b3:
         35:88:cd:3c:11:f8:79:39:d5:e7:9d:bc:fa:c3:4c:d6:21:30:
         85:bc:0c:0f:88:26:53:3b:02:ae:ba:25:cb:9c:42:58:f0:a1:
         1e:0f:76:9c:ed:8e:a2:45:64:28:ce:7a:11:07:9c:1a:eb:e3:
         ce:fb:89:ca:2d:09:d0:96:14:96:2c:09:91:b2:52:86:c3:17:
         3f:ec:b0:b7:87:9d:f5:e7:d1:aa:fa:73:28:b2:cc:70:7c:c3:
         a2:68:e9:be:7a:0a:a3:20:39:14:e2:55:22:f7:c4:9f:2d:d0:
         9e:97:30:ad:43:fc:32:b4:ba:7a:cc:3f:ef:31:b4:df:b5:bd:
         5c:5b:f1:44:f1:1c:ab:67:75:87:bd:27:4e:57:2e:2c:9e:92:
         13:fd:16:33:fd:7f:6f:62:eb:1a:b0:0d:25:6b:4f:ce:5d:97:
         75:27:2b:16:69:4d:de:72:9a:2f:c9:ba:67:c3:51:f4:2c:8c:
         0a:79:1f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLxrSIog5ery1FdvIvmKlCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUxMDIyMTE1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI3NzIzNGMxMjAyYTAzNzM4MzFkMWFmYjU1MWQ0OGJmZDJjMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfCpInovY59lmlWfKEi8GzgzoN9B
mZFCkxN6UsHjl+rdU0A/KN8LBmMTSk3Baxvt29ezSKH8qsM9+4nuXcLheqCeR8R5
WVlFFcd8yfCEQ16ysCEUV41dZ58w8mDdcQGV62d6sujqzhW7C2Fsoi9yVzSqwxtA
iJVSxFdzl0oCdSaK4rM3W7FRmGM8QhOlP+hjtZlbklg6PG9Rug9E0eEB6mtXwMgW
t7XlckwErw9RZDfOXNJ20JGr6QHDNJtEoho/nXU94odRWhIDwjCqEgmbVK8uLFJC
J+7gPp6nkmZjRfQvbYVIx7UdIll7GYB061wx0T2I/o6AH27hTGSN72Q+5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYncjTBICoDc4MdGvtVHUi/0sKbMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvWmlkeU5NRWdLZ056Z3gwYS0xVWRTTF9Td3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ydwtMfLg+AxpIsy51WCBjRv9Wccz73TDEzNMM+z3
4mRGAOQhdn4x0bJL7+Tz90krspmB3Qv2TJ5IM3mN9+GJcpX/THftqbM1iM08Efh5
OdXnnbz6w0zWITCFvAwPiCZTOwKuuiXLnEJY8KEeD3ac7Y6iRWQoznoRB5wa6+PO
+4nKLQnQlhSWLAmRslKGwxc/7LC3h53159Gq+nMossxwfMOiaOm+egqjIDkU4lUi
98SfLdCelzCtQ/wytLp6zD/vMbTftb1cW/FE8RyrZ3WHvSdOVy4snpIT/RYz/X9v
YusasA0la0/OXZd1JysWaU3ecpovybpnw1H0LIwKeR8J
-----END CERTIFICATE-----