Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/ZM7sBOS1__nX62cIoZRgy8E0pT4.roa
File:                     ZM7sBOS1__nX62cIoZRgy8E0pT4.roa (raw, json)
Hash identifier:          LJf1TmWFBYYcLF4hc7JJBLKxL2dYRMAEDOi7kwikldc=
Subject key identifier:   64:CE:EC:04:E4:B5:FF:F9:D7:EB:67:08:A1:94:60:CB:C1:34:A5:3E
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       019C8B6179E877829129EBF4CE6B38CD88DA
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/ZM7sBOS1__nX62cIoZRgy8E0pT4.roa
Signing time:             Mon 23 Feb 2026 16:42:27 +0000
ROA not before:           Mon 23 Feb 2026 16:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33915
IP address blocks:        145.46.128.0/18 maxlen: 18
                          145.46.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:61:79:e8:77:82:91:29:eb:f4:ce:6b:38:cd:88:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Feb 23 16:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64ceec04e4b5fff9d7eb6708a19460cbc134a53e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:76:b8:59:31:bf:ef:53:47:52:d6:ff:82:e9:
                    bc:6d:48:98:95:19:f2:1b:d3:42:1d:77:eb:65:ed:
                    09:4a:e1:8c:73:d5:11:9e:a8:3f:4f:b6:58:e2:86:
                    1f:79:17:c3:ae:3b:2f:e8:6d:2b:96:0a:9b:8c:96:
                    ac:ea:12:1d:2d:5f:f8:99:0a:d2:10:a8:23:6c:f2:
                    e5:dd:2d:fe:23:2d:c1:51:07:77:9c:e5:91:8e:c2:
                    11:26:e7:20:be:46:15:bc:09:39:6d:70:5a:9c:db:
                    30:ed:b4:64:9e:8b:bc:84:83:65:69:ec:06:67:49:
                    2f:0f:0d:e1:9a:ca:6f:3c:cb:11:f6:21:76:ed:04:
                    9c:ee:d6:b3:0b:06:bd:6b:3d:97:c1:6e:39:7e:3d:
                    ca:25:24:a4:c1:82:28:15:62:a7:23:d3:db:2d:e9:
                    3a:2e:b4:a4:fc:dc:86:36:02:e1:f9:36:5f:cf:f2:
                    01:ae:6c:5d:45:e7:9d:d9:af:f5:19:47:00:f6:2c:
                    86:bd:13:29:96:84:22:44:71:d1:6d:06:2f:7e:44:
                    bd:a4:ba:7f:3b:c3:ec:8a:f8:f1:3a:ff:18:2e:00:
                    ea:51:72:ef:01:f6:80:af:dd:a1:57:6e:6b:ce:1c:
                    f7:50:86:6b:79:4c:1b:28:b1:92:ac:46:87:73:a0:
                    c9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CE:EC:04:E4:B5:FF:F9:D7:EB:67:08:A1:94:60:CB:C1:34:A5:3E
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/ZM7sBOS1__nX62cIoZRgy8E0pT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         ac:db:0d:2c:50:6a:35:2f:79:20:9b:4d:43:c5:90:4a:f2:cd:
         eb:28:4f:73:4c:de:1c:7d:62:b1:5a:cd:05:a3:e2:70:2f:b4:
         a6:48:39:12:4d:48:ac:cf:ea:35:44:0e:b8:1f:5e:ab:5b:b6:
         4e:21:99:53:63:bf:55:b8:0a:a0:7a:ef:f6:69:3a:36:a9:e3:
         9e:17:cf:46:a5:e9:fe:ae:99:62:7a:29:42:80:a5:1a:82:90:
         13:19:34:55:87:d7:25:29:82:a7:26:00:e0:ce:6e:56:02:76:
         b7:1f:bb:d0:a7:73:dc:ff:b4:e0:ff:e7:bd:a9:8f:c9:7d:fc:
         89:48:2f:00:b6:07:e9:bb:27:b4:cf:fe:93:3e:99:a3:c4:3f:
         c3:9e:93:ce:8e:9b:bf:9c:0d:39:c6:73:14:ab:56:63:2d:ca:
         da:60:a3:0f:e7:d0:90:6e:e9:30:09:e1:e4:69:71:46:0e:da:
         d1:cd:9c:d3:c6:1e:e4:b2:a1:8a:4c:fa:68:f4:dd:4b:22:91:
         2e:99:09:c2:60:5d:c5:ce:7c:44:bb:83:28:14:ea:8e:a1:79:
         69:38:c4:44:8d:e8:5e:19:ba:43:b8:c7:a5:eb:59:a8:07:49:
         77:db:7c:c3:a0:f8:8b:07:14:cc:1e:34:ad:b0:53:8d:14:31:
         ad:f0:bb:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyLYXnod4KRKev0zms4zYjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjYwMjIzMTY0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNlZWMwNGU0YjVmZmY5ZDdlYjY3MDhhMTk0NjBjYmMxMzRhNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43a4WTG/71NHUtb/gum8bUiYlRny
G9NCHXfrZe0JSuGMc9URnqg/T7ZY4oYfeRfDrjsv6G0rlgqbjJas6hIdLV/4mQrS
EKgjbPLl3S3+Iy3BUQd3nOWRjsIRJucgvkYVvAk5bXBanNsw7bRknou8hINlaewG
Z0kvDw3hmspvPMsR9iF27QSc7tazCwa9az2XwW45fj3KJSSkwYIoFWKnI9PbLek6
LrSk/NyGNgLh+TZfz/IBrmxdReed2a/1GUcA9iyGvRMploQiRHHRbQYvfkS9pLp/
O8PsivjxOv8YLgDqUXLvAfaAr92hV25rzhz3UIZreUwbKLGSrEaHc6DJ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTO7ATktf/51+tnCKGUYMvBNKU+MB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvWk03c0JPUzFfX25YNjJjSW9aUmd5OEUwcFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkS6AMA0G
CSqGSIb3DQEBCwUAA4IBAQCs2w0sUGo1L3kgm01DxZBK8s3rKE9zTN4cfWKxWs0F
o+JwL7SmSDkSTUisz+o1RA64H16rW7ZOIZlTY79VuAqgeu/2aTo2qeOeF89Gpen+
rplieilCgKUagpATGTRVh9clKYKnJgDgzm5WAna3H7vQp3Pc/7Tg/+e9qY/JffyJ
SC8Atgfpuye0z/6TPpmjxD/DnpPOjpu/nA05xnMUq1ZjLcraYKMP59CQbukwCeHk
aXFGDtrRzZzTxh7ksqGKTPpo9N1LIpEumQnCYF3FznxEu4MoFOqOoXlpOMREjehe
GbpDuMel61moB0l323zDoPiLBxTMHjStsFONFDGt8Lub
-----END CERTIFICATE-----