Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P7ZgWKI1Wrjsz9VU4DTzCLAgheI.roa
File:                     P7ZgWKI1Wrjsz9VU4DTzCLAgheI.roa (raw, json)
Hash identifier:          x5YukDSUF+4txhRHDoxZY/oWruu1mketabTf55p1uXU=
Subject key identifier:   3F:B6:60:58:A2:35:5A:B8:EC:CF:D5:54:E0:34:F3:08:B0:20:85:E2
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019EC593F114F436978A42235103B93DEC88
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P7ZgWKI1Wrjsz9VU4DTzCLAgheI.roa
Signing time:             Sun 14 Jun 2026 10:01:07 +0000
ROA not before:           Sun 14 Jun 2026 10:01:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        92.61.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c5:93:f1:14:f4:36:97:8a:42:23:51:03:b9:3d:ec:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jun 14 10:01:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fb66058a2355ab8eccfd554e034f308b02085e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9e:35:f1:3e:c5:55:27:a1:08:23:3a:57:ed:
                    8d:73:e8:97:8f:12:ba:a4:36:b4:ff:4a:18:64:1b:
                    e0:2b:e5:bd:e9:fe:1e:da:4f:1f:b0:06:2a:05:7e:
                    07:19:74:d7:76:d7:45:0b:b5:70:21:3d:fc:80:fc:
                    92:59:a3:23:53:29:e1:c8:ae:75:4c:2d:73:50:c8:
                    3b:20:1d:55:09:59:a9:1f:2d:d7:a0:4b:c4:77:47:
                    88:1e:d6:96:38:6a:49:86:d0:23:28:73:8f:d3:a0:
                    a6:f5:d6:cb:7c:7d:8b:2e:3a:25:50:15:93:75:f4:
                    0c:c8:88:db:97:ab:50:9e:f7:91:5f:1f:23:26:c2:
                    dc:f9:43:90:97:20:5e:47:cf:fd:30:02:98:68:b9:
                    1e:f0:75:2f:b4:e2:f2:0e:25:65:fd:2e:9a:07:15:
                    26:92:90:b5:09:e7:9a:e2:10:c8:ab:a8:8e:e4:b4:
                    29:5d:13:36:7d:a9:7c:f1:87:e0:04:19:5e:e6:38:
                    9b:44:f7:7e:dc:31:e6:3e:c3:47:fc:ca:fb:84:eb:
                    c0:a1:30:1a:8a:ae:44:66:04:bf:9f:fa:d1:f4:27:
                    5e:0a:1c:11:ca:da:1e:f6:fb:2e:4a:6b:19:94:4f:
                    4a:68:07:1b:f1:7c:3d:51:bd:e4:da:7b:68:06:e0:
                    1c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B6:60:58:A2:35:5A:B8:EC:CF:D5:54:E0:34:F3:08:B0:20:85:E2
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P7ZgWKI1Wrjsz9VU4DTzCLAgheI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.61.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:47:f6:91:8a:27:ab:bc:3e:a9:13:b6:71:16:df:c7:78:cf:
         e8:ee:e0:37:b6:4e:eb:79:56:19:68:e4:4c:81:17:44:cd:f5:
         0d:9e:b6:0a:60:0a:2f:91:7f:51:18:40:b3:ee:c9:7d:92:b1:
         d8:94:4f:bd:6a:7b:4e:38:35:1b:86:c8:45:db:db:e7:b7:19:
         9f:5d:e3:65:46:d6:ff:e9:0b:57:d4:30:f6:27:80:2d:c2:f3:
         bc:97:9f:dd:19:91:36:ae:df:db:e3:ba:4c:8b:05:85:e5:8b:
         19:38:ea:90:67:16:42:07:5b:15:b8:2d:a0:1c:c0:95:bf:a7:
         de:ad:c6:99:42:f7:9f:73:e5:68:5e:c4:44:85:08:03:73:a7:
         32:31:76:d7:2c:ac:1c:32:1c:ff:80:c5:c9:13:ed:b0:d0:ad:
         6b:0c:d3:2d:61:0d:99:b5:13:a0:c3:1e:b5:f4:ea:b4:3d:88:
         1f:b9:4c:c9:03:e8:52:04:93:07:ed:be:58:95:03:cf:8a:9c:
         4d:a7:e0:dc:87:65:ae:c3:b1:0b:c5:4a:ce:16:19:bb:78:f5:
         44:48:98:74:78:ba:1d:cf:3b:3a:42:e0:99:32:7e:1f:af:2a:
         29:b8:54:c4:c2:81:4c:05:af:40:5c:0a:d9:14:31:ce:f2:6c:
         10:66:0f:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Fk/EU9DaXikIjUQO5PeyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwNjE0MTAwMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI2NjA1OGEyMzU1YWI4ZWNjZmQ1NTRlMDM0ZjMwOGIwMjA4NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2J418T7FVSehCCM6V+2Nc+iXjxK6
pDa0/0oYZBvgK+W96f4e2k8fsAYqBX4HGXTXdtdFC7VwIT38gPySWaMjUynhyK51
TC1zUMg7IB1VCVmpHy3XoEvEd0eIHtaWOGpJhtAjKHOP06Cm9dbLfH2LLjolUBWT
dfQMyIjbl6tQnveRXx8jJsLc+UOQlyBeR8/9MAKYaLke8HUvtOLyDiVl/S6aBxUm
kpC1Ceea4hDIq6iO5LQpXRM2fal88YfgBBle5jibRPd+3DHmPsNH/Mr7hOvAoTAa
iq5EZgS/n/rR9CdeChwRytoe9vsuSmsZlE9KaAcb8Xw9Ub3k2ntoBuAc2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+2YFiiNVq47M/VVOA08wiwIIXiMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvUDdaZ1dLSTFXcmpzejlWVTREVHpDTEFnaGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD1nMA0G
CSqGSIb3DQEBCwUAA4IBAQBsR/aRiiervD6pE7ZxFt/HeM/o7uA3tk7reVYZaORM
gRdEzfUNnrYKYAovkX9RGECz7sl9krHYlE+9antOODUbhshF29vntxmfXeNlRtb/
6QtX1DD2J4AtwvO8l5/dGZE2rt/b47pMiwWF5YsZOOqQZxZCB1sVuC2gHMCVv6fe
rcaZQvefc+VoXsREhQgDc6cyMXbXLKwcMhz/gMXJE+2w0K1rDNMtYQ2ZtROgwx61
9Oq0PYgfuUzJA+hSBJMH7b5YlQPPipxNp+Dch2Wuw7ELxUrOFhm7ePVESJh0eLod
zzs6QuCZMn4fryopuFTEwoFMBa9AXArZFDHO8mwQZg+O
-----END CERTIFICATE-----