Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/ZZ4HmXsncRW4Duwlwd9BhGfdvNU.roa
File:                     ZZ4HmXsncRW4Duwlwd9BhGfdvNU.roa (raw, json)
Hash identifier:          AltMyFS1s/HAyVQ82EJUVtjUQ8FL/MMkrFmI+rDpQvg=
Subject key identifier:   65:9E:07:99:7B:27:71:15:B8:0E:EC:25:C1:DF:41:84:67:DD:BC:D5
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019E02396ABCF2C3839131632A488565500B
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/ZZ4HmXsncRW4Duwlwd9BhGfdvNU.roa
Signing time:             Thu 07 May 2026 11:36:17 +0000
ROA not before:           Thu 07 May 2026 11:36:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        141.0.185.0/24 maxlen: 24
                          141.0.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:39:6a:bc:f2:c3:83:91:31:63:2a:48:85:65:50:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: May  7 11:36:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=659e07997b277115b80eec25c1df418467ddbcd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:f6:bb:3f:43:82:bc:a4:45:4e:82:ff:22:
                    f7:70:27:22:73:93:74:a3:b3:b6:99:9b:64:b7:f8:
                    e1:37:a3:ba:96:b1:98:95:8b:9d:93:70:de:71:50:
                    38:a4:df:d1:82:65:ea:66:6c:a0:54:ff:a8:91:5d:
                    bb:25:88:ab:b7:43:8d:c3:83:e4:46:01:95:17:0c:
                    26:a4:e6:76:41:b4:6c:e3:f1:28:b4:34:42:37:92:
                    f8:45:5d:4e:b5:1f:79:6c:b5:f7:9b:f5:1d:9c:5a:
                    e8:ee:8a:cf:79:25:02:cb:84:09:5c:48:96:b9:a3:
                    9a:4e:67:4a:0d:be:f6:eb:86:2c:ca:1f:1a:f9:1b:
                    33:6c:9c:1d:8e:11:60:93:60:8f:5c:6e:17:ab:5f:
                    1c:cf:da:e7:58:97:f5:7d:b1:4b:04:92:ef:34:52:
                    3f:38:6d:49:10:ff:27:42:c3:7c:59:21:80:6a:0b:
                    51:87:9a:81:07:e1:2e:c3:a4:a2:c7:73:69:db:81:
                    66:b9:f4:cf:bd:47:f9:53:80:b2:59:f3:a5:31:d7:
                    c2:1b:38:82:38:6f:ee:97:8c:f6:2e:57:d6:3e:08:
                    92:d9:8e:e0:9f:f2:69:86:ff:e1:40:37:e0:8a:7c:
                    8d:d6:12:a0:38:3c:49:11:4f:1d:1d:d6:c2:0b:29:
                    d6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9E:07:99:7B:27:71:15:B8:0E:EC:25:C1:DF:41:84:67:DD:BC:D5
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/ZZ4HmXsncRW4Duwlwd9BhGfdvNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.0.185.0/24
                  141.0.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:7b:ca:3b:80:72:51:3e:11:42:01:ee:30:54:dd:46:86:b8:
         43:5e:70:3f:85:9c:ba:37:45:84:2a:22:a3:af:41:64:a4:f5:
         ed:d8:c1:87:d0:40:71:64:c3:2b:3b:c2:2e:25:3a:1d:00:3b:
         3c:8f:ec:6e:93:9d:03:fc:6b:cf:da:19:0f:59:20:15:a8:4a:
         1c:c5:9f:7c:fa:fc:b8:52:e3:ea:68:70:81:c7:86:b3:89:2f:
         09:1c:a4:8b:10:2e:9f:97:9b:71:cc:79:da:75:11:aa:6d:4a:
         fb:26:91:2e:00:a9:11:bf:64:af:f3:18:cf:a7:eb:37:65:9d:
         7a:dd:01:6c:5d:71:34:31:de:00:23:fb:cb:e6:0e:b7:74:1e:
         27:0f:7c:c9:ef:36:23:43:01:72:7e:67:70:12:fb:46:6e:6a:
         c9:ab:47:f3:91:d7:e4:99:86:e3:20:63:3e:05:ad:d6:cd:fd:
         97:09:d3:75:d1:57:a9:dc:b3:cf:e7:3b:75:39:b1:2a:85:30:
         4f:ee:4f:a1:ff:1f:13:91:3b:d3:35:59:39:88:90:8b:86:82:
         68:75:1e:1d:d8:0b:3a:9a:07:b1:b8:d7:f9:2d:4c:88:a8:2c:
         1d:29:6a:77:c2:9e:6c:ab:c8:75:91:2f:9b:7c:85:e6:3d:50:
         e4:7e:f7:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4COWq88sODkTFjKkiFZVALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNTA3MTEzNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTllMDc5OTdiMjc3MTE1YjgwZWVjMjVjMWRmNDE4NDY3ZGRiY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3b2uz9DgrykRU6C/yL3cCcic5N0
o7O2mZtkt/jhN6O6lrGYlYudk3DecVA4pN/RgmXqZmygVP+okV27JYirt0ONw4Pk
RgGVFwwmpOZ2QbRs4/EotDRCN5L4RV1OtR95bLX3m/UdnFro7orPeSUCy4QJXEiW
uaOaTmdKDb7264Ysyh8a+RszbJwdjhFgk2CPXG4Xq18cz9rnWJf1fbFLBJLvNFI/
OG1JEP8nQsN8WSGAagtRh5qBB+Euw6Six3Np24FmufTPvUf5U4CyWfOlMdfCGziC
OG/ul4z2LlfWPgiS2Y7gn/Jphv/hQDfginyN1hKgODxJEU8dHdbCCynWEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWeB5l7J3EVuA7sJcHfQYRn3bzVMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvWlo0SG1Yc25jUlc0RHV3bHdkOUJoR2Zkdk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQC5AwQA
jQC7MA0GCSqGSIb3DQEBCwUAA4IBAQBEe8o7gHJRPhFCAe4wVN1GhrhDXnA/hZy6
N0WEKiKjr0FkpPXt2MGH0EBxZMMrO8IuJTodADs8j+xuk50D/GvP2hkPWSAVqEoc
xZ98+vy4UuPqaHCBx4aziS8JHKSLEC6fl5txzHnadRGqbUr7JpEuAKkRv2Sv8xjP
p+s3ZZ163QFsXXE0Md4AI/vL5g63dB4nD3zJ7zYjQwFyfmdwEvtGbmrJq0fzkdfk
mYbjIGM+Ba3Wzf2XCdN10Vep3LPP5zt1ObEqhTBP7k+h/x8TkTvTNVk5iJCLhoJo
dR4d2As6mgexuNf5LUyIqCwdKWp3wp5sq8h1kS+bfIXmPVDkfvcC
-----END CERTIFICATE-----