Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/ZR8cdqV6QtDUIcFSAkUEoKejq3o.roa
File:                     ZR8cdqV6QtDUIcFSAkUEoKejq3o.roa (raw, json)
Hash identifier:          wxqypfRA+7HeYUNNOYo0W5htS2qjZnymm/0E/jIq1no=
Subject key identifier:   65:1F:1C:76:A5:7A:42:D0:D4:21:C1:52:02:45:04:A0:A7:A3:AB:7A
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019DFCD247A80939B3F9C96D2BB0992601DC
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/ZR8cdqV6QtDUIcFSAkUEoKejq3o.roa
Signing time:             Wed 06 May 2026 10:25:32 +0000
ROA not before:           Wed 06 May 2026 10:25:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212667
IP address blocks:        46.38.128.0/24 maxlen: 24
                          46.38.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:d2:47:a8:09:39:b3:f9:c9:6d:2b:b0:99:26:01:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May  6 10:25:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=651f1c76a57a42d0d421c152024504a0a7a3ab7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:de:96:3f:33:fe:7a:18:9a:8e:9c:02:86:64:
                    c8:31:29:32:fd:9e:68:95:71:3b:a8:12:9a:05:0c:
                    ef:c4:61:bc:d3:12:d7:f1:2d:df:9c:9c:d9:4f:c5:
                    19:3f:02:8b:80:e0:5a:68:e8:1b:60:88:32:a0:97:
                    55:c4:cc:15:9b:a0:0e:2a:9d:90:44:d9:29:61:08:
                    cf:52:69:b3:8f:26:89:db:a4:49:fc:d8:58:d9:b7:
                    4d:1a:fe:cf:c6:c3:8a:ed:e9:c0:88:09:08:ba:2f:
                    8a:ca:83:6b:79:8a:a5:2e:37:bb:2d:49:a8:32:81:
                    c4:b3:42:19:37:37:16:9b:79:dd:e9:1e:ad:ae:cc:
                    a3:f2:20:81:2a:82:1d:aa:ec:6f:6b:55:5a:94:4d:
                    3d:9c:5c:ad:3c:20:f6:9d:c6:cd:44:d4:dd:92:85:
                    c2:10:0f:f2:2d:24:1f:91:8b:6a:03:4f:23:a3:27:
                    c6:35:38:6a:0e:08:29:5b:0d:b8:3a:11:d5:af:03:
                    32:79:49:e9:67:35:b0:5d:a2:81:54:9e:3e:71:ec:
                    5e:44:49:64:ee:16:34:49:55:dc:9a:be:5b:37:17:
                    01:94:84:d4:83:3d:38:a2:ac:bf:45:8a:66:95:c4:
                    c3:24:6c:cb:66:8d:46:ec:21:9b:36:f6:07:df:81:
                    87:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1F:1C:76:A5:7A:42:D0:D4:21:C1:52:02:45:04:A0:A7:A3:AB:7A
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/ZR8cdqV6QtDUIcFSAkUEoKejq3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.128.0/24
                  46.38.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4e:1a:22:e1:23:bc:1e:fd:3b:75:c1:ef:2e:a8:ae:1a:e0:
         4f:e5:50:4f:f1:97:89:7a:d4:3b:ce:44:65:18:09:c3:97:74:
         72:28:9b:16:1c:7b:f5:d1:32:0f:5d:4d:2a:42:54:ae:97:d8:
         0c:1c:98:83:12:63:30:9f:90:bf:c8:18:a1:40:b2:ee:20:ce:
         02:9d:bf:ef:fc:57:fd:2c:0b:eb:2a:7f:c2:67:e9:15:99:3c:
         ed:67:38:88:05:3f:7d:9e:e9:a4:e6:09:38:0d:5c:79:1c:ca:
         a9:b1:67:40:ae:39:4e:79:f0:f3:67:89:fd:75:ad:bc:73:8a:
         ca:49:dd:14:02:b5:72:45:fa:ce:18:a6:16:6c:62:96:94:07:
         0a:7e:f3:7d:32:29:75:8d:c3:f4:15:aa:0d:60:ef:71:bb:c5:
         c0:3b:0b:67:c1:79:36:da:7a:dc:dd:5a:39:d7:5d:bc:a8:09:
         e4:75:76:82:2b:ca:e9:51:6f:08:01:a6:fc:73:01:90:3c:e4:
         aa:49:a7:12:a9:b2:6b:e5:bc:1a:47:fc:88:8e:cf:d9:41:b5:
         a4:fc:ec:70:1d:4b:ba:bb:c3:15:bf:5c:dd:5f:39:51:c3:f6:
         ed:7f:b2:b7:5d:41:4e:e5:e8:14:db:dc:51:c7:c1:ad:c1:c3:
         1f:f1:f3:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ380keoCTmz+cltK7CZJgHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwNTA2MTAyNTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFmMWM3NmE1N2E0MmQwZDQyMWMxNTIwMjQ1MDRhMGE3YTNhYjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxN6WPzP+ehiajpwChmTIMSky/Z5o
lXE7qBKaBQzvxGG80xLX8S3fnJzZT8UZPwKLgOBaaOgbYIgyoJdVxMwVm6AOKp2Q
RNkpYQjPUmmzjyaJ26RJ/NhY2bdNGv7PxsOK7enAiAkIui+KyoNreYqlLje7LUmo
MoHEs0IZNzcWm3nd6R6trsyj8iCBKoIdquxva1ValE09nFytPCD2ncbNRNTdkoXC
EA/yLSQfkYtqA08joyfGNThqDggpWw24OhHVrwMyeUnpZzWwXaKBVJ4+cexeRElk
7hY0SVXcmr5bNxcBlITUgz04oqy/RYpmlcTDJGzLZo1G7CGbNvYH34GHhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGUfHHalekLQ1CHBUgJFBKCno6t6MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvWlI4Y2RxVjZRdERVSWNGU0FrVUVvS2VqcTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiaAAwQA
LiaCMA0GCSqGSIb3DQEBCwUAA4IBAQCZThoi4SO8Hv07dcHvLqiuGuBP5VBP8ZeJ
etQ7zkRlGAnDl3RyKJsWHHv10TIPXU0qQlSul9gMHJiDEmMwn5C/yBihQLLuIM4C
nb/v/Ff9LAvrKn/CZ+kVmTztZziIBT99numk5gk4DVx5HMqpsWdArjlOefDzZ4n9
da28c4rKSd0UArVyRfrOGKYWbGKWlAcKfvN9Mil1jcP0FaoNYO9xu8XAOwtnwXk2
2nrc3Vo51128qAnkdXaCK8rpUW8IAab8cwGQPOSqSacSqbJr5bwaR/yIjs/ZQbWk
/OxwHUu6u8MVv1zdXzlRw/btf7K3XUFO5egU29xRx8GtwcMf8fO7
-----END CERTIFICATE-----