Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/IpZt3R636ZD03S5nVfJoWLfdThw.roa
File:                     IpZt3R636ZD03S5nVfJoWLfdThw.roa (raw, json)
Hash identifier:          2lYw7bc2aQ4JwU9fCqx9mE7G9ukNJ7HxjNeKB5KC5KI=
Subject key identifier:   22:96:6D:DD:1E:B7:E9:90:F4:DD:2E:67:55:F2:68:58:B7:DD:4E:1C
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019E05E0764F2645E451A99673B956225EDB
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/IpZt3R636ZD03S5nVfJoWLfdThw.roa
Signing time:             Fri 08 May 2026 04:37:36 +0000
ROA not before:           Fri 08 May 2026 04:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400909
IP address blocks:        82.163.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:05:e0:76:4f:26:45:e4:51:a9:96:73:b9:56:22:5e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May  8 04:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22966ddd1eb7e990f4dd2e6755f26858b7dd4e1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e2:15:b7:7a:bb:43:86:d5:7c:64:ea:6e:e9:
                    35:87:45:e3:29:31:62:45:1f:d5:1e:af:6b:7e:20:
                    33:44:e3:fc:db:6e:ee:1d:9d:92:52:0f:79:f8:18:
                    3c:f3:68:29:fe:b1:3a:b3:86:e0:e5:25:31:f4:ed:
                    72:24:eb:d4:c2:e8:5a:1a:9e:8e:5f:84:32:aa:cb:
                    f2:33:c6:f6:5e:b5:c7:e2:c8:29:c7:ff:94:53:a9:
                    6f:f1:2e:cf:6b:71:de:2e:21:83:2f:a6:92:a1:b9:
                    a9:0b:38:ba:b9:42:03:d0:7d:a2:62:34:56:c4:66:
                    53:24:46:7b:2d:50:a4:31:eb:48:15:88:ef:94:b0:
                    62:a9:8a:73:19:b5:3e:7c:0a:99:1c:47:ec:5d:16:
                    d2:b5:78:3c:02:39:1b:c0:39:c2:93:73:a2:19:73:
                    9b:58:1f:a5:38:0c:e9:36:12:c6:e3:f0:40:df:4e:
                    55:c0:14:53:8e:7c:cf:8e:e3:e2:23:76:04:0e:4e:
                    fd:4c:89:fb:55:96:40:cb:be:c5:e4:e4:10:88:25:
                    e0:d4:d7:87:78:2a:1f:6b:b6:ff:ae:03:4d:62:fa:
                    84:23:be:53:9a:ae:fe:01:81:c2:13:9e:e3:0a:4e:
                    dd:4a:ce:d0:cf:cb:43:22:98:91:80:a8:1e:b5:b7:
                    13:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:96:6D:DD:1E:B7:E9:90:F4:DD:2E:67:55:F2:68:58:B7:DD:4E:1C
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/IpZt3R636ZD03S5nVfJoWLfdThw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:ea:e5:d9:f9:21:ef:f3:34:6e:85:e5:b0:42:e9:27:91:02:
         75:cb:5f:7f:e7:b0:f7:6d:60:39:d6:a6:49:18:c5:56:4a:f2:
         9b:3d:e2:36:24:d7:36:cc:f6:dc:e8:ad:93:33:93:00:c0:9c:
         cb:a4:88:c0:6f:f5:01:34:db:f0:dc:71:78:e6:52:e7:da:dd:
         1a:5e:64:ed:a0:9a:0e:18:52:a6:03:db:06:c3:21:1e:9a:0d:
         25:d5:a2:c6:6b:97:d6:24:2f:67:cd:21:93:ae:36:c0:68:35:
         48:77:3f:71:f5:2e:b2:2f:7e:12:51:97:2b:24:92:fd:c9:5a:
         42:c9:39:64:ee:46:26:c0:21:96:4e:e1:eb:8f:a8:cd:2d:bf:
         27:89:27:8c:5f:b8:15:33:83:64:b1:d1:a1:df:ae:b7:00:4b:
         5d:43:53:e6:f5:27:34:e3:c3:be:c3:ca:e8:d1:86:88:b7:72:
         7a:f9:ba:f9:ee:7e:53:da:a4:07:4b:91:f4:04:89:3b:24:70:
         dc:1b:4d:3e:83:d2:a1:3b:a8:6b:df:7f:94:ca:ea:79:0f:38:
         11:0e:3b:e0:8b:0f:14:93:bf:c4:19:e0:dd:d7:24:92:2f:97:
         11:41:da:e9:e6:f8:74:44:c2:6d:0b:5e:ec:b9:8c:c0:0e:c4:
         ca:b5:2a:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4F4HZPJkXkUamWc7lWIl7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwNTA4MDQzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjk2NmRkZDFlYjdlOTkwZjRkZDJlNjc1NWYyNjg1OGI3ZGQ0ZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uIVt3q7Q4bVfGTqbuk1h0XjKTFi
RR/VHq9rfiAzROP8227uHZ2SUg95+Bg882gp/rE6s4bg5SUx9O1yJOvUwuhaGp6O
X4QyqsvyM8b2XrXH4sgpx/+UU6lv8S7Pa3HeLiGDL6aSobmpCzi6uUID0H2iYjRW
xGZTJEZ7LVCkMetIFYjvlLBiqYpzGbU+fAqZHEfsXRbStXg8AjkbwDnCk3OiGXOb
WB+lOAzpNhLG4/BA305VwBRTjnzPjuPiI3YEDk79TIn7VZZAy77F5OQQiCXg1NeH
eCofa7b/rgNNYvqEI75Tmq7+AYHCE57jCk7dSs7Qz8tDIpiRgKgetbcTsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKWbd0et+mQ9N0uZ1XyaFi33U4cMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvSXBadDNSNjM2WkQwM1M1blZmSm9XTGZkVGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqPkMA0G
CSqGSIb3DQEBCwUAA4IBAQBm6uXZ+SHv8zRuheWwQuknkQJ1y19/57D3bWA51qZJ
GMVWSvKbPeI2JNc2zPbc6K2TM5MAwJzLpIjAb/UBNNvw3HF45lLn2t0aXmTtoJoO
GFKmA9sGwyEemg0l1aLGa5fWJC9nzSGTrjbAaDVIdz9x9S6yL34SUZcrJJL9yVpC
yTlk7kYmwCGWTuHrj6jNLb8niSeMX7gVM4NksdGh3663AEtdQ1Pm9Sc048O+w8ro
0YaIt3J6+br57n5T2qQHS5H0BIk7JHDcG00+g9KhO6hr33+Uyup5DzgRDjvgiw8U
k7/EGeDd1ySSL5cRQdrp5vh0RMJtC17suYzADsTKtSph
-----END CERTIFICATE-----