Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZzgaL7A01dcMOD_XwwpOsP_Nmq8.roa
File:                     ZzgaL7A01dcMOD_XwwpOsP_Nmq8.roa (raw, json)
Hash identifier:          b8ONrr0wS8Jl0ma8vba+BFpSB6aetp2EL6B1puYeNr8=
Subject key identifier:   67:38:1A:2F:B0:34:D5:D7:0C:38:3F:D7:C3:0A:4E:B0:FF:CD:9A:AF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DD495F470434E5235C3AFA6EEB857CE77
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZzgaL7A01dcMOD_XwwpOsP_Nmq8.roa
Signing time:             Tue 28 Apr 2026 14:54:50 +0000
ROA not before:           Tue 28 Apr 2026 14:54:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        151.241.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:95:f4:70:43:4e:52:35:c3:af:a6:ee:b8:57:ce:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 28 14:54:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67381a2fb034d5d70c383fd7c30a4eb0ffcd9aaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ec:38:14:5c:3b:37:5c:ca:ff:ed:fc:53:43:
                    56:b8:c8:ae:30:35:99:cc:f7:a9:14:12:ba:3e:b7:
                    2c:8d:cf:10:45:b1:b2:e2:73:1c:97:19:db:e6:a4:
                    25:0f:6d:2e:34:a0:18:a8:aa:59:e3:a2:77:7e:f0:
                    21:e9:35:86:fe:06:66:bb:88:bd:dd:15:2c:d6:f1:
                    e0:60:fa:3d:1e:9b:0d:c6:6d:84:16:3e:e3:57:9d:
                    83:f3:21:e0:15:3a:87:e7:9a:0d:81:8b:27:f6:87:
                    7b:93:6e:5d:34:fc:a8:d0:cd:8c:76:2c:d1:87:53:
                    03:75:5c:75:10:50:bf:55:ff:82:19:bc:e2:13:45:
                    b8:e3:ab:33:e0:dd:c1:8c:fa:bc:3a:48:e0:dc:8c:
                    88:c2:57:71:35:22:d8:ac:f4:8c:32:ac:ae:1c:c2:
                    0f:ad:9c:a3:1e:bb:8e:a1:c3:fc:e8:54:6e:b4:7a:
                    66:a2:ba:61:4e:96:2f:c9:7d:e8:3e:0d:ea:e6:ab:
                    68:96:5f:1b:a9:5f:69:35:f5:ae:a4:39:60:f5:c1:
                    85:2b:44:0d:a6:ce:e2:54:ec:45:a5:ef:9b:11:b6:
                    b2:d6:9b:97:5b:f1:91:0c:be:20:a9:ad:ad:d1:bb:
                    20:13:10:c4:68:a0:e7:65:ed:48:15:de:02:2b:80:
                    cc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:38:1A:2F:B0:34:D5:D7:0C:38:3F:D7:C3:0A:4E:B0:FF:CD:9A:AF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZzgaL7A01dcMOD_XwwpOsP_Nmq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:32:56:22:e4:17:c2:1f:52:b2:76:24:ea:84:75:b0:9b:83:
         4a:f1:fd:7b:0b:c7:55:d3:be:23:c2:bf:14:08:e4:28:5b:e1:
         ba:e1:05:d9:e1:a3:e0:7d:89:c1:1a:d7:ae:5b:b9:b6:c3:af:
         ec:c9:f5:aa:3e:1e:fc:e7:55:70:41:e4:30:60:c8:b7:c6:75:
         9d:f9:f2:f5:39:77:64:75:cf:1c:d7:d4:fd:5e:79:3c:8c:c3:
         7c:a2:e7:d7:e6:ba:91:f5:0f:24:e4:48:7d:0c:b2:60:62:7c:
         67:82:6a:9b:d2:9d:6c:b1:31:3c:38:db:09:59:6c:d0:ad:1a:
         1f:40:ac:4e:47:59:d5:6c:98:eb:13:f9:a6:c1:cc:97:e5:3c:
         86:6b:de:06:cb:bf:85:72:72:60:31:7a:c1:b1:da:7d:41:af:
         07:be:8a:b7:b7:80:2e:a0:64:92:c2:a4:36:f5:00:f2:d6:86:
         41:eb:3b:15:a6:24:a0:9b:80:cf:7d:1b:d0:87:e2:5a:77:94:
         62:5e:83:c4:06:30:31:50:a8:ed:0c:a4:5b:53:de:0b:ac:74:
         d4:43:24:f0:ba:2b:40:d8:78:10:d2:51:fc:36:e4:fd:8b:0e:
         ea:42:28:0c:44:4f:53:3d:d7:84:42:8e:5d:8a:26:cf:78:22:
         9f:f1:37:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UlfRwQ05SNcOvpu64V853MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDI4MTQ1NDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM4MWEyZmIwMzRkNWQ3MGMzODNmZDdjMzBhNGViMGZmY2Q5YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+w4FFw7N1zK/+38U0NWuMiuMDWZ
zPepFBK6Prcsjc8QRbGy4nMclxnb5qQlD20uNKAYqKpZ46J3fvAh6TWG/gZmu4i9
3RUs1vHgYPo9HpsNxm2EFj7jV52D8yHgFTqH55oNgYsn9od7k25dNPyo0M2MdizR
h1MDdVx1EFC/Vf+CGbziE0W446sz4N3BjPq8Okjg3IyIwldxNSLYrPSMMqyuHMIP
rZyjHruOocP86FRutHpmorphTpYvyX3oPg3q5qtoll8bqV9pNfWupDlg9cGFK0QN
ps7iVOxFpe+bEbay1puXW/GRDL4gqa2t0bsgExDEaKDnZe1IFd4CK4DM+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc4Gi+wNNXXDDg/18MKTrD/zZqvMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWnpnYUw3QTAxZGNNT0RfWHd3cE9zUF9ObXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/GeMA0G
CSqGSIb3DQEBCwUAA4IBAQAgMlYi5BfCH1KydiTqhHWwm4NK8f17C8dV074jwr8U
COQoW+G64QXZ4aPgfYnBGteuW7m2w6/syfWqPh7851VwQeQwYMi3xnWd+fL1OXdk
dc8c19T9Xnk8jMN8oufX5rqR9Q8k5Eh9DLJgYnxngmqb0p1ssTE8ONsJWWzQrRof
QKxOR1nVbJjrE/mmwcyX5TyGa94Gy7+FcnJgMXrBsdp9Qa8Hvoq3t4AuoGSSwqQ2
9QDy1oZB6zsVpiSgm4DPfRvQh+Jad5RiXoPEBjAxUKjtDKRbU94LrHTUQyTwuitA
2HgQ0lH8NuT9iw7qQigMRE9TPdeEQo5diibPeCKf8Tel
-----END CERTIFICATE-----