Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Z1mAh7dnk6Rh8hMBVveYuVVKQhw.roa
File:                     Z1mAh7dnk6Rh8hMBVveYuVVKQhw.roa (raw, json)
Hash identifier:          c4iSRYoWCrKro/VyPAI3QKrwxaiFQdNixwwM9DnplJk=
Subject key identifier:   67:59:80:87:B7:67:93:A4:61:F2:13:01:56:F7:98:B9:55:4A:42:1C
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0199E8F427A9E41B39C307C484677066BE16
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Z1mAh7dnk6Rh8hMBVveYuVVKQhw.roa
Signing time:             Wed 15 Oct 2025 17:38:58 +0000
ROA not before:           Wed 15 Oct 2025 17:38:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63018
IP address blocks:        213.182.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:f4:27:a9:e4:1b:39:c3:07:c4:84:67:70:66:be:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Oct 15 17:38:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67598087b76793a461f2130156f798b9554a421c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2b:85:e9:a9:33:84:7f:03:1c:59:2a:49:4c:
                    8a:e8:2f:54:e6:be:dd:df:7d:03:46:d9:b0:35:d0:
                    d2:fc:1d:e3:f2:93:3f:77:d7:dc:80:a4:8e:5a:80:
                    f9:6b:a0:e5:51:2e:e3:ac:54:70:90:74:56:8e:17:
                    8b:a7:88:30:a3:3a:73:36:16:dd:a5:b0:20:e0:aa:
                    5c:72:3a:fb:25:16:0e:af:1c:3a:41:86:63:17:6a:
                    a1:25:1e:3e:7b:d3:78:71:f6:af:e2:cf:c5:6a:39:
                    8a:b7:f2:b0:ac:f4:12:ad:76:92:41:a3:49:dc:58:
                    8d:0b:e3:b9:ac:ee:98:1f:96:4b:c1:6d:7b:fd:11:
                    f1:80:11:d0:bd:39:84:d6:e3:98:cd:e2:97:3b:fc:
                    1c:b0:28:1a:5a:64:fe:07:a3:46:c6:59:5e:04:73:
                    c7:dc:07:4d:19:5d:90:b3:d7:ee:d1:3e:78:12:22:
                    67:90:2a:08:4c:5e:a7:68:69:95:f0:12:77:f7:bb:
                    68:e2:e2:49:e4:99:fb:6a:fb:76:73:90:cf:94:5b:
                    d7:6c:20:47:c5:2a:6c:f8:c3:26:97:76:34:ff:bb:
                    13:cc:2e:f4:90:1f:cc:34:5f:32:a9:64:f9:fb:47:
                    1b:74:07:39:d8:36:65:d8:71:59:70:b1:45:33:04:
                    5f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:59:80:87:B7:67:93:A4:61:F2:13:01:56:F7:98:B9:55:4A:42:1C
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Z1mAh7dnk6Rh8hMBVveYuVVKQhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:11:6f:81:85:66:80:5d:07:ca:c8:cf:33:4a:aa:fd:70:55:
         6d:5b:70:de:55:d3:c6:9a:ef:3a:14:83:37:ed:2f:bb:4c:d7:
         6a:e9:a1:18:92:20:f7:08:35:4b:d5:ea:a3:f8:65:19:fb:2f:
         56:a3:6f:41:64:c7:35:1f:36:37:cc:82:52:5b:5c:0a:10:3d:
         6b:03:30:28:c6:29:5c:89:22:ce:1e:6f:0d:34:9f:fb:9c:62:
         1b:f2:ad:76:75:e9:a6:0a:4c:0f:96:8f:5a:2b:1d:8e:c2:ae:
         07:2e:d8:81:7d:dd:83:56:98:75:af:39:f2:10:c3:f9:a8:e2:
         d2:28:1f:10:b8:c5:95:74:40:a6:6e:3e:33:3a:13:ea:ea:88:
         2d:72:83:8b:16:71:de:f0:10:eb:69:5c:d8:30:4e:12:d1:8b:
         28:b3:a5:2a:27:1d:c1:99:84:f8:64:8a:ce:93:c8:d7:f7:73:
         a5:f9:b3:90:dc:73:93:2b:00:d4:4d:3e:a6:70:f1:4b:f7:b2:
         82:5e:80:c1:ae:17:e2:48:cb:4b:fc:c8:39:d1:65:66:99:50:
         dc:a2:3b:f2:7f:38:c1:e2:22:27:60:c0:8c:a8:c7:b2:28:6a:
         eb:bd:47:60:4d:e3:29:15:94:b8:58:e4:32:bc:10:08:3a:86:
         52:e0:8b:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZno9Cep5Bs5wwfEhGdwZr4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUxMDE1MTczODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzU5ODA4N2I3Njc5M2E0NjFmMjEzMDE1NmY3OThiOTU1NGE0MjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSuF6akzhH8DHFkqSUyK6C9U5r7d
330DRtmwNdDS/B3j8pM/d9fcgKSOWoD5a6DlUS7jrFRwkHRWjheLp4gwozpzNhbd
pbAg4Kpccjr7JRYOrxw6QYZjF2qhJR4+e9N4cfav4s/FajmKt/KwrPQSrXaSQaNJ
3FiNC+O5rO6YH5ZLwW17/RHxgBHQvTmE1uOYzeKXO/wcsCgaWmT+B6NGxlleBHPH
3AdNGV2Qs9fu0T54EiJnkCoITF6naGmV8BJ397to4uJJ5Jn7avt2c5DPlFvXbCBH
xSps+MMml3Y0/7sTzC70kB/MNF8yqWT5+0cbdAc52DZl2HFZcLFFMwRfVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdZgIe3Z5OkYfITAVb3mLlVSkIcMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvWjFtQWg3ZG5rNlJoOGhNQlZ2ZVl1VlZLUWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bbcMA0G
CSqGSIb3DQEBCwUAA4IBAQA4EW+BhWaAXQfKyM8zSqr9cFVtW3DeVdPGmu86FIM3
7S+7TNdq6aEYkiD3CDVL1eqj+GUZ+y9Wo29BZMc1HzY3zIJSW1wKED1rAzAoxilc
iSLOHm8NNJ/7nGIb8q12demmCkwPlo9aKx2Owq4HLtiBfd2DVph1rznyEMP5qOLS
KB8QuMWVdECmbj4zOhPq6ogtcoOLFnHe8BDraVzYME4S0Ysos6UqJx3BmYT4ZIrO
k8jX93Ol+bOQ3HOTKwDUTT6mcPFL97KCXoDBrhfiSMtL/Mg50WVmmVDcojvyfzjB
4iInYMCMqMeyKGrrvUdgTeMpFZS4WOQyvBAIOoZS4IsH
-----END CERTIFICATE-----