Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/zZFMBY-vtS-_iOLRNRnhU51Vas8.roa
File:                     zZFMBY-vtS-_iOLRNRnhU51Vas8.roa (raw, json)
Hash identifier:          s23taZmL6D/J5bfrJpfCP1J8Y6gIlBQ0Q9KqDNbhx3E=
Subject key identifier:   CD:91:4C:05:8F:AF:B5:2F:BF:88:E2:D1:35:19:E1:53:9D:55:6A:CF
Certificate issuer:       /CN=2182cd3ac5c4db67ea731a6b7198b7d6e4ff115c
Certificate serial:       0199AAC41AD0BCEF407BF8A8A2C1805563D0
Authority key identifier: 21:82:CD:3A:C5:C4:DB:67:EA:73:1A:6B:71:98:B7:D6:E4:FF:11:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/zZFMBY-vtS-_iOLRNRnhU51Vas8.roa
Signing time:             Fri 03 Oct 2025 15:50:02 +0000
ROA not before:           Fri 03 Oct 2025 15:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211262
IP address blocks:        37.252.220.0/24 maxlen: 24
                          2a05:5180::/29 maxlen: 64
                          2a05:5180::/48 maxlen: 48
                          2a05:5180:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:aa:c4:1a:d0:bc:ef:40:7b:f8:a8:a2:c1:80:55:63:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2182cd3ac5c4db67ea731a6b7198b7d6e4ff115c
        Validity
            Not Before: Oct  3 15:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd914c058fafb52fbf88e2d13519e1539d556acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:99:2a:c4:61:d9:85:be:66:09:d9:33:91:20:
                    30:ae:ce:d2:57:82:b3:5c:4c:46:46:1a:c5:fb:45:
                    ef:f5:cb:42:23:b7:b4:a9:75:01:ef:1c:8d:2c:74:
                    e9:28:54:2b:c6:a0:2c:7f:85:1c:40:40:cf:f7:ec:
                    47:06:3a:68:c8:5e:d9:32:95:72:39:88:b8:4d:76:
                    62:72:e4:c8:e6:cf:24:76:a7:42:b3:87:44:c2:02:
                    41:8e:58:62:45:cb:6e:ae:c1:d3:f2:93:22:68:49:
                    64:7a:87:66:f3:8a:2e:6f:6c:0e:97:3d:f9:b6:2a:
                    bc:ff:55:59:ad:89:75:1a:84:80:de:ef:bc:5e:72:
                    c8:4b:24:74:85:b8:c7:bd:ff:52:01:1b:72:e1:ce:
                    16:45:49:b4:ac:4d:89:50:17:09:92:da:7e:e3:83:
                    d2:ea:9a:c2:cd:57:55:93:a7:d7:20:a5:53:23:48:
                    51:44:93:47:19:29:94:84:ca:3a:b5:d7:e7:21:f0:
                    55:ef:dd:ad:6a:03:a5:50:a9:88:44:b9:4d:d5:42:
                    cf:3c:cb:88:98:bb:35:46:97:5b:81:94:fb:2c:cb:
                    ce:e9:f1:1c:34:80:d2:68:82:9f:3a:e5:5b:48:54:
                    c9:0c:66:16:60:78:87:a6:fa:22:97:3f:72:69:5b:
                    d9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:91:4C:05:8F:AF:B5:2F:BF:88:E2:D1:35:19:E1:53:9D:55:6A:CF
            X509v3 Authority Key Identifier:
                keyid:21:82:CD:3A:C5:C4:DB:67:EA:73:1A:6B:71:98:B7:D6:E4:FF:11:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/zZFMBY-vtS-_iOLRNRnhU51Vas8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.220.0/24
                IPv6:
                  2a05:5180::/29

    Signature Algorithm: sha256WithRSAEncryption
         cf:d4:e7:a0:4e:5a:5b:70:85:a3:73:d3:02:f1:e2:27:57:78:
         b9:3d:b9:b6:ed:aa:21:d1:c6:b9:77:ea:91:f2:c7:f0:17:3e:
         0b:c7:4e:2f:4d:b3:ed:26:4e:8a:eb:14:db:2f:b1:60:45:80:
         b9:50:9a:25:e6:f7:44:b4:06:a4:89:a9:76:be:fd:9d:8f:fc:
         4f:33:37:c8:89:42:c5:dc:9b:00:87:96:7d:74:0a:a6:1a:50:
         d4:8d:c5:50:f1:5f:ec:94:2e:29:32:5c:69:6d:0a:ee:ac:a7:
         5f:0b:89:fc:bd:d9:e0:80:90:a9:db:d6:19:78:67:ad:a6:39:
         dd:85:0d:69:77:fd:fb:f8:27:d9:b6:fb:eb:22:51:90:02:94:
         e0:aa:ba:6e:3d:a1:e3:5b:4d:cf:b4:94:49:86:22:93:13:a4:
         ae:50:ac:5e:3d:48:0d:18:40:43:3c:ad:4b:89:cb:73:b4:90:
         2a:6d:0f:c4:36:15:aa:9d:5e:0f:49:8f:0f:72:ba:e9:50:2c:
         7d:43:63:2c:1a:11:82:a1:33:ba:60:a7:cf:77:cf:8e:93:f4:
         db:7b:e7:cf:85:cb:7f:ae:8c:62:0c:f1:5e:4b:d8:44:3b:ac:
         30:f2:e6:76:f2:03:19:28:bf:a0:04:16:3c:cf:64:7a:0a:bc:
         3b:33:6c:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmqxBrQvO9Ae/ioosGAVWPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODJjZDNhYzVjNGRiNjdlYTczMWE2YjcxOThiN2Q2ZTRm
ZjExNWMwHhcNMjUxMDAzMTU1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDkxNGMwNThmYWZiNTJmYmY4OGUyZDEzNTE5ZTE1MzlkNTU2YWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pkqxGHZhb5mCdkzkSAwrs7SV4Kz
XExGRhrF+0Xv9ctCI7e0qXUB7xyNLHTpKFQrxqAsf4UcQEDP9+xHBjpoyF7ZMpVy
OYi4TXZicuTI5s8kdqdCs4dEwgJBjlhiRctursHT8pMiaElkeodm84oub2wOlz35
tiq8/1VZrYl1GoSA3u+8XnLISyR0hbjHvf9SARty4c4WRUm0rE2JUBcJktp+44PS
6prCzVdVk6fXIKVTI0hRRJNHGSmUhMo6tdfnIfBV792tagOlUKmIRLlN1ULPPMuI
mLs1RpdbgZT7LMvO6fEcNIDSaIKfOuVbSFTJDGYWYHiHpvoilz9yaVvZcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM2RTAWPr7Uvv4ji0TUZ4VOdVWrPMB8GA1UdIwQY
MBaAFCGCzTrFxNtn6nMaa3GYt9bk/xFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlMTk9zWEUyMmZxY3hwcmNaaTMxdVRfRVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yZmFlYjUtNmExZC00YTEzLWJhMWYt
NDY2M2JjOWRhOTY0LzEvelpGTUJZLXZ0Uy1faU9MUk5SbmhVNTFWYXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yZmFlYjUtNmExZC00YTEzLWJhMWYtNDY2M2JjOWRhOTY0
LzEvSVlMTk9zWEUyMmZxY3hwcmNaaTMxdVRfRVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJfzcMA0E
AgACMAcDBQMqBVGAMA0GCSqGSIb3DQEBCwUAA4IBAQDP1OegTlpbcIWjc9MC8eIn
V3i5Pbm27aoh0ca5d+qR8sfwFz4Lx04vTbPtJk6K6xTbL7FgRYC5UJol5vdEtAak
ial2vv2dj/xPMzfIiULF3JsAh5Z9dAqmGlDUjcVQ8V/slC4pMlxpbQrurKdfC4n8
vdnggJCp29YZeGetpjndhQ1pd/37+CfZtvvrIlGQApTgqrpuPaHjW03PtJRJhiKT
E6SuUKxePUgNGEBDPK1LictztJAqbQ/ENhWqnV4PSY8PcrrpUCx9Q2MsGhGCoTO6
YKfPd8+Ok/Tbe+fPhct/roxiDPFeS9hEO6ww8uZ28gMZKL+gBBY8z2R6Crw7M2x7
-----END CERTIFICATE-----