Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZCVtB8725E04xja-A_7tFv0UGbA.roa
File:                     ZCVtB8725E04xja-A_7tFv0UGbA.roa (raw, json)
Hash identifier:          G23IAdwlc1DMlMrfpBBsuDs0R5mxQSfAIypWEkTSgDc=
Subject key identifier:   64:25:6D:07:CE:F6:E4:4D:38:C6:36:BE:03:FE:ED:16:FD:14:19:B0
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       0199B42EA91A9B99AF1D3F9E8C906EF00AD3
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZCVtB8725E04xja-A_7tFv0UGbA.roa
Signing time:             Sun 05 Oct 2025 11:43:00 +0000
ROA not before:           Sun 05 Oct 2025 11:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        217.147.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b4:2e:a9:1a:9b:99:af:1d:3f:9e:8c:90:6e:f0:0a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Oct  5 11:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64256d07cef6e44d38c636be03feed16fd1419b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c4:7d:e1:b8:c7:00:ca:7e:f9:55:29:49:28:
                    a0:b4:b1:5f:6e:69:ea:f1:d9:0e:38:3f:6d:87:be:
                    c3:f6:ea:33:38:d9:06:43:19:11:6f:67:6f:28:6d:
                    39:9e:4e:68:45:6c:e3:02:f2:63:fb:30:19:ba:f9:
                    4e:91:5d:d7:ec:4f:93:5e:49:9b:e8:cd:78:9d:a7:
                    4e:fc:17:c0:67:77:39:2b:a0:10:97:d7:e7:25:10:
                    7a:9b:5d:fe:a3:2b:09:f8:98:2e:4c:87:64:66:a6:
                    e0:84:79:9d:a8:fa:fb:c5:f4:82:dc:99:58:b6:90:
                    43:2f:58:b2:04:13:12:7d:8e:9b:f7:9e:0e:ca:d0:
                    f4:fc:e8:d3:32:a6:ea:2b:cc:29:f2:71:94:70:db:
                    d7:45:c2:de:24:ec:9a:a1:36:3f:29:ac:c4:f2:1f:
                    ec:04:9e:dc:6e:ac:eb:a3:85:ef:c0:1d:4f:3c:01:
                    c3:8c:7f:43:4e:b2:fa:fd:d8:10:ce:d8:cf:d1:9d:
                    01:94:3c:12:ee:f0:bd:9c:91:ce:d4:d7:55:ff:bb:
                    8e:c9:dd:b7:a3:a8:4e:75:08:a5:42:a4:7b:80:3e:
                    4d:80:de:14:73:72:56:b4:8c:f8:4b:d8:55:8f:e0:
                    e1:77:e2:c0:77:d8:2d:8a:87:98:03:1c:78:bc:47:
                    3a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:25:6D:07:CE:F6:E4:4D:38:C6:36:BE:03:FE:ED:16:FD:14:19:B0
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZCVtB8725E04xja-A_7tFv0UGbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:1d:05:0a:27:7c:17:d0:1b:dc:02:33:31:4d:ab:10:2d:08:
         9d:e8:ef:52:ad:a1:f0:ad:45:0f:d2:65:b5:6c:f4:96:6c:cc:
         c6:23:dd:56:e4:19:4b:9c:18:8b:5b:cd:18:06:23:0b:85:f0:
         c9:6f:6d:0e:32:9a:00:89:0a:e2:fd:45:ba:8a:28:78:d4:83:
         5b:fe:ea:85:78:7e:5c:0a:6e:bc:53:fa:fa:e3:36:71:8a:55:
         11:49:4c:79:21:6e:35:ac:95:07:f0:d6:76:0e:cc:1c:67:70:
         36:98:39:30:07:b1:cc:1b:ad:73:30:f4:16:ca:99:24:50:62:
         7b:9e:80:a1:9a:d8:9b:b1:09:a0:72:20:a0:3a:85:09:28:70:
         08:c1:dd:f3:24:20:06:36:f2:60:5c:9c:a0:20:33:24:19:9d:
         7d:09:a4:c8:20:c8:f3:cf:73:4c:6d:c9:19:b4:82:3e:ff:0e:
         e6:3d:46:6b:eb:7a:1b:e6:9e:d8:92:ca:c6:29:1d:38:e8:f7:
         56:5b:db:60:79:41:88:77:1e:8a:f6:20:5a:03:2c:a7:0a:6c:
         4b:bd:0d:f3:0d:ae:ca:ad:18:5a:db:e8:62:5d:ad:c8:a5:56:
         42:af:63:7d:b5:ac:4f:1e:b9:4d:51:f8:66:06:da:28:93:19:
         43:bc:63:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm0Lqkam5mvHT+ejJBu8ArTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjUxMDA1MTE0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI1NmQwN2NlZjZlNDRkMzhjNjM2YmUwM2ZlZWQxNmZkMTQxOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucR94bjHAMp++VUpSSigtLFfbmnq
8dkOOD9th77D9uozONkGQxkRb2dvKG05nk5oRWzjAvJj+zAZuvlOkV3X7E+TXkmb
6M14nadO/BfAZ3c5K6AQl9fnJRB6m13+oysJ+JguTIdkZqbghHmdqPr7xfSC3JlY
tpBDL1iyBBMSfY6b954OytD0/OjTMqbqK8wp8nGUcNvXRcLeJOyaoTY/KazE8h/s
BJ7cbqzro4XvwB1PPAHDjH9DTrL6/dgQztjP0Z0BlDwS7vC9nJHO1NdV/7uOyd23
o6hOdQilQqR7gD5NgN4Uc3JWtIz4S9hVj+Dhd+LAd9gtioeYAxx4vEc6AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQlbQfO9uRNOMY2vgP+7Rb9FBmwMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvWkNWdEI4NzI1RTA0eGphLUFfN3RGdjBVR2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQCJHQUKJ3wX0BvcAjMxTasQLQid6O9SraHwrUUP0mW1
bPSWbMzGI91W5BlLnBiLW80YBiMLhfDJb20OMpoAiQri/UW6iih41INb/uqFeH5c
Cm68U/r64zZxilURSUx5IW41rJUH8NZ2DswcZ3A2mDkwB7HMG61zMPQWypkkUGJ7
noChmtibsQmgciCgOoUJKHAIwd3zJCAGNvJgXJygIDMkGZ19CaTIIMjzz3NMbckZ
tII+/w7mPUZr63ob5p7YksrGKR046PdWW9tgeUGIdx6K9iBaAyynCmxLvQ3zDa7K
rRha2+hiXa3IpVZCr2N9taxPHrlNUfhmBtookxlDvGO7
-----END CERTIFICATE-----