Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/dzwsdq_p19qeWq1sVjAo8n8DF3A.roa
File:                     dzwsdq_p19qeWq1sVjAo8n8DF3A.roa (raw, json)
Hash identifier:          ypz0q9rJFOFUluO/EXbahQLlxxipPvEZdWT5c5RYe/A=
Subject key identifier:   77:3C:2C:76:AF:E9:D7:DA:9E:5A:AD:6C:56:30:28:F2:7F:03:17:70
Certificate issuer:       /CN=dce5e02259b02f18a99d09e4bdce419c6ae0a3b8
Certificate serial:       019DAAC281387A73CED363579A8D674C8C2A
Authority key identifier: DC:E5:E0:22:59:B0:2F:18:A9:9D:09:E4:BD:CE:41:9C:6A:E0:A3:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OXgIlmwLxipnQnkvc5BnGrgo7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/dzwsdq_p19qeWq1sVjAo8n8DF3A.roa
Signing time:             Mon 20 Apr 2026 11:59:26 +0000
ROA not before:           Mon 20 Apr 2026 11:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203719
IP address blocks:        185.221.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/3OXgIlmwLxipnQnkvc5BnGrgo7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/3OXgIlmwLxipnQnkvc5BnGrgo7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OXgIlmwLxipnQnkvc5BnGrgo7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:c2:81:38:7a:73:ce:d3:63:57:9a:8d:67:4c:8c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce5e02259b02f18a99d09e4bdce419c6ae0a3b8
        Validity
            Not Before: Apr 20 11:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=773c2c76afe9d7da9e5aad6c563028f27f031770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:cf:12:6f:65:49:dd:3c:4a:45:59:76:66:64:
                    ad:64:19:ac:32:c1:47:2b:d0:8d:93:28:68:15:39:
                    05:33:02:b1:dd:3a:f5:5f:db:90:fa:74:e9:32:5e:
                    2a:de:db:62:f1:42:ce:b7:ce:08:11:29:32:a3:3b:
                    e9:87:d8:17:07:ae:c0:c8:db:25:39:c3:2e:d6:02:
                    f5:61:87:0b:d8:4f:ee:96:81:95:06:a0:78:00:9f:
                    4c:30:eb:d9:3f:3e:45:f0:a2:8a:3b:cd:15:1d:4b:
                    d2:eb:c6:56:b3:29:c5:cb:48:ac:0c:40:0b:2e:6e:
                    2e:ec:34:ff:5e:85:66:46:46:65:0c:e7:79:c7:04:
                    9b:2f:66:2f:7e:7e:ef:c1:ec:ec:e1:35:99:5a:08:
                    b3:a7:63:38:0d:f8:18:fe:71:2d:e1:85:e2:f5:0c:
                    76:f1:74:29:12:82:a4:34:1d:66:d1:60:da:39:0e:
                    74:73:00:51:d5:2d:39:f4:0f:0e:b7:21:91:fc:bd:
                    57:0a:38:09:74:e8:49:55:aa:50:51:1c:04:79:89:
                    1c:1d:e5:53:b2:44:12:6a:c8:0a:3d:68:cc:c6:3f:
                    f9:61:72:0b:c9:4a:fe:6f:08:b0:53:ff:cb:bd:8f:
                    05:18:d2:e2:1f:d8:c6:59:ea:02:f3:b4:93:a4:6f:
                    e5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3C:2C:76:AF:E9:D7:DA:9E:5A:AD:6C:56:30:28:F2:7F:03:17:70
            X509v3 Authority Key Identifier:
                keyid:DC:E5:E0:22:59:B0:2F:18:A9:9D:09:E4:BD:CE:41:9C:6A:E0:A3:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OXgIlmwLxipnQnkvc5BnGrgo7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/dzwsdq_p19qeWq1sVjAo8n8DF3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/993f7b-d970-4d0c-af35-260ff107ee75/1/3OXgIlmwLxipnQnkvc5BnGrgo7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d9:ee:f2:b8:58:de:f9:58:28:61:3d:e5:16:94:62:ea:f2:
         82:a1:78:85:0d:77:cc:aa:59:df:8b:ef:ea:cc:f7:e8:f4:ff:
         e3:e2:0d:85:3b:f7:cf:1f:4a:e6:3b:26:3f:59:42:0b:ee:41:
         e0:22:a2:22:68:a7:e0:0a:d6:21:f8:55:5a:7a:d9:79:48:70:
         62:73:0e:86:1a:c4:38:f8:86:77:a8:71:55:6d:95:02:46:e1:
         00:3f:18:b1:d9:fc:d7:da:c9:a5:bf:54:fa:0f:2b:9b:40:a8:
         7c:96:10:45:57:4b:34:46:43:f9:f5:12:d6:14:be:81:be:c8:
         3c:30:26:87:3c:38:40:e8:e1:65:1c:6d:5c:7a:eb:08:28:fd:
         dd:33:6c:84:04:37:43:65:ad:63:5f:32:66:18:35:69:7a:42:
         e1:db:fb:e6:52:f7:41:60:49:45:dc:f1:49:ea:63:3b:80:ea:
         c1:00:e7:94:c6:be:b9:01:4d:a7:49:74:a2:7c:3b:4c:ee:1b:
         8f:4a:56:a5:53:59:fa:64:85:07:c3:86:5c:39:3c:89:e8:f7:
         0a:5a:ed:a1:92:b3:07:3a:6a:51:f7:45:e6:38:10:40:2e:ee:
         ec:60:63:7c:ad:9e:4e:cb:14:72:20:11:ea:77:68:bd:93:64:
         8b:bd:75:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2qwoE4enPO02NXmo1nTIwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTVlMDIyNTliMDJmMThhOTlkMDllNGJkY2U0MTljNmFl
MGEzYjgwHhcNMjYwNDIwMTE1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNjMmM3NmFmZTlkN2RhOWU1YWFkNmM1NjMwMjhmMjdmMDMxNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy88Sb2VJ3TxKRVl2ZmStZBmsMsFH
K9CNkyhoFTkFMwKx3Tr1X9uQ+nTpMl4q3tti8ULOt84IESkyozvph9gXB67AyNsl
OcMu1gL1YYcL2E/uloGVBqB4AJ9MMOvZPz5F8KKKO80VHUvS68ZWsynFy0isDEAL
Lm4u7DT/XoVmRkZlDOd5xwSbL2Yvfn7vwezs4TWZWgizp2M4DfgY/nEt4YXi9Qx2
8XQpEoKkNB1m0WDaOQ50cwBR1S059A8OtyGR/L1XCjgJdOhJVapQURwEeYkcHeVT
skQSasgKPWjMxj/5YXILyUr+bwiwU//LvY8FGNLiH9jGWeoC87STpG/l1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc8LHav6dfanlqtbFYwKPJ/AxdwMB8GA1UdIwQY
MBaAFNzl4CJZsC8YqZ0J5L3OQZxq4KO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09YZ0lsbXdMeGlwblFua3ZjNUJuR3JnbzdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS85OTNmN2ItZDk3MC00ZDBjLWFmMzUt
MjYwZmYxMDdlZTc1LzEvZHp3c2RxX3AxOXFlV3Exc1ZqQW84bjhERjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS85OTNmN2ItZDk3MC00ZDBjLWFmMzUtMjYwZmYxMDdlZTc1
LzEvM09YZ0lsbXdMeGlwblFua3ZjNUJuR3JnbzdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0+MA0G
CSqGSIb3DQEBCwUAA4IBAQBu2e7yuFje+VgoYT3lFpRi6vKCoXiFDXfMqlnfi+/q
zPfo9P/j4g2FO/fPH0rmOyY/WUIL7kHgIqIiaKfgCtYh+FVaetl5SHBicw6GGsQ4
+IZ3qHFVbZUCRuEAPxix2fzX2smlv1T6DyubQKh8lhBFV0s0RkP59RLWFL6Bvsg8
MCaHPDhA6OFlHG1ceusIKP3dM2yEBDdDZa1jXzJmGDVpekLh2/vmUvdBYElF3PFJ
6mM7gOrBAOeUxr65AU2nSXSifDtM7huPSlalU1n6ZIUHw4ZcOTyJ6PcKWu2hkrMH
OmpR90XmOBBALu7sYGN8rZ5OyxRyIBHqd2i9k2SLvXVj
-----END CERTIFICATE-----