Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/RBkgRrAO-SK1QpFRlG9h6FY_zag.roa
File:                     RBkgRrAO-SK1QpFRlG9h6FY_zag.roa (raw, json)
Hash identifier:          gj4I6KlHXB/OrHZEuGeKV9cL34seV3UUQBVMpD0Ut6Q=
Subject key identifier:   44:19:20:46:B0:0E:F9:22:B5:42:91:51:94:6F:61:E8:56:3F:CD:A8
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       019980060A9FE8C025BB2D52888BB788FDF0
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/RBkgRrAO-SK1QpFRlG9h6FY_zag.roa
Signing time:             Thu 25 Sep 2025 08:38:23 +0000
ROA not before:           Thu 25 Sep 2025 08:38:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.69.120.0/22 maxlen: 22
                          185.129.208.0/22 maxlen: 22
                          185.199.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:06:0a:9f:e8:c0:25:bb:2d:52:88:8b:b7:88:fd:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Sep 25 08:38:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44192046b00ef922b5429151946f61e8563fcda8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:84:51:23:bc:69:fe:de:59:5a:ef:e8:2f:df:
                    84:9e:5a:38:d6:8a:fc:7f:c8:98:2f:ed:52:e2:89:
                    62:a5:37:ad:58:96:3b:3e:6d:b2:8b:5a:7d:4c:80:
                    33:8e:07:b2:f6:dd:cf:73:69:0c:24:2e:b8:79:03:
                    47:d2:d2:03:85:15:45:37:c8:6d:77:ad:a5:9e:2f:
                    57:38:76:18:76:4b:79:68:df:1a:9f:50:a7:4f:94:
                    da:4c:ad:a5:e5:7b:34:b3:bc:92:26:e0:35:48:b2:
                    6c:f2:56:1d:c4:91:de:da:0d:65:fb:0a:41:e3:91:
                    86:5f:0f:00:65:fe:4d:d9:8b:73:70:a7:ef:99:05:
                    b0:d3:78:70:46:bb:70:af:79:fa:55:d7:dd:f5:ce:
                    57:11:f1:cc:3c:30:43:63:7e:68:4c:a9:d6:2b:3a:
                    8c:04:74:4d:74:17:09:8a:55:16:dd:a9:3b:07:b2:
                    4c:1f:9e:c5:5c:42:39:c6:d1:74:16:47:90:af:9a:
                    dc:ae:de:e6:b3:3d:51:ef:9e:da:06:30:3d:db:60:
                    52:16:4e:c0:1e:34:ad:5e:ee:cd:0f:be:b1:a9:a1:
                    fa:32:23:3a:f4:64:ae:fc:6a:95:df:19:c9:9a:cf:
                    62:d7:3f:a4:3a:fb:5f:ec:98:8b:4f:31:d0:d1:c7:
                    9c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:19:20:46:B0:0E:F9:22:B5:42:91:51:94:6F:61:E8:56:3F:CD:A8
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/RBkgRrAO-SK1QpFRlG9h6FY_zag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.120.0/22
                  185.129.208.0/22
                  185.199.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:8a:cf:a6:d6:01:58:71:f3:74:30:81:57:e4:02:f8:b0:43:
         e5:32:55:d2:c6:e0:14:71:81:6a:63:b9:0d:19:57:0d:47:19:
         09:64:ea:09:47:b3:ef:07:0b:57:f5:a1:01:d1:cb:7b:fd:f0:
         ae:67:cd:15:4a:81:d7:69:cb:62:17:04:dd:b0:fc:cd:c1:45:
         58:21:b6:10:a7:5f:e5:be:0a:32:5b:21:d3:4c:bc:86:cb:ad:
         d3:5f:b3:b3:fa:d7:74:7a:93:ab:df:11:7a:8e:04:10:ce:08:
         09:fb:c5:97:ae:50:96:33:08:63:d5:56:53:6a:5b:7a:7b:25:
         8c:eb:c4:1d:ae:b7:a2:37:7d:02:70:a4:2e:b0:32:1a:96:96:
         69:c7:be:b8:5d:b5:d7:7c:08:04:4c:eb:05:9f:db:4b:ad:44:
         74:98:00:84:61:ce:70:0c:d6:8e:1b:67:84:ac:c0:9c:a9:7d:
         b9:71:e0:14:e3:c2:b2:85:d7:83:fc:1b:6e:c5:8b:38:fd:6e:
         6c:98:1f:3a:b6:45:28:b1:bf:3e:db:82:1f:49:29:09:fd:ea:
         1b:f4:ad:d3:94:75:15:84:df:4f:b2:bd:9a:2d:bf:1f:15:2b:
         38:b3:82:de:b3:f2:e3:0a:d9:04:ef:3f:1e:f1:3c:00:93:fd:
         5f:00:9b:1e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmABgqf6MAluy1SiIu3iP3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwOTI1MDgzODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDE5MjA0NmIwMGVmOTIyYjU0MjkxNTE5NDZmNjFlODU2M2ZjZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIRRI7xp/t5ZWu/oL9+Enlo41or8
f8iYL+1S4olipTetWJY7Pm2yi1p9TIAzjgey9t3Pc2kMJC64eQNH0tIDhRVFN8ht
d62lni9XOHYYdkt5aN8an1CnT5TaTK2l5Xs0s7ySJuA1SLJs8lYdxJHe2g1l+wpB
45GGXw8AZf5N2YtzcKfvmQWw03hwRrtwr3n6Vdfd9c5XEfHMPDBDY35oTKnWKzqM
BHRNdBcJilUW3ak7B7JMH57FXEI5xtF0FkeQr5rcrt7msz1R757aBjA922BSFk7A
HjStXu7ND76xqaH6MiM69GSu/GqV3xnJms9i1z+kOvtf7JiLTzHQ0cec6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEQZIEawDvkitUKRUZRvYehWP82oMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvUkJrZ1JyQU8tU0sxUXBGUmxHOWg2RllfemFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuUV4AwQC
uYHQAwQCucfEMA0GCSqGSIb3DQEBCwUAA4IBAQAOis+m1gFYcfN0MIFX5AL4sEPl
MlXSxuAUcYFqY7kNGVcNRxkJZOoJR7PvBwtX9aEB0ct7/fCuZ80VSoHXactiFwTd
sPzNwUVYIbYQp1/lvgoyWyHTTLyGy63TX7Oz+td0epOr3xF6jgQQzggJ+8WXrlCW
Mwhj1VZTalt6eyWM68QdrreiN30CcKQusDIalpZpx764XbXXfAgETOsFn9tLrUR0
mACEYc5wDNaOG2eErMCcqX25ceAU48KyhdeD/BtuxYs4/W5smB86tkUosb8+24If
SSkJ/eob9K3TlHUVhN9Psr2aLb8fFSs4s4Les/LjCtkE7z8e8TwAk/1fAJse
-----END CERTIFICATE-----