Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/zzlsF4Xp-2g3kdOzD_AQotPWeq0.roa
File:                     zzlsF4Xp-2g3kdOzD_AQotPWeq0.roa (raw, json)
Hash identifier:          6twY1FP2v5Tf8Xd5vkvELq4q/kv6AMQbmenIZQFKoDk=
Subject key identifier:   CF:39:6C:17:85:E9:FB:68:37:91:D3:B3:0F:F0:10:A2:D3:D6:7A:AD
Certificate issuer:       /CN=2062c9c12c08a7959812b34d317d7782b3d82f05
Certificate serial:       019C8F459331C1051B764DFBAC60CBFE109D
Authority key identifier: 20:62:C9:C1:2C:08:A7:95:98:12:B3:4D:31:7D:77:82:B3:D8:2F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IGLJwSwIp5WYErNNMX13grPYLwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/zzlsF4Xp-2g3kdOzD_AQotPWeq0.roa
Signing time:             Tue 24 Feb 2026 10:50:27 +0000
ROA not before:           Tue 24 Feb 2026 10:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56320
IP address blocks:        46.226.176.0/21 maxlen: 24
                          185.116.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/IGLJwSwIp5WYErNNMX13grPYLwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/IGLJwSwIp5WYErNNMX13grPYLwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IGLJwSwIp5WYErNNMX13grPYLwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:45:93:31:c1:05:1b:76:4d:fb:ac:60:cb:fe:10:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2062c9c12c08a7959812b34d317d7782b3d82f05
        Validity
            Not Before: Feb 24 10:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf396c1785e9fb683791d3b30ff010a2d3d67aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9b:f2:08:05:ec:8b:1a:43:94:fc:1d:f2:e2:
                    bd:f5:32:63:22:07:25:a6:c9:64:23:49:d5:34:e9:
                    f6:f4:c6:d5:3d:42:6f:e3:86:ca:9c:66:7f:04:3a:
                    a6:0a:9c:0b:bd:94:0f:4d:31:cc:2f:c8:0e:54:00:
                    1d:5d:32:57:20:99:52:29:93:a9:20:a7:69:e3:10:
                    38:33:36:8e:b2:f6:27:1c:84:08:8a:a8:1a:e7:29:
                    80:77:3b:b5:a9:f0:d9:e7:f0:84:f4:b3:c9:c6:47:
                    9f:29:71:ef:51:bb:17:20:31:43:62:a7:5c:aa:9a:
                    6a:f5:e1:8d:44:0a:6f:6a:b5:61:f2:48:13:83:f9:
                    47:d1:2b:9b:56:7a:df:c6:15:ec:fd:86:38:a5:5b:
                    69:f8:7d:ae:3c:87:75:a0:9f:03:1d:70:de:df:52:
                    e4:38:fd:11:e1:d8:cf:8f:dd:3f:e4:4d:d6:81:e7:
                    d0:a6:4d:2e:07:1b:65:82:2e:0c:89:d0:f3:de:94:
                    7d:ca:e3:d2:60:45:7e:0a:e9:c3:ed:e6:0a:57:f7:
                    5e:24:87:54:08:dc:6c:e2:8c:30:53:62:89:a0:ae:
                    7c:22:57:0b:b5:fe:8b:73:7c:16:20:7b:d8:85:a8:
                    73:24:41:cf:62:2d:44:70:d1:c6:35:df:c2:f8:f2:
                    48:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:39:6C:17:85:E9:FB:68:37:91:D3:B3:0F:F0:10:A2:D3:D6:7A:AD
            X509v3 Authority Key Identifier:
                keyid:20:62:C9:C1:2C:08:A7:95:98:12:B3:4D:31:7D:77:82:B3:D8:2F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IGLJwSwIp5WYErNNMX13grPYLwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/zzlsF4Xp-2g3kdOzD_AQotPWeq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d90eaf-3453-48cf-bd6d-874c438270d2/1/IGLJwSwIp5WYErNNMX13grPYLwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.176.0/21
                  185.116.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:12:a3:64:e9:f6:70:54:df:64:a5:42:34:d1:a2:ed:65:9a:
         f7:d9:93:c3:f7:9e:d3:52:28:fc:be:01:dc:f3:94:c2:a2:4e:
         bc:0b:8e:07:75:e1:f8:95:bb:df:dc:4a:9e:95:1a:ef:95:a5:
         21:d3:3b:ea:20:52:07:80:e8:44:ad:7f:d7:cc:e6:ab:d5:46:
         13:44:fe:d0:5d:c7:96:25:75:e2:eb:56:a9:2a:71:2d:65:52:
         3c:a3:92:19:3f:2a:ef:c7:80:af:20:74:09:03:be:4f:e3:93:
         9e:19:9c:77:49:74:dd:c1:2d:b5:26:0f:51:6a:df:d8:c2:79:
         e7:dd:8f:82:0a:54:2b:4a:8e:a1:a7:ac:8a:2e:12:99:52:59:
         2a:27:07:3d:cd:bf:12:23:4d:c5:ec:e2:a7:89:eb:22:84:53:
         9d:30:6c:46:eb:8f:1e:95:2e:8f:aa:c7:d5:bf:e8:e4:93:f9:
         bb:55:49:dc:ca:3c:52:2f:69:89:73:63:22:09:9d:7d:a5:4a:
         6f:2b:14:b3:33:9a:ee:2f:81:6d:42:c2:e3:a7:b6:47:77:fd:
         e7:b2:e2:8d:bc:6d:ec:e1:81:82:ef:ea:0c:6d:b7:6f:ec:18:
         42:66:31:dd:1b:2f:9a:b2:35:7e:d4:82:d1:ac:03:54:fc:9a:
         97:86:93:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyPRZMxwQUbdk37rGDL/hCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNjJjOWMxMmMwOGE3OTU5ODEyYjM0ZDMxN2Q3NzgyYjNk
ODJmMDUwHhcNMjYwMjI0MTA1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjM5NmMxNzg1ZTlmYjY4Mzc5MWQzYjMwZmYwMTBhMmQzZDY3YWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZvyCAXsixpDlPwd8uK99TJjIgcl
pslkI0nVNOn29MbVPUJv44bKnGZ/BDqmCpwLvZQPTTHML8gOVAAdXTJXIJlSKZOp
IKdp4xA4MzaOsvYnHIQIiqga5ymAdzu1qfDZ5/CE9LPJxkefKXHvUbsXIDFDYqdc
qppq9eGNRApvarVh8kgTg/lH0SubVnrfxhXs/YY4pVtp+H2uPId1oJ8DHXDe31Lk
OP0R4djPj90/5E3WgefQpk0uBxtlgi4MidDz3pR9yuPSYEV+CunD7eYKV/deJIdU
CNxs4owwU2KJoK58IlcLtf6Lc3wWIHvYhahzJEHPYi1EcNHGNd/C+PJI6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM85bBeF6ftoN5HTsw/wEKLT1nqtMB8GA1UdIwQY
MBaAFCBiycEsCKeVmBKzTTF9d4Kz2C8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUdMSndTd0lwNVdZRXJOTk1YMTNnclBZTHdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9kOTBlYWYtMzQ1My00OGNmLWJkNmQt
ODc0YzQzODI3MGQyLzEvenpsc0Y0WHAtMmcza2RPekRfQVFvdFBXZXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9kOTBlYWYtMzQ1My00OGNmLWJkNmQtODc0YzQzODI3MGQy
LzEvSUdMSndTd0lwNVdZRXJOTk1YMTNnclBZTHdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLuKwAwQC
uXRUMA0GCSqGSIb3DQEBCwUAA4IBAQBTEqNk6fZwVN9kpUI00aLtZZr32ZPD957T
Uij8vgHc85TCok68C44HdeH4lbvf3EqelRrvlaUh0zvqIFIHgOhErX/XzOar1UYT
RP7QXceWJXXi61apKnEtZVI8o5IZPyrvx4CvIHQJA75P45OeGZx3SXTdwS21Jg9R
at/Ywnnn3Y+CClQrSo6hp6yKLhKZUlkqJwc9zb8SI03F7OKniesihFOdMGxG648e
lS6PqsfVv+jkk/m7VUncyjxSL2mJc2MiCZ19pUpvKxSzM5ruL4FtQsLjp7ZHd/3n
suKNvG3s4YGC7+oMbbdv7BhCZjHdGy+asjV+1ILRrANU/JqXhpNk
-----END CERTIFICATE-----