Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/ZSWzfIcWSott2uw7xDHUNcCRiI8.roa
File:                     ZSWzfIcWSott2uw7xDHUNcCRiI8.roa (raw, json)
Hash identifier:          gJB/RgsBJnFME//8v1yKmshL12G13GJOzg8jBVQ4sac=
Subject key identifier:   65:25:B3:7C:87:16:4A:8B:6D:DA:EC:3B:C4:31:D4:35:C0:91:88:8F
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019CF1F3C1471F693CB74DC5530F2F677151
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/ZSWzfIcWSott2uw7xDHUNcCRiI8.roa
Signing time:             Sun 15 Mar 2026 14:43:29 +0000
ROA not before:           Sun 15 Mar 2026 14:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        84.55.11.0/24 maxlen: 24
                          84.55.16.0/24 maxlen: 24
                          84.55.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:f3:c1:47:1f:69:3c:b7:4d:c5:53:0f:2f:67:71:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 15 14:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6525b37c87164a8b6ddaec3bc431d435c091888f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:70:a8:59:72:6c:06:e9:2c:bb:56:ab:e2:ca:
                    09:91:8a:92:28:5d:e5:e1:38:0c:fd:f0:05:f5:65:
                    be:b1:d6:5f:c8:c5:70:31:de:05:24:29:84:ae:6f:
                    40:2e:55:55:0a:d0:d8:67:da:6c:c9:85:07:d3:88:
                    6d:c7:6f:9c:81:db:c6:53:3c:a9:71:bf:c2:ab:29:
                    dd:aa:3d:ce:5e:59:40:27:de:9b:6e:21:f0:71:70:
                    5b:6c:ad:35:79:1c:17:e3:11:c5:62:3c:68:f3:62:
                    69:09:80:87:90:de:e6:8e:31:76:b2:cf:d4:49:7f:
                    fd:9e:d4:d2:3e:8d:f6:4d:5a:8f:60:88:c6:5f:13:
                    aa:ae:22:9c:e2:f6:28:54:cf:f6:f5:8d:28:80:80:
                    b1:d3:4b:2f:03:85:72:b7:9a:20:88:c7:d6:1e:ce:
                    7f:df:e0:e9:4a:e7:23:00:14:9e:13:e6:11:9c:8f:
                    a2:6a:a5:15:60:9f:1a:73:a5:79:87:9e:c5:c5:f0:
                    d2:91:53:8a:59:96:e0:9b:b4:cd:bb:a3:9e:45:8b:
                    5c:91:ef:9d:5c:5f:2e:31:94:bf:2f:e8:02:4f:69:
                    02:82:f5:7e:5b:60:44:c1:78:9f:27:58:9a:bc:09:
                    e9:f4:17:5d:1e:19:fe:ce:df:6e:d2:d8:ed:7c:26:
                    17:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:25:B3:7C:87:16:4A:8B:6D:DA:EC:3B:C4:31:D4:35:C0:91:88:8F
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/ZSWzfIcWSott2uw7xDHUNcCRiI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.11.0/24
                  84.55.16.0/24
                  84.55.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:65:81:e1:cc:39:79:48:7c:58:45:65:65:03:a6:75:d0:42:
         77:ff:43:6b:c4:ef:aa:8c:15:ed:d7:99:ed:1f:fe:a0:6f:a7:
         ef:21:bd:65:a0:88:a8:a0:14:d5:a6:cd:a1:0e:e2:40:f0:9a:
         2e:9a:e8:c6:ec:cd:b4:c9:04:2a:0a:57:12:ef:26:4e:c6:2d:
         cd:9a:51:b7:d7:50:5e:0a:5b:55:2e:eb:6a:27:bb:cb:81:a0:
         38:72:2d:cb:01:32:9d:b9:6d:37:98:01:26:cc:90:42:8d:34:
         2e:d3:3a:4f:c3:c9:70:29:80:83:b6:3f:bc:09:82:ff:f0:f4:
         97:28:eb:7f:94:54:68:9c:ea:6d:34:fb:85:80:27:43:b0:0f:
         ce:5c:29:a4:a6:19:d5:c2:87:ac:74:51:29:02:31:13:46:d3:
         9e:42:94:4a:3c:a7:00:76:a3:bd:a5:16:29:e3:55:ff:fc:69:
         3d:e9:c3:99:de:5e:68:2b:c5:8e:82:1a:07:b6:cb:98:a7:07:
         5d:e7:1b:0d:47:97:c8:40:62:a1:39:97:17:77:9e:e6:34:c5:
         4c:3f:e0:46:16:de:06:4d:2b:e3:98:1f:23:27:55:7f:53:d9:
         e8:7e:18:97:8e:52:f2:9e:5b:a8:5f:97:93:f2:89:cc:ae:4d:
         38:d5:d5:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzx88FHH2k8t03FUw8vZ3FRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzE1MTQ0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI1YjM3Yzg3MTY0YThiNmRkYWVjM2JjNDMxZDQzNWMwOTE4ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43CoWXJsBuksu1ar4soJkYqSKF3l
4TgM/fAF9WW+sdZfyMVwMd4FJCmErm9ALlVVCtDYZ9psyYUH04htx2+cgdvGUzyp
cb/Cqyndqj3OXllAJ96bbiHwcXBbbK01eRwX4xHFYjxo82JpCYCHkN7mjjF2ss/U
SX/9ntTSPo32TVqPYIjGXxOqriKc4vYoVM/29Y0ogICx00svA4Vyt5ogiMfWHs5/
3+DpSucjABSeE+YRnI+iaqUVYJ8ac6V5h57FxfDSkVOKWZbgm7TNu6OeRYtcke+d
XF8uMZS/L+gCT2kCgvV+W2BEwXifJ1iavAnp9BddHhn+zt9u0tjtfCYXbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGUls3yHFkqLbdrsO8Qx1DXAkYiPMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvWlNXemZJY1dTb3R0MnV3N3hESFVOY0NSaUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVDcLAwQA
VDcQAwQAVDcVMA0GCSqGSIb3DQEBCwUAA4IBAQAqZYHhzDl5SHxYRWVlA6Z10EJ3
/0NrxO+qjBXt15ntH/6gb6fvIb1loIiooBTVps2hDuJA8JoumujG7M20yQQqClcS
7yZOxi3NmlG311BeCltVLutqJ7vLgaA4ci3LATKduW03mAEmzJBCjTQu0zpPw8lw
KYCDtj+8CYL/8PSXKOt/lFRonOptNPuFgCdDsA/OXCmkphnVwoesdFEpAjETRtOe
QpRKPKcAdqO9pRYp41X//Gk96cOZ3l5oK8WOghoHtsuYpwdd5xsNR5fIQGKhOZcX
d57mNMVMP+BGFt4GTSvjmB8jJ1V/U9nofhiXjlLynluoX5eT8onMrk041dUY
-----END CERTIFICATE-----