Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/2ZPGAyGU89_zk4VR5jWjNdEZW_U.roa
File:                     2ZPGAyGU89_zk4VR5jWjNdEZW_U.roa (raw, json)
Hash identifier:          HRC+HVbyxZqNVC49TYDZTMIIz7UEzDo6twxH40yc5YA=
Subject key identifier:   D9:93:C6:03:21:94:F3:DF:F3:93:85:51:E6:35:A3:35:D1:19:5B:F5
Certificate issuer:       /CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
Certificate serial:       0197DC4424735261B34CE5390935086539C9
Authority key identifier: AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/2ZPGAyGU89_zk4VR5jWjNdEZW_U.roa
Signing time:             Sat 05 Jul 2025 20:25:42 +0000
ROA not before:           Sat 05 Jul 2025 20:25:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        91.108.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:dc:44:24:73:52:61:b3:4c:e5:39:09:35:08:65:39:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
        Validity
            Not Before: Jul  5 20:25:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d993c6032194f3dff3938551e635a335d1195bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d4:4b:0b:02:74:c7:64:88:45:b4:85:18:75:
                    32:87:53:16:3e:88:7b:c6:98:20:70:cf:67:1c:c9:
                    92:f6:52:56:21:28:18:f1:f4:c6:aa:81:e4:56:ca:
                    77:80:8e:28:1c:bf:b9:30:11:8a:08:33:fe:fa:1d:
                    61:de:1f:07:01:89:f1:09:71:5c:37:25:26:0a:96:
                    1c:c4:11:e2:d2:2a:81:1c:95:f2:af:42:48:29:24:
                    6f:a9:44:67:e8:37:38:de:84:be:19:5f:f4:c0:2b:
                    68:ba:85:f0:20:6a:4e:bb:8a:a7:fc:46:9d:ed:d0:
                    e8:10:2c:2e:25:1d:44:10:c6:97:d7:d2:05:fb:8c:
                    9a:82:41:b7:9d:43:1c:62:7f:ad:14:b7:60:a2:3d:
                    9e:7e:1d:93:86:70:37:0e:73:47:cd:61:d2:85:6a:
                    35:1e:49:d7:ec:a5:47:13:da:a9:3b:e8:78:4d:24:
                    dc:f5:ef:51:45:ee:13:b9:f7:b2:df:db:50:e9:a4:
                    1a:f1:c9:b2:47:3a:6e:f9:4d:dd:4a:f7:2e:d6:d3:
                    e7:ad:cf:85:50:3e:5c:a0:ec:31:0e:68:64:59:3b:
                    ab:ce:eb:42:a6:75:fc:9a:08:42:50:54:62:c6:6e:
                    6b:fa:20:8f:63:8b:06:1b:62:1e:ef:07:4a:0c:df:
                    18:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:93:C6:03:21:94:F3:DF:F3:93:85:51:E6:35:A3:35:D1:19:5B:F5
            X509v3 Authority Key Identifier:
                keyid:AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/2ZPGAyGU89_zk4VR5jWjNdEZW_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:3f:0b:89:f7:c0:bb:0b:1c:9d:0a:ea:37:46:4c:83:cf:a2:
         42:8f:59:b9:e5:78:ea:44:3c:71:4d:6f:2d:7a:67:18:2a:bd:
         47:93:ec:3b:f4:95:1b:1d:6e:1d:41:7d:3d:f2:70:a2:e7:f7:
         61:01:00:d6:0e:30:b5:50:f4:38:fc:60:90:0b:72:22:d9:a9:
         89:d9:28:2b:66:a1:f3:fe:71:99:c4:15:75:d4:cb:ac:14:71:
         fa:80:73:ca:4c:1e:62:c9:4c:fa:fe:c4:30:06:16:d5:48:8a:
         78:d6:48:7f:ce:44:59:91:87:69:c6:29:b0:44:e3:2b:80:dc:
         79:1f:74:65:70:b6:7a:46:4a:cc:65:60:89:bb:6b:73:e9:7e:
         5f:45:e3:12:4b:e9:01:8f:dc:50:3d:47:c2:8c:52:5f:db:d5:
         e1:ef:ae:b0:19:ec:91:6b:37:a5:a7:0d:0e:21:70:ee:26:13:
         e9:81:6c:81:21:29:28:34:4a:53:7c:cf:a9:e4:b4:5b:14:0c:
         96:13:eb:fb:78:52:39:1f:ad:65:51:6e:d6:8f:b8:ea:84:bb:
         6b:8a:0a:75:1c:8c:81:9d:e9:a4:c5:0e:8b:f6:69:56:27:bc:
         7b:a0:1b:de:83:46:a7:26:c2:3a:3a:bd:52:2e:25:b3:71:68:
         16:3d:f9:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfcRCRzUmGzTOU5CTUIZTnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg1MmFmNWE4ZTQzNmIyZDRkYTcyZTkyYjY0MTE0ZTFm
NGQxNWYwHhcNMjUwNzA1MjAyNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkzYzYwMzIxOTRmM2RmZjM5Mzg1NTFlNjM1YTMzNWQxMTk1YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tRLCwJ0x2SIRbSFGHUyh1MWPoh7
xpggcM9nHMmS9lJWISgY8fTGqoHkVsp3gI4oHL+5MBGKCDP++h1h3h8HAYnxCXFc
NyUmCpYcxBHi0iqBHJXyr0JIKSRvqURn6Dc43oS+GV/0wCtouoXwIGpOu4qn/Ead
7dDoECwuJR1EEMaX19IF+4yagkG3nUMcYn+tFLdgoj2efh2ThnA3DnNHzWHShWo1
HknX7KVHE9qpO+h4TSTc9e9RRe4Tufey39tQ6aQa8cmyRzpu+U3dSvcu1tPnrc+F
UD5coOwxDmhkWTurzutCpnX8mghCUFRixm5r+iCPY4sGG2Ie7wdKDN8YLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmTxgMhlPPf85OFUeY1ozXRGVv1MB8GA1UdIwQY
MBaAFKwIUq9ajkNrLU2nLpK2QRTh9NFfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEt
NTAwN2RkZTM1MDQ1LzEvMlpQR0F5R1U4OV96azRWUjVqV2pOZEVaV19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEtNTAwN2RkZTM1MDQ1
LzEvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2y6MA0G
CSqGSIb3DQEBCwUAA4IBAQBNPwuJ98C7CxydCuo3RkyDz6JCj1m55XjqRDxxTW8t
emcYKr1Hk+w79JUbHW4dQX098nCi5/dhAQDWDjC1UPQ4/GCQC3Ii2amJ2SgrZqHz
/nGZxBV11MusFHH6gHPKTB5iyUz6/sQwBhbVSIp41kh/zkRZkYdpximwROMrgNx5
H3RlcLZ6RkrMZWCJu2tz6X5fReMSS+kBj9xQPUfCjFJf29Xh766wGeyRazelpw0O
IXDuJhPpgWyBISkoNEpTfM+p5LRbFAyWE+v7eFI5H61lUW7Wj7jqhLtrigp1HIyB
nemkxQ6L9mlWJ7x7oBveg0anJsI6Or1SLiWzcWgWPfmP
-----END CERTIFICATE-----