Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/zQ_Z2sCm4m4HeEadGWBrfuigHl0.roa
File:                     zQ_Z2sCm4m4HeEadGWBrfuigHl0.roa (raw, json)
Hash identifier:          MmWBfIcQR6ryOmgfmshKEVDYbrrbxUnvMDI2hcJsmkM=
Subject key identifier:   CD:0F:D9:DA:C0:A6:E2:6E:07:78:46:9D:19:60:6B:7E:E8:A0:1E:5D
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       0197217DFFDC6EF2F7D239DDAB3EB674D28A
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/zQ_Z2sCm4m4HeEadGWBrfuigHl0.roa
Signing time:             Fri 30 May 2025 13:59:54 +0000
ROA not before:           Fri 30 May 2025 13:59:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207671
IP address blocks:        212.36.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:21:7d:ff:dc:6e:f2:f7:d2:39:dd:ab:3e:b6:74:d2:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: May 30 13:59:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd0fd9dac0a6e26e0778469d19606b7ee8a01e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b9:04:f3:09:29:87:cd:1f:14:f4:7e:88:6d:
                    3d:9f:be:40:8c:ce:ac:89:7e:23:b0:86:e6:08:f8:
                    ca:d7:45:4a:10:29:b8:00:64:3e:90:f4:8e:f5:50:
                    7e:2f:0c:f4:4a:5a:e1:2a:56:cb:08:ee:f9:4c:24:
                    e9:15:d0:17:bd:0e:5f:b6:40:e7:79:5b:b4:58:26:
                    ed:b5:8d:96:0b:98:c6:79:8c:02:0b:ba:75:74:18:
                    71:e3:e0:f8:67:cf:5b:f5:bb:dd:a7:ff:2f:0f:64:
                    b3:4e:5f:b3:c3:70:76:8b:fd:dc:34:49:a9:e5:c1:
                    98:27:95:bf:af:4d:ba:fd:2a:59:e3:8c:3b:d3:4a:
                    97:c2:82:42:c2:fb:46:6a:43:fb:22:b6:32:fa:25:
                    33:0a:cb:bb:83:b0:47:97:ef:20:f1:8a:5f:72:ab:
                    87:82:6c:fc:4d:9e:13:9c:62:2a:17:e4:34:eb:63:
                    85:de:e3:27:3d:e1:b7:61:da:a3:86:43:95:b8:f4:
                    0a:aa:66:1b:2f:62:3a:b2:c6:ea:cf:11:00:46:0b:
                    78:bd:24:a8:c5:f2:74:3d:33:55:b7:4b:02:3d:f3:
                    0e:09:c4:0a:65:20:9f:90:73:b2:b2:dc:80:e1:39:
                    6f:15:f7:2d:df:d5:02:f2:a6:06:fa:a4:22:15:dd:
                    66:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0F:D9:DA:C0:A6:E2:6E:07:78:46:9D:19:60:6B:7E:E8:A0:1E:5D
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/zQ_Z2sCm4m4HeEadGWBrfuigHl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.36.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c7:4a:b6:32:2a:89:d1:a3:a9:02:44:ee:1f:04:6e:04:a8:
         95:a0:74:01:2f:4d:07:8b:1b:d4:21:e4:53:a3:2a:62:0d:fc:
         de:d6:e5:4f:5a:00:6a:39:22:98:32:9f:c1:38:2e:1c:6e:a3:
         b0:10:a4:5b:3c:ab:ef:8b:21:e1:12:cf:f4:3e:1c:96:94:c5:
         23:73:48:0c:b4:9f:ee:e7:08:72:45:22:63:f4:80:07:b0:ca:
         31:17:36:be:14:a9:fd:d3:36:34:3d:67:54:85:61:65:66:c1:
         fb:6f:43:21:94:4c:18:d4:cd:d0:19:e7:99:0d:17:e7:62:80:
         54:24:96:bc:06:c4:cc:df:53:35:10:60:cc:fd:17:de:d2:d6:
         46:6f:a7:f0:cf:2e:eb:c6:48:11:49:0e:b4:92:d9:da:d1:b5:
         a7:dc:87:3a:24:65:a0:2c:99:03:85:24:62:f2:69:15:2e:43:
         93:bf:2a:35:60:c0:a7:9d:f1:3b:c0:f5:f4:da:10:26:de:46:
         50:92:cb:b9:5b:3e:be:78:56:2f:32:ce:ac:1f:b3:dd:f9:c9:
         47:d2:00:5a:21:37:25:6f:b2:8f:f7:47:18:42:93:49:c9:1c:
         8f:6c:e9:37:56:cf:da:43:11:bb:b2:50:83:e7:e5:3d:db:22:
         17:28:ff:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZchff/cbvL30jndqz62dNKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwNTMwMTM1OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBmZDlkYWMwYTZlMjZlMDc3ODQ2OWQxOTYwNmI3ZWU4YTAxZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7kE8wkph80fFPR+iG09n75AjM6s
iX4jsIbmCPjK10VKECm4AGQ+kPSO9VB+Lwz0SlrhKlbLCO75TCTpFdAXvQ5ftkDn
eVu0WCbttY2WC5jGeYwCC7p1dBhx4+D4Z89b9bvdp/8vD2SzTl+zw3B2i/3cNEmp
5cGYJ5W/r026/SpZ44w700qXwoJCwvtGakP7IrYy+iUzCsu7g7BHl+8g8YpfcquH
gmz8TZ4TnGIqF+Q062OF3uMnPeG3YdqjhkOVuPQKqmYbL2I6ssbqzxEARgt4vSSo
xfJ0PTNVt0sCPfMOCcQKZSCfkHOystyA4TlvFfct39UC8qYG+qQiFd1mJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0P2drApuJuB3hGnRlga37ooB5dMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvelFfWjJzQ200bTRIZUVhZEdXQnJmdWlnSGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CQZMA0G
CSqGSIb3DQEBCwUAA4IBAQCBx0q2MiqJ0aOpAkTuHwRuBKiVoHQBL00HixvUIeRT
oypiDfze1uVPWgBqOSKYMp/BOC4cbqOwEKRbPKvviyHhEs/0PhyWlMUjc0gMtJ/u
5whyRSJj9IAHsMoxFza+FKn90zY0PWdUhWFlZsH7b0MhlEwY1M3QGeeZDRfnYoBU
JJa8BsTM31M1EGDM/Rfe0tZGb6fwzy7rxkgRSQ60ktna0bWn3Ic6JGWgLJkDhSRi
8mkVLkOTvyo1YMCnnfE7wPX02hAm3kZQksu5Wz6+eFYvMs6sH7Pd+clH0gBaITcl
b7KP90cYQpNJyRyPbOk3Vs/aQxG7slCD5+U92yIXKP8A
-----END CERTIFICATE-----