Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ZVNRgss5mTKJwhbB1mo1GGQyJRE.roa
File:                     ZVNRgss5mTKJwhbB1mo1GGQyJRE.roa (raw, json)
Hash identifier:          HjXOusJwIaZmZ+GD57QVPopBj5EraNR3jwZ+HMzM4p0=
Subject key identifier:   65:53:51:82:CB:39:99:32:89:C2:16:C1:D6:6A:35:18:64:32:25:11
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019EFE1C180FF583F37B1130862FEA784D0D
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ZVNRgss5mTKJwhbB1mo1GGQyJRE.roa
Signing time:             Thu 25 Jun 2026 09:28:34 +0000
ROA not before:           Thu 25 Jun 2026 09:28:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219502
IP address blocks:        176.65.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 17:15:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:1c:18:0f:f5:83:f3:7b:11:30:86:2f:ea:78:4d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Jun 25 09:28:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65535182cb39993289c216c1d66a351864322511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d2:ae:40:05:a3:52:56:90:dd:28:2c:b9:38:
                    5b:8a:92:74:e3:28:1a:eb:bc:6b:1f:56:7d:0a:4b:
                    11:f1:4b:a8:95:2e:1d:de:9a:2f:2a:f1:0c:a0:46:
                    1f:d5:da:5c:76:fd:33:0b:58:15:2b:0a:95:b6:dc:
                    a1:ad:b2:f0:5b:3e:d1:5c:29:42:f2:e5:39:62:e3:
                    45:41:6c:66:0a:9b:67:aa:f7:7b:46:46:42:d0:36:
                    34:d3:61:f0:8b:3c:d7:fa:6e:35:4f:8f:91:9a:93:
                    67:03:14:fe:eb:52:aa:e6:11:d7:95:6e:ad:14:70:
                    42:a3:c2:f3:1f:7a:96:8a:9a:72:a6:78:be:2d:92:
                    20:3c:dd:bf:32:6f:5a:ce:23:ac:51:8f:74:e8:ab:
                    34:b8:86:a5:93:2c:a0:c3:c2:a9:d4:97:de:bf:e0:
                    5a:ef:d2:d4:80:f8:ce:f6:44:3c:df:2d:d3:e7:b3:
                    1f:20:f8:42:64:4e:e1:86:2b:4d:cb:4e:99:a4:c8:
                    6f:10:c0:0d:a9:ea:24:7d:0c:24:31:53:cf:b9:c8:
                    6d:1e:e1:36:72:c2:54:e9:58:2b:3f:6f:38:2f:1f:
                    22:4b:2f:a1:94:d9:cc:38:1b:35:39:72:e1:87:44:
                    38:30:e8:6c:e3:05:d6:5d:70:99:d0:e8:fd:48:57:
                    2a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:53:51:82:CB:39:99:32:89:C2:16:C1:D6:6A:35:18:64:32:25:11
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ZVNRgss5mTKJwhbB1mo1GGQyJRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:8d:f4:ed:77:ad:90:b3:67:51:06:e6:6a:b6:c8:ec:4b:c0:
         08:4d:9b:71:ec:b3:91:5c:38:39:35:22:fc:cd:5e:df:32:fc:
         58:c3:8e:b1:e7:97:e6:05:1e:fd:87:24:07:c8:c0:22:e2:28:
         79:9e:75:1c:29:b5:71:09:d1:c0:51:30:09:a1:fe:61:ae:ce:
         dc:09:a5:5f:ba:51:bf:b8:00:f6:7c:8b:5d:15:9c:e0:7c:fe:
         4e:f5:15:bf:d2:d4:5f:d5:97:0b:1c:83:72:8e:d4:77:ad:d6:
         17:9f:8e:21:c3:bc:95:45:c5:5a:6b:a3:0c:84:80:5e:76:4d:
         18:4e:77:d2:30:bf:86:0f:58:c1:10:7c:72:6b:ca:83:4b:73:
         50:cf:29:4f:a7:1c:fa:be:0e:d7:39:37:ae:45:6b:93:7c:a4:
         90:e0:74:de:53:a6:25:e2:bb:cb:20:91:fb:6b:75:54:11:8e:
         df:84:b7:18:17:9c:31:07:74:9d:2a:be:61:d9:2d:10:aa:7c:
         a7:9c:14:f0:3f:9b:66:71:c7:b6:69:78:8d:c6:c7:de:db:8f:
         37:b3:12:24:b2:d1:b7:46:41:c0:86:0a:66:c2:af:53:12:ee:
         a1:49:72:ed:9c:f9:66:d1:49:09:9c:09:dc:3f:a3:ed:54:5a:
         fd:d6:03:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7+HBgP9YPzexEwhi/qeE0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwNjI1MDkyODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTUzNTE4MmNiMzk5OTMyODljMjE2YzFkNjZhMzUxODY0MzIyNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9KuQAWjUlaQ3SgsuThbipJ04yga
67xrH1Z9CksR8UuolS4d3povKvEMoEYf1dpcdv0zC1gVKwqVttyhrbLwWz7RXClC
8uU5YuNFQWxmCptnqvd7RkZC0DY002HwizzX+m41T4+RmpNnAxT+61Kq5hHXlW6t
FHBCo8LzH3qWippypni+LZIgPN2/Mm9aziOsUY906Ks0uIalkyygw8Kp1Jfev+Ba
79LUgPjO9kQ83y3T57MfIPhCZE7hhitNy06ZpMhvEMANqeokfQwkMVPPuchtHuE2
csJU6VgrP284Lx8iSy+hlNnMOBs1OXLhh0Q4MOhs4wXWXXCZ0Oj9SFcqfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVTUYLLOZkyicIWwdZqNRhkMiURMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvWlZOUmdzczVtVEtKd2hiQjFtbzFHR1F5SlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGLMA0G
CSqGSIb3DQEBCwUAA4IBAQBdjfTtd62Qs2dRBuZqtsjsS8AITZtx7LORXDg5NSL8
zV7fMvxYw46x55fmBR79hyQHyMAi4ih5nnUcKbVxCdHAUTAJof5hrs7cCaVfulG/
uAD2fItdFZzgfP5O9RW/0tRf1ZcLHINyjtR3rdYXn44hw7yVRcVaa6MMhIBedk0Y
TnfSML+GD1jBEHxya8qDS3NQzylPpxz6vg7XOTeuRWuTfKSQ4HTeU6Yl4rvLIJH7
a3VUEY7fhLcYF5wxB3SdKr5h2S0QqnynnBTwP5tmcce2aXiNxsfe2483sxIkstG3
RkHAhgpmwq9TEu6hSXLtnPlm0UkJnAncP6PtVFr91gOx
-----END CERTIFICATE-----