Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ZKrSVjIyp3c4vmsRta99lxJ1nWk.roa
File:                     ZKrSVjIyp3c4vmsRta99lxJ1nWk.roa (raw, json)
Hash identifier:          V86J8geSpEHBLLo/A/uTbJtr9YVbr3Cw49uNukpc0Ds=
Subject key identifier:   64:AA:D2:56:32:32:A7:77:38:BE:6B:11:B5:AF:7D:97:12:75:9D:69
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C7E1FE770868B637C0D6ACFCC2CC4
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ZKrSVjIyp3c4vmsRta99lxJ1nWk.roa
Signing time:             Mon 11 Aug 2025 08:43:26 +0000
ROA not before:           Mon 11 Aug 2025 08:43:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197610
IP address blocks:        213.174.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:7e:1f:e7:70:86:8b:63:7c:0d:6a:cf:cc:2c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64aad2563232a77738be6b11b5af7d9712759d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3c:2b:59:c4:50:c3:34:3a:1b:dd:6d:59:30:
                    20:9f:b0:41:69:8a:93:4d:c2:4d:9e:e4:1f:68:2d:
                    bb:e7:96:cf:f5:aa:ee:35:e6:c4:34:20:3e:d2:d5:
                    ba:44:2b:ce:7a:35:14:e3:20:df:75:81:a6:67:c6:
                    48:c3:2a:cc:3b:5d:11:0c:d2:55:7f:f8:87:2e:27:
                    95:ef:e9:05:b3:9b:8f:0a:ca:59:56:95:3f:4f:ef:
                    02:c2:a4:a2:e1:ab:1a:90:c7:ad:1d:f7:ca:0b:00:
                    75:44:fd:05:0b:49:ab:ee:1d:41:60:b2:a8:48:0c:
                    f1:df:ff:42:9d:18:a5:ff:90:12:4d:cf:09:25:4c:
                    e8:f2:de:e3:78:c6:99:2a:7b:88:12:a5:67:6f:27:
                    1e:fc:78:ba:f7:7e:49:11:e6:a0:9a:fb:a7:fe:cb:
                    fd:f1:5d:ec:3b:1b:ea:f3:3c:a9:25:23:15:db:b1:
                    03:45:94:de:32:8a:c6:2e:8a:b4:8c:b3:47:33:53:
                    72:4b:72:72:35:c8:af:92:8e:89:a2:d9:48:9e:64:
                    75:91:2b:84:5b:89:81:59:02:d3:ea:ea:3a:62:30:
                    95:84:e6:35:b1:56:72:0b:2d:dd:21:8d:00:7b:4a:
                    dd:59:aa:93:d1:75:b8:81:6d:d6:5c:89:39:0c:ce:
                    0d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AA:D2:56:32:32:A7:77:38:BE:6B:11:B5:AF:7D:97:12:75:9D:69
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ZKrSVjIyp3c4vmsRta99lxJ1nWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.174.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:98:0c:45:a3:85:31:53:3a:43:12:8e:55:9a:52:da:5a:cf:
         69:77:b2:ac:f8:a6:ef:43:08:81:da:98:3e:b2:76:d2:3c:2a:
         de:98:7e:69:30:60:14:99:92:e8:a6:79:36:ea:d8:8a:94:60:
         43:30:d8:f4:10:aa:81:d6:76:62:dc:67:35:90:36:65:8c:64:
         d0:b1:7b:f3:4d:ec:d1:14:1b:8c:72:b9:ec:63:f8:1d:8c:2c:
         98:16:3c:a9:d6:1b:02:9f:c1:6a:0e:3d:0c:5d:bc:2f:07:a1:
         64:ac:10:84:09:dd:27:e0:62:bb:fc:56:7c:20:00:3c:60:a7:
         2d:6d:46:78:8d:d4:2c:cc:74:2b:63:d1:14:92:61:c1:c9:a5:
         21:95:8c:35:31:88:15:dc:2e:58:ac:b5:b4:1a:ae:70:36:d9:
         17:8c:c3:5c:5d:4e:e1:f9:11:fa:35:09:0f:3e:c1:ee:bb:4f:
         f2:25:ea:b9:83:15:13:1c:10:08:c9:09:42:a2:4c:35:6d:87:
         54:d9:65:a8:76:40:dd:84:10:95:9d:e6:61:41:bf:8a:98:51:
         72:28:03:da:d1:b0:34:40:3d:94:0c:32:4f:b4:5c:a3:ec:66:
         f4:8b:16:5c:b5:26:70:15:ab:fb:00:0b:0f:30:89:39:1a:b3:
         e8:9c:11:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTH4f53CGi2N8DWrPzCzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFhZDI1NjMyMzJhNzc3MzhiZTZiMTFiNWFmN2Q5NzEyNzU5ZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjwrWcRQwzQ6G91tWTAgn7BBaYqT
TcJNnuQfaC2755bP9aruNebENCA+0tW6RCvOejUU4yDfdYGmZ8ZIwyrMO10RDNJV
f/iHLieV7+kFs5uPCspZVpU/T+8CwqSi4asakMetHffKCwB1RP0FC0mr7h1BYLKo
SAzx3/9CnRil/5ASTc8JJUzo8t7jeMaZKnuIEqVnbyce/Hi6935JEeagmvun/sv9
8V3sOxvq8zypJSMV27EDRZTeMorGLoq0jLNHM1NyS3JyNcivko6JotlInmR1kSuE
W4mBWQLT6uo6YjCVhOY1sVZyCy3dIY0Ae0rdWaqT0XW4gW3WXIk5DM4NBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSq0lYyMqd3OL5rEbWvfZcSdZ1pMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvWktyU1ZqSXlwM2M0dm1zUnRhOTlseEoxbldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a4cMA0G
CSqGSIb3DQEBCwUAA4IBAQAUmAxFo4UxUzpDEo5VmlLaWs9pd7Ks+KbvQwiB2pg+
snbSPCremH5pMGAUmZLopnk26tiKlGBDMNj0EKqB1nZi3Gc1kDZljGTQsXvzTezR
FBuMcrnsY/gdjCyYFjyp1hsCn8FqDj0MXbwvB6FkrBCECd0n4GK7/FZ8IAA8YKct
bUZ4jdQszHQrY9EUkmHByaUhlYw1MYgV3C5YrLW0Gq5wNtkXjMNcXU7h+RH6NQkP
PsHuu0/yJeq5gxUTHBAIyQlCokw1bYdU2WWodkDdhBCVneZhQb+KmFFyKAPa0bA0
QD2UDDJPtFyj7Gb0ixZctSZwFav7AAsPMIk5GrPonBEp
-----END CERTIFICATE-----