Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/ZkLszZNsYTedVYZCi7qKLI_uStU.roa
File:                     ZkLszZNsYTedVYZCi7qKLI_uStU.roa (raw, json)
Hash identifier:          olUJg8XZGkD6h4OMSXbw6oEq8KbgKoZlDbsQ7AIMvKw=
Subject key identifier:   66:42:EC:CD:93:6C:61:37:9D:55:86:42:8B:BA:8A:2C:8F:EE:4A:D5
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019E2A4B46EB76B2BCC6E5C73AB28A29BE4B
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/ZkLszZNsYTedVYZCi7qKLI_uStU.roa
Signing time:             Fri 15 May 2026 06:20:36 +0000
ROA not before:           Fri 15 May 2026 06:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215676
IP address blocks:        5.22.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:4b:46:eb:76:b2:bc:c6:e5:c7:3a:b2:8a:29:be:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: May 15 06:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6642eccd936c61379d5586428bba8a2c8fee4ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e1:41:24:87:49:d0:d5:b5:c4:5b:7a:52:6e:
                    3b:b3:ae:0b:b5:6a:a5:ef:32:29:7d:81:4b:c4:28:
                    7e:19:64:0b:c1:32:fa:66:a4:bf:e9:1f:0f:e1:70:
                    91:30:36:a9:a8:2e:d1:55:00:50:ee:e9:26:04:3e:
                    8f:1a:20:d7:e0:3b:99:b6:60:2f:20:6f:c6:27:b5:
                    f2:84:3b:e6:99:19:67:53:88:bf:1c:de:72:84:54:
                    d5:57:ec:b7:4e:75:15:f4:ff:97:34:5b:5c:94:8c:
                    f6:38:db:4b:b3:98:b5:c0:f5:17:a9:17:ce:c1:49:
                    05:65:2a:f9:c6:9d:95:27:d8:b4:6c:59:12:76:57:
                    3e:ee:9d:41:ce:1a:72:be:fe:37:90:12:44:75:4e:
                    d8:06:aa:ae:f8:86:e1:b7:74:aa:c5:3d:1f:3e:57:
                    25:d5:0f:4a:db:11:c1:bf:0f:87:94:8c:1d:bd:03:
                    46:1c:64:ac:75:64:aa:76:a2:d9:aa:a2:16:14:23:
                    10:34:f2:b4:ea:98:b6:6f:39:41:86:6f:e1:dd:76:
                    27:05:81:38:f5:42:8b:ad:46:45:01:41:70:09:7a:
                    68:f0:de:a1:77:11:2a:23:ff:1a:a9:68:98:3e:6c:
                    21:a7:74:84:e4:e3:35:69:45:93:0f:ee:26:e3:f2:
                    ed:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:42:EC:CD:93:6C:61:37:9D:55:86:42:8B:BA:8A:2C:8F:EE:4A:D5
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/ZkLszZNsYTedVYZCi7qKLI_uStU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b7:06:fd:46:71:ee:7f:04:c3:33:23:49:af:5d:56:b2:2b:
         ec:42:8a:89:48:9f:89:bb:40:a0:f5:e8:76:bc:22:98:60:d0:
         7e:f9:0d:79:af:d0:54:00:31:4c:18:83:94:92:12:b4:c0:2a:
         72:b0:14:bc:b1:cd:15:91:3b:7b:af:f7:1f:08:3e:5f:0b:b6:
         85:41:48:fd:9b:1b:77:ea:ad:65:02:5f:e5:52:74:19:f8:d1:
         14:c1:4b:19:a8:c3:09:f3:df:98:75:67:b0:ef:c7:7b:24:c5:
         bb:79:ff:ca:00:05:55:b8:8c:d2:77:6d:f6:4c:ac:f0:88:0c:
         e3:b7:2d:65:e2:d4:74:a0:28:ef:be:1b:74:98:f7:c1:10:16:
         b8:c8:58:17:f1:45:fc:49:19:90:85:d6:66:39:54:30:dc:dc:
         42:f4:6b:d1:80:2b:7c:b4:6c:e4:1b:6d:ef:7f:f6:ef:93:a7:
         06:f3:d3:1b:a2:9d:f2:a6:75:af:46:4a:3c:6e:ac:39:38:58:
         4e:21:b2:ab:06:a9:c6:d6:10:c3:38:b7:21:f8:3f:57:25:14:
         3b:98:36:58:08:1d:f6:12:b5:9c:25:a4:e9:fa:1f:bd:cd:ea:
         3a:61:db:5c:bb:c7:10:89:6b:a1:06:a6:b9:d3:9a:c1:d7:35:
         75:29:5a:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4qS0brdrK8xuXHOrKKKb5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwNTE1MDYyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQyZWNjZDkzNmM2MTM3OWQ1NTg2NDI4YmJhOGEyYzhmZWU0YWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOFBJIdJ0NW1xFt6Um47s64LtWql
7zIpfYFLxCh+GWQLwTL6ZqS/6R8P4XCRMDapqC7RVQBQ7ukmBD6PGiDX4DuZtmAv
IG/GJ7XyhDvmmRlnU4i/HN5yhFTVV+y3TnUV9P+XNFtclIz2ONtLs5i1wPUXqRfO
wUkFZSr5xp2VJ9i0bFkSdlc+7p1Bzhpyvv43kBJEdU7YBqqu+Ibht3SqxT0fPlcl
1Q9K2xHBvw+HlIwdvQNGHGSsdWSqdqLZqqIWFCMQNPK06pi2bzlBhm/h3XYnBYE4
9UKLrUZFAUFwCXpo8N6hdxEqI/8aqWiYPmwhp3SE5OM1aUWTD+4m4/Lt4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZC7M2TbGE3nVWGQou6iiyP7krVMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvWmtMc3paTnNZVGVkVllaQ2k3cUtMSV91U3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABRaeMA0G
CSqGSIb3DQEBCwUAA4IBAQB4twb9RnHufwTDMyNJr11WsivsQoqJSJ+Ju0Cg9eh2
vCKYYNB++Q15r9BUADFMGIOUkhK0wCpysBS8sc0VkTt7r/cfCD5fC7aFQUj9mxt3
6q1lAl/lUnQZ+NEUwUsZqMMJ89+YdWew78d7JMW7ef/KAAVVuIzSd232TKzwiAzj
ty1l4tR0oCjvvht0mPfBEBa4yFgX8UX8SRmQhdZmOVQw3NxC9GvRgCt8tGzkG23v
f/bvk6cG89Mbop3ypnWvRko8bqw5OFhOIbKrBqnG1hDDOLch+D9XJRQ7mDZYCB32
ErWcJaTp+h+9zeo6Ydtcu8cQiWuhBqa505rB1zV1KVqc
-----END CERTIFICATE-----