Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/Z0dVNzk7EGrkYKQ-9HMAEEn28xQ.roa
File:                     Z0dVNzk7EGrkYKQ-9HMAEEn28xQ.roa (raw, json)
Hash identifier:          m7NbNzI3ua/XgXbydcjNQqSmMP9x4tm6jOp74hABwTg=
Subject key identifier:   67:47:55:37:39:3B:10:6A:E4:60:A4:3E:F4:73:00:10:49:F6:F3:14
Certificate issuer:       /CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
Certificate serial:       0199E6B04E18FD8D94DA9A5420E93E66648E
Authority key identifier: 1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/Z0dVNzk7EGrkYKQ-9HMAEEn28xQ.roa
Signing time:             Wed 15 Oct 2025 07:05:38 +0000
ROA not before:           Wed 15 Oct 2025 07:05:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.60.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:b0:4e:18:fd:8d:94:da:9a:54:20:e9:3e:66:64:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
        Validity
            Not Before: Oct 15 07:05:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67475537393b106ae460a43ef473001049f6f314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cd:0e:c4:1a:72:85:e9:4d:cc:48:4d:a9:89:
                    3b:e1:9a:89:47:c8:cc:a1:0b:f5:89:36:6c:6d:80:
                    e8:98:57:81:6e:ac:b2:4a:e1:e4:06:eb:50:a1:f0:
                    60:5a:cd:da:c3:dd:d9:eb:09:99:c4:89:e2:3b:87:
                    c9:dc:6c:e2:63:fd:80:2b:6c:0e:15:bc:f7:2c:80:
                    9b:eb:a2:c4:e7:97:4e:e1:eb:20:52:a8:d4:4b:1b:
                    c1:2f:ad:24:44:d7:6e:db:43:87:1b:ac:16:31:a3:
                    50:44:b5:25:23:70:2f:a9:27:2e:0c:9e:0f:3e:3b:
                    16:07:45:70:61:5f:9d:8a:56:91:62:c6:d5:fe:c4:
                    64:80:cb:f0:c5:b6:dc:3d:69:b4:9d:fc:0d:33:b6:
                    5f:2b:44:a9:18:38:20:5b:94:94:29:1c:0c:a7:6f:
                    a9:68:09:b1:00:52:82:60:8c:2b:79:11:2d:ac:39:
                    30:a7:61:76:1b:2e:e7:2c:81:f0:d0:ab:b7:47:44:
                    07:3e:53:f1:69:2d:c0:e5:b3:b5:c0:cb:d9:6b:90:
                    f7:74:73:86:92:3e:86:d5:5a:c4:7f:24:54:80:be:
                    5d:56:07:11:10:80:81:8f:9a:19:07:e4:4c:62:6a:
                    75:7a:ca:b0:37:7f:ee:2d:24:e1:14:66:b5:cf:07:
                    aa:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:47:55:37:39:3B:10:6A:E4:60:A4:3E:F4:73:00:10:49:F6:F3:14
            X509v3 Authority Key Identifier:
                keyid:1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/Z0dVNzk7EGrkYKQ-9HMAEEn28xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a7:80:0a:18:cb:88:f7:ef:16:63:e5:bb:32:b8:6a:b1:14:
         5f:e8:a4:65:9b:d1:79:62:db:f3:1f:be:8a:0e:c5:65:94:82:
         ca:94:e3:aa:6c:fa:7f:da:93:bc:cb:9e:7c:24:c3:2a:1e:2d:
         aa:0c:80:8a:d3:51:58:26:10:c4:a2:ed:29:9d:90:3e:ca:de:
         b0:65:dd:ad:a7:21:c6:f9:b1:0e:44:2f:b2:3f:a6:ad:10:b0:
         8d:8a:59:ce:a9:96:de:b7:92:27:39:85:17:bc:23:53:6a:f7:
         a1:a2:3f:73:de:f7:fc:00:c7:fc:f4:7a:0b:67:fc:01:e0:43:
         60:9f:00:bf:79:4b:8a:c4:2c:1b:ce:c8:da:d1:de:53:b4:33:
         be:52:09:3d:cd:ca:69:7a:ad:fb:9d:23:21:d4:f1:82:6d:75:
         7e:1d:1b:05:6c:ed:73:7c:45:8a:12:b1:7b:c5:53:d1:4c:67:
         96:1c:55:d5:b0:2c:36:25:04:d0:4b:1b:49:89:ae:fe:ca:aa:
         60:8d:0d:f5:fc:c4:c1:40:85:fb:3b:30:92:9b:95:d0:3a:b8:
         95:ca:3f:b9:6a:6a:10:10:d8:ef:96:f0:b3:b8:1e:dc:8b:f9:
         79:4b:5c:54:07:37:fc:af:4e:6c:f4:62:f2:27:87:e9:f8:8a:
         bd:d4:9e:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnmsE4Y/Y2U2ppUIOk+ZmSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZWEzZTk5YmJiMGRkYTc4MDg0MjE5YTYxMzQ5MmU1ZTZk
OWI0NWEwHhcNMjUxMDE1MDcwNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ3NTUzNzM5M2IxMDZhZTQ2MGE0M2VmNDczMDAxMDQ5ZjZmMzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM0OxBpyhelNzEhNqYk74ZqJR8jM
oQv1iTZsbYDomFeBbqyySuHkButQofBgWs3aw93Z6wmZxIniO4fJ3GziY/2AK2wO
Fbz3LICb66LE55dO4esgUqjUSxvBL60kRNdu20OHG6wWMaNQRLUlI3AvqScuDJ4P
PjsWB0VwYV+dilaRYsbV/sRkgMvwxbbcPWm0nfwNM7ZfK0SpGDggW5SUKRwMp2+p
aAmxAFKCYIwreREtrDkwp2F2Gy7nLIHw0Ku3R0QHPlPxaS3A5bO1wMvZa5D3dHOG
kj6G1VrEfyRUgL5dVgcREICBj5oZB+RMYmp1esqwN3/uLSThFGa1zweqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdHVTc5OxBq5GCkPvRzABBJ9vMUMB8GA1UdIwQY
MBaAFBvqPpm7sN2ngIQhmmE0kuXm2bRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2Ut
YTBiY2M5MTJkNzM1LzEvWjBkVk56azdFR3JrWUtRLTlITUFFRW4yOHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2UtYTBiY2M5MTJkNzM1
LzEvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTz7MA0G
CSqGSIb3DQEBCwUAA4IBAQAJp4AKGMuI9+8WY+W7MrhqsRRf6KRlm9F5YtvzH76K
DsVllILKlOOqbPp/2pO8y558JMMqHi2qDICK01FYJhDEou0pnZA+yt6wZd2tpyHG
+bEORC+yP6atELCNilnOqZbet5InOYUXvCNTavehoj9z3vf8AMf89HoLZ/wB4ENg
nwC/eUuKxCwbzsja0d5TtDO+Ugk9zcppeq37nSMh1PGCbXV+HRsFbO1zfEWKErF7
xVPRTGeWHFXVsCw2JQTQSxtJia7+yqpgjQ31/MTBQIX7OzCSm5XQOriVyj+5amoQ
ENjvlvCzuB7ci/l5S1xUBzf8r05s9GLyJ4fp+Iq91J4i
-----END CERTIFICATE-----