Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZoLEzONyV7QLYdtKb-afMNYwfxM.roa
File:                     ZoLEzONyV7QLYdtKb-afMNYwfxM.roa (raw, json)
Hash identifier:          6iQVIakQz29QPi7Lled6TnK/5AIOd4jPu/15Q3XroLE=
Subject key identifier:   66:82:C4:CC:E3:72:57:B4:0B:61:DB:4A:6F:E6:9F:30:D6:30:7F:13
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01994D70B48C603ACD8EF5A0B6C247F0907F
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZoLEzONyV7QLYdtKb-afMNYwfxM.roa
Signing time:             Mon 15 Sep 2025 12:54:15 +0000
ROA not before:           Mon 15 Sep 2025 12:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        188.255.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:70:b4:8c:60:3a:cd:8e:f5:a0:b6:c2:47:f0:90:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Sep 15 12:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6682c4cce37257b40b61db4a6fe69f30d6307f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ec:ee:ae:4b:75:68:b3:ee:33:be:3d:78:e0:
                    f7:85:15:d5:9d:ab:8c:59:24:2b:b6:04:d6:0c:40:
                    ab:f9:4f:ea:9c:a7:ce:51:57:50:f2:7d:f9:f7:5d:
                    d1:05:2c:eb:2e:f9:f0:eb:b3:80:71:68:a5:8e:6a:
                    24:f8:6a:6b:5b:3b:27:a7:5e:7c:64:5a:4a:63:ae:
                    6f:f9:26:9c:5e:ee:f6:84:b7:d6:c9:fc:1d:6f:08:
                    d1:f7:7e:86:05:37:24:f1:6c:25:17:40:7f:30:37:
                    9f:bf:73:ed:5f:de:e5:af:1e:2f:27:6f:39:8f:33:
                    80:6e:27:f3:4b:91:e6:8b:59:7b:d7:38:80:71:cd:
                    79:b1:50:dc:45:24:5d:3c:fa:77:79:df:45:74:5a:
                    53:f5:81:47:77:91:ee:7b:29:83:44:12:0b:48:c7:
                    3c:50:5c:c4:20:7c:0f:bf:47:a2:d0:19:26:99:c5:
                    6b:4a:8a:d5:77:5d:14:3a:c0:88:3e:f0:8b:6d:77:
                    06:3c:a4:aa:03:56:39:72:f6:f0:7b:bd:a9:6f:c5:
                    68:68:98:fc:99:68:79:48:1b:f7:56:48:9e:d0:50:
                    e3:9b:d2:f4:22:1c:b0:66:8c:f6:62:ee:0d:8f:61:
                    99:a7:8e:90:d5:67:16:29:06:33:47:75:04:99:6b:
                    76:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:82:C4:CC:E3:72:57:B4:0B:61:DB:4A:6F:E6:9F:30:D6:30:7F:13
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZoLEzONyV7QLYdtKb-afMNYwfxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:07:a0:a2:c5:92:df:65:c3:4d:14:5a:d0:f0:25:1a:7a:5d:
         29:02:10:6d:d9:22:d8:91:e0:d7:43:8c:2f:cb:12:6f:e9:b9:
         ef:d8:11:73:a9:b5:a1:2d:7b:34:aa:5c:99:00:dc:30:9f:4e:
         ff:21:8a:8e:1c:65:d4:08:61:f4:5a:e6:b0:20:69:1e:3f:fb:
         5d:bb:6b:11:7e:b2:ae:4d:30:7d:d7:d4:1f:f9:b7:4d:04:3c:
         38:d5:27:17:00:c7:6f:c4:3e:8f:33:78:3c:c5:55:5c:24:c4:
         0e:ac:28:5b:36:ae:52:7d:0c:65:2b:29:fa:70:41:3e:ac:f0:
         c5:8d:5a:aa:13:13:46:e5:5f:c7:33:d3:13:22:e0:29:6c:a1:
         86:d3:e6:2b:a1:6b:e1:27:d6:1f:0b:47:99:4f:88:1b:b5:bd:
         7b:09:fd:f6:a7:43:ae:14:cf:06:d4:9c:59:ee:8b:13:90:68:
         3d:c4:b3:c1:7a:de:b7:ed:f3:38:7b:e3:76:4d:35:b6:f7:9a:
         1e:aa:c4:54:78:e9:4c:03:3c:3f:e8:a5:f0:ed:e3:b8:05:1f:
         7a:4a:2b:ad:39:1a:c9:a8:d7:be:4e:e7:15:ab:61:fb:36:49:
         9c:2b:11:15:30:71:9c:48:ef:97:37:9e:05:3b:70:be:eb:ec:
         90:43:c7:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlNcLSMYDrNjvWgtsJH8JB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwOTE1MTI1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjgyYzRjY2UzNzI1N2I0MGI2MWRiNGE2ZmU2OWYzMGQ2MzA3ZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+zurkt1aLPuM749eOD3hRXVnauM
WSQrtgTWDECr+U/qnKfOUVdQ8n35913RBSzrLvnw67OAcWiljmok+GprWzsnp158
ZFpKY65v+SacXu72hLfWyfwdbwjR936GBTck8WwlF0B/MDefv3PtX97lrx4vJ285
jzOAbifzS5Hmi1l71ziAcc15sVDcRSRdPPp3ed9FdFpT9YFHd5HueymDRBILSMc8
UFzEIHwPv0ei0BkmmcVrSorVd10UOsCIPvCLbXcGPKSqA1Y5cvbwe72pb8VoaJj8
mWh5SBv3Vkie0FDjm9L0IhywZoz2Yu4Nj2GZp46Q1WcWKQYzR3UEmWt2TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaCxMzjcle0C2HbSm/mnzDWMH8TMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWm9MRXpPTnlWN1FMWWR0S2ItYWZNTll3ZnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/EMA0G
CSqGSIb3DQEBCwUAA4IBAQAmB6CixZLfZcNNFFrQ8CUael0pAhBt2SLYkeDXQ4wv
yxJv6bnv2BFzqbWhLXs0qlyZANwwn07/IYqOHGXUCGH0WuawIGkeP/tdu2sRfrKu
TTB919Qf+bdNBDw41ScXAMdvxD6PM3g8xVVcJMQOrChbNq5SfQxlKyn6cEE+rPDF
jVqqExNG5V/HM9MTIuApbKGG0+YroWvhJ9YfC0eZT4gbtb17Cf32p0OuFM8G1JxZ
7osTkGg9xLPBet637fM4e+N2TTW295oeqsRUeOlMAzw/6KXw7eO4BR96SiutORrJ
qNe+TucVq2H7NkmcKxEVMHGcSO+XN54FO3C+6+yQQ8em
-----END CERTIFICATE-----