Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ZbgRuzhLg6qXCoUYvZmCe9DtILk.roa
File:                     ZbgRuzhLg6qXCoUYvZmCe9DtILk.roa (raw, json)
Hash identifier:          bYfwJO2Q8i2bMjw8VBuaKZ6RUFRuUETk8qoMI2Pdy/Y=
Subject key identifier:   65:B8:11:BB:38:4B:83:AA:97:0A:85:18:BD:99:82:7B:D0:ED:20:B9
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019EC1BE8F34B82F4FF98E774C443B28AD59
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ZbgRuzhLg6qXCoUYvZmCe9DtILk.roa
Signing time:             Sat 13 Jun 2026 16:09:11 +0000
ROA not before:           Sat 13 Jun 2026 16:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        80.174.108.0/23 maxlen: 24
                          80.174.127.0/24 maxlen: 24
                          80.174.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 16:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c1:be:8f:34:b8:2f:4f:f9:8e:77:4c:44:3b:28:ad:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Jun 13 16:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65b811bb384b83aa970a8518bd99827bd0ed20b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:08:dd:66:2d:42:0c:0d:4c:a5:b0:ac:12:df:
                    19:e7:61:f4:38:37:b4:8a:bb:91:56:00:08:c8:96:
                    57:61:23:16:95:49:c3:e4:3e:80:27:6c:ee:d2:65:
                    f4:70:2d:96:01:c5:bc:65:38:43:d0:c0:a7:d8:db:
                    1d:c7:da:4f:94:97:28:b6:70:dd:5f:07:08:a7:e8:
                    d9:41:33:54:eb:b0:ae:3a:fb:22:0a:ae:4e:02:e0:
                    21:da:d7:30:99:41:ea:e4:dc:b7:ce:db:a1:85:c8:
                    69:15:a4:d2:ba:58:8e:1c:db:f8:f7:f1:6e:42:87:
                    67:88:11:aa:a2:90:db:2b:52:6d:bc:90:9f:4b:c6:
                    94:88:de:1f:f8:82:b7:24:e4:7b:67:39:0b:3a:41:
                    11:af:04:c6:8b:d4:1b:7b:0a:91:01:a5:4b:17:38:
                    a9:2f:a8:79:19:cb:6b:db:98:bb:bd:8a:bd:b6:58:
                    97:63:72:be:f6:62:da:de:69:25:fa:1e:a5:0f:48:
                    ca:2a:8a:93:c6:45:32:4d:b6:4e:50:d7:a8:44:11:
                    b7:a7:8b:34:b9:02:46:aa:da:58:6e:98:f8:7f:38:
                    b9:5f:a5:e5:30:3c:56:e0:0f:fb:45:72:cb:9e:2e:
                    15:31:c2:06:44:e8:36:25:1b:56:0b:59:27:f0:d9:
                    3e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B8:11:BB:38:4B:83:AA:97:0A:85:18:BD:99:82:7B:D0:ED:20:B9
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ZbgRuzhLg6qXCoUYvZmCe9DtILk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.108.0/23
                  80.174.127.0/24
                  80.174.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:00:cb:c1:5c:69:f4:a1:e1:65:55:08:92:53:00:01:9c:f3:
         c9:1f:00:8a:a4:6d:aa:60:70:2d:33:2c:65:05:1d:35:2e:f3:
         4e:88:bb:96:a7:ee:4f:35:1b:58:44:bc:c0:78:b5:e0:e2:a8:
         10:7c:e9:e0:9b:02:63:34:a0:e7:3e:07:cf:d6:7d:a4:29:4c:
         93:af:c9:90:e9:5d:5c:7a:7c:77:31:cd:06:76:07:ce:2d:c0:
         96:20:3e:94:83:6e:61:13:96:8a:e5:bb:ad:3b:af:21:1e:49:
         eb:97:9f:20:17:8f:30:38:c1:da:7b:22:14:2c:72:1d:b3:96:
         a2:84:8c:dd:19:0b:36:a1:b2:18:56:51:d3:0b:3a:f4:4b:cd:
         e7:87:88:85:75:f0:17:1e:81:22:9b:16:98:df:47:2e:28:82:
         1d:f1:1d:84:64:da:6f:a4:84:45:f3:e0:05:05:37:0b:15:74:
         2b:b7:66:13:c2:ab:16:a5:6b:bc:c1:50:23:fd:8a:e5:7f:65:
         b9:25:76:73:a4:ef:a9:9e:52:b2:20:d2:8e:7d:81:51:68:83:
         3b:2a:ae:e5:20:5d:25:41:c0:a2:6d:39:54:ef:d5:81:34:09:
         6e:f0:85:55:da:26:e3:36:df:ed:3a:66:e2:7b:bd:45:f7:c8:
         e5:02:ae:24
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7Bvo80uC9P+Y53TEQ7KK1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNjEzMTYwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI4MTFiYjM4NGI4M2FhOTcwYTg1MThiZDk5ODI3YmQwZWQyMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngjdZi1CDA1MpbCsEt8Z52H0ODe0
iruRVgAIyJZXYSMWlUnD5D6AJ2zu0mX0cC2WAcW8ZThD0MCn2Nsdx9pPlJcotnDd
XwcIp+jZQTNU67CuOvsiCq5OAuAh2tcwmUHq5Ny3ztuhhchpFaTSuliOHNv49/Fu
QodniBGqopDbK1JtvJCfS8aUiN4f+IK3JOR7ZzkLOkERrwTGi9QbewqRAaVLFzip
L6h5Gctr25i7vYq9tliXY3K+9mLa3mkl+h6lD0jKKoqTxkUyTbZOUNeoRBG3p4s0
uQJGqtpYbpj4fzi5X6XlMDxW4A/7RXLLni4VMcIGROg2JRtWC1kn8Nk+1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGW4Ebs4S4OqlwqFGL2ZgnvQ7SC5MB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvWmJnUnV6aExnNnFYQ29VWXZabUNlOUR0SUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUK5sAwQA
UK5/AwQAUK76MA0GCSqGSIb3DQEBCwUAA4IBAQClAMvBXGn0oeFlVQiSUwABnPPJ
HwCKpG2qYHAtMyxlBR01LvNOiLuWp+5PNRtYRLzAeLXg4qgQfOngmwJjNKDnPgfP
1n2kKUyTr8mQ6V1cenx3Mc0GdgfOLcCWID6Ug25hE5aK5butO68hHknrl58gF48w
OMHaeyIULHIds5aihIzdGQs2obIYVlHTCzr0S83nh4iFdfAXHoEimxaY30cuKIId
8R2EZNpvpIRF8+AFBTcLFXQrt2YTwqsWpWu8wVAj/Yrlf2W5JXZzpO+pnlKyINKO
fYFRaIM7Kq7lIF0lQcCibTlU79WBNAlu8IVV2ibjNt/tOmbie71F98jlAq4k
-----END CERTIFICATE-----