Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ZQLN_dWvnootCr6oU-WKUNyidWo.roa
File:                     ZQLN_dWvnootCr6oU-WKUNyidWo.roa (raw, json)
Hash identifier:          qNBfO6rrMj+NfzmvJq+6wuiskS/8YAYyE4t1or9yZaM=
Subject key identifier:   65:02:CD:FD:D5:AF:9E:8A:2D:0A:BE:A8:53:E5:8A:50:DC:A2:75:6A
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019E8F49CAFF18B086843A360430A95EE87C
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ZQLN_dWvnootCr6oU-WKUNyidWo.roa
Signing time:             Wed 03 Jun 2026 21:00:38 +0000
ROA not before:           Wed 03 Jun 2026 21:00:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34346
IP address blocks:        87.232.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8f:49:ca:ff:18:b0:86:84:3a:36:04:30:a9:5e:e8:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Jun  3 21:00:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6502cdfdd5af9e8a2d0abea853e58a50dca2756a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2d:03:d9:ef:f9:a8:4f:46:55:7c:ae:5a:74:
                    8a:ea:c7:ef:c5:01:a5:fd:01:33:3b:be:a7:8d:28:
                    01:d5:fd:20:51:15:60:04:e6:00:b6:6a:4d:5e:0c:
                    ba:95:76:f7:f9:3d:55:84:a0:18:be:07:33:75:02:
                    a7:03:e9:ed:16:c0:1c:8b:3c:5e:d9:8f:4b:f7:e4:
                    29:81:f8:70:83:ea:63:34:a8:13:31:06:24:ba:43:
                    51:d1:22:c6:86:00:65:a3:70:d4:38:11:0a:f1:44:
                    c1:ea:b4:90:2b:f0:30:b4:ae:b5:78:fb:8a:4a:b0:
                    45:9d:f4:a9:01:ab:08:bc:56:3e:99:61:5c:5b:62:
                    0e:65:a8:50:33:6b:59:5a:b3:1b:0d:56:d6:9b:f7:
                    fa:a0:da:05:11:cf:29:5e:34:51:97:cb:28:ec:01:
                    35:10:0c:d7:fd:9d:f4:8d:0b:f0:33:1e:af:42:e0:
                    e0:7d:bb:a3:fb:71:48:32:27:74:47:80:95:1c:e1:
                    fb:92:e0:b4:fb:d6:23:5d:76:55:89:41:ff:51:c8:
                    b5:4c:c8:04:55:05:db:d3:d2:0a:ba:ce:e9:1c:26:
                    9f:df:cf:23:af:5c:c9:26:2b:d5:83:fc:c6:01:33:
                    cd:18:24:d9:e7:fb:11:20:d3:05:51:d1:3e:73:1b:
                    11:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:02:CD:FD:D5:AF:9E:8A:2D:0A:BE:A8:53:E5:8A:50:DC:A2:75:6A
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/ZQLN_dWvnootCr6oU-WKUNyidWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:23:ee:6e:e0:1b:87:38:da:13:6d:0f:c2:84:c3:d6:90:d7:
         54:14:ce:47:bd:1d:e2:06:ca:0a:55:14:7c:2c:7c:4a:d9:e6:
         37:62:cb:83:cd:f0:41:23:3f:ad:93:f7:5e:31:19:9b:10:a7:
         c9:a8:28:42:07:57:04:96:db:1e:c5:b2:27:81:67:c8:33:23:
         a1:ea:76:28:43:be:5a:3f:bd:b5:d9:0c:4b:67:b2:8e:13:c2:
         e5:89:d4:76:c1:00:86:03:af:13:ff:2f:c7:0c:d6:4c:af:eb:
         bc:14:a8:5e:50:30:e9:17:0b:04:b4:d2:bd:7f:6e:9e:a5:4c:
         e6:a6:8d:63:4a:79:f8:c6:ae:bb:c3:71:e5:55:ea:a6:c7:39:
         8d:57:a0:3a:23:bd:a1:9e:ab:a3:25:75:ec:24:3c:19:34:09:
         da:7b:e4:ff:99:18:01:64:11:b9:aa:7b:5a:d4:c7:63:ae:db:
         0c:3e:ca:f4:0d:01:fa:21:63:69:77:b6:f7:3d:26:ed:ea:bb:
         7d:f3:b9:1b:8a:39:72:16:07:ec:ef:e0:e2:45:f5:18:5b:6c:
         5f:a3:8c:8b:cf:55:5e:cd:0f:59:61:12:60:6d:cb:2f:b2:fb:
         e7:bb:9f:8e:fd:89:65:1d:bd:f4:3b:dd:7c:65:6c:7d:44:b7:
         08:41:76:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6PScr/GLCGhDo2BDCpXuh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNjAzMjEwMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTAyY2RmZGQ1YWY5ZThhMmQwYWJlYTg1M2U1OGE1MGRjYTI3NTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS0D2e/5qE9GVXyuWnSK6sfvxQGl
/QEzO76njSgB1f0gURVgBOYAtmpNXgy6lXb3+T1VhKAYvgczdQKnA+ntFsAcizxe
2Y9L9+Qpgfhwg+pjNKgTMQYkukNR0SLGhgBlo3DUOBEK8UTB6rSQK/AwtK61ePuK
SrBFnfSpAasIvFY+mWFcW2IOZahQM2tZWrMbDVbWm/f6oNoFEc8pXjRRl8so7AE1
EAzX/Z30jQvwMx6vQuDgfbuj+3FIMid0R4CVHOH7kuC0+9YjXXZViUH/Uci1TMgE
VQXb09IKus7pHCaf388jr1zJJivVg/zGATPNGCTZ5/sRINMFUdE+cxsRywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUCzf3Vr56KLQq+qFPlilDconVqMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvWlFMTl9kV3Zub290Q3I2b1UtV0tVTnlpZFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hSMA0G
CSqGSIb3DQEBCwUAA4IBAQB4I+5u4BuHONoTbQ/ChMPWkNdUFM5HvR3iBsoKVRR8
LHxK2eY3YsuDzfBBIz+tk/deMRmbEKfJqChCB1cEltsexbIngWfIMyOh6nYoQ75a
P7212QxLZ7KOE8LlidR2wQCGA68T/y/HDNZMr+u8FKheUDDpFwsEtNK9f26epUzm
po1jSnn4xq67w3HlVeqmxzmNV6A6I72hnqujJXXsJDwZNAnae+T/mRgBZBG5qnta
1MdjrtsMPsr0DQH6IWNpd7b3PSbt6rt987kbijlyFgfs7+DiRfUYW2xfo4yLz1Ve
zQ9ZYRJgbcsvsvvnu5+O/YllHb30O918ZWx9RLcIQXZK
-----END CERTIFICATE-----