Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/zNKUtHAFTtLYqLumLGcRzG27f7Y.roa
File:                     zNKUtHAFTtLYqLumLGcRzG27f7Y.roa (raw, json)
Hash identifier:          872Fq4m0qhsFSDlfogdNcIFhv8haNEfuUjtryb/YTr0=
Subject key identifier:   CC:D2:94:B4:70:05:4E:D2:D8:A8:BB:A6:2C:67:11:CC:6D:BB:7F:B6
Certificate issuer:       /CN=525b705a91dbc30ed10eb7222b7797b834e01863
Certificate serial:       019BA375072565BA3F210C258D853B65FB26
Authority key identifier: 52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/zNKUtHAFTtLYqLumLGcRzG27f7Y.roa
Signing time:             Fri 09 Jan 2026 15:51:54 +0000
ROA not before:           Fri 09 Jan 2026 15:51:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204880
IP address blocks:        185.236.240.0/23 maxlen: 24
                          2a0d:eb00::/32 maxlen: 48
                          2a0d:eb01::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a3:75:07:25:65:ba:3f:21:0c:25:8d:85:3b:65:fb:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525b705a91dbc30ed10eb7222b7797b834e01863
        Validity
            Not Before: Jan  9 15:51:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccd294b470054ed2d8a8bba62c6711cc6dbb7fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fe:76:68:88:83:66:d7:d8:77:77:98:df:ab:
                    86:11:74:61:c9:c4:4f:c5:2f:4c:b0:9e:84:5a:23:
                    cb:6c:e8:f2:15:1f:fe:33:37:de:0c:6d:ab:d7:4f:
                    d4:32:49:48:cd:66:0e:0e:59:33:4d:d5:3b:83:52:
                    72:c1:7f:94:af:03:07:06:83:ab:d1:b3:99:f0:98:
                    be:d8:f6:8a:75:da:08:d4:50:08:11:d8:3c:39:dd:
                    54:2b:bc:cb:c3:ea:d6:3e:83:73:33:4a:4b:05:3e:
                    f0:b9:20:50:e1:fb:31:3f:f3:dd:e6:f3:c5:ff:a0:
                    3c:b0:e2:a3:ae:5d:83:ea:be:e9:56:e5:39:64:09:
                    8f:93:69:7b:c8:75:0d:db:af:2f:bf:6e:e9:f7:b4:
                    7e:cc:fb:59:47:69:37:b0:4d:a2:7d:53:3d:a5:ca:
                    96:89:e8:73:f7:1f:fb:ad:b4:82:c1:60:5d:4d:7c:
                    5c:17:26:10:62:91:7e:a7:21:12:81:4d:61:89:df:
                    a2:17:b2:5e:72:78:83:81:ca:73:c3:8f:df:c0:06:
                    c5:cb:f7:10:d6:c1:d0:7b:d8:42:55:1a:e7:f9:52:
                    03:35:a3:92:a3:11:99:a7:1f:88:75:60:04:3d:87:
                    bf:11:ae:10:c3:af:bc:20:db:d7:c4:c8:b6:25:8f:
                    6c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D2:94:B4:70:05:4E:D2:D8:A8:BB:A6:2C:67:11:CC:6D:BB:7F:B6
            X509v3 Authority Key Identifier:
                keyid:52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/zNKUtHAFTtLYqLumLGcRzG27f7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.240.0/23
                IPv6:
                  2a0d:eb00::-2a0d:eb01:ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         80:a5:dc:d2:40:d8:05:9b:f0:e0:82:11:f0:28:eb:6c:a4:dc:
         76:0a:a5:f1:aa:d3:dd:e2:3d:35:9b:cc:dc:a5:5d:c7:01:ae:
         d7:b7:05:45:48:7b:eb:07:29:fd:ec:b2:9f:75:48:05:89:17:
         b0:de:36:18:91:2c:f3:81:b0:2c:b8:87:3e:49:98:aa:78:f7:
         fb:44:9a:a8:63:3e:4f:83:58:bc:94:25:d9:af:71:be:d3:c3:
         a1:44:43:c8:a1:db:86:67:19:7f:de:31:58:e4:9c:56:10:1d:
         57:83:3b:31:ff:6d:05:e9:9c:a3:6d:15:53:56:f9:e0:c8:49:
         fc:a3:a1:5d:06:98:35:0a:77:09:57:04:31:c8:31:8a:9b:f4:
         41:23:2e:9d:9b:d8:9f:f5:02:cd:f6:1b:ea:7e:ab:c8:f8:95:
         43:c1:45:58:53:21:6d:89:2e:1a:76:fb:8d:d2:93:94:ca:58:
         09:32:29:20:45:e5:01:5f:e7:2b:93:61:42:e7:71:ef:54:f9:
         ff:d8:2f:fc:6b:dd:92:9d:53:33:5c:8a:3d:ab:b1:be:34:e6:
         b6:f2:e4:91:64:b6:26:e8:02:72:e3:d7:7c:e2:64:29:59:aa:
         0a:54:52:b6:4d:5c:da:c3:94:52:89:cd:7f:ca:cd:73:b0:99:
         da:48:1e:fa
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZujdQclZbo/IQwljYU7ZfsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWI3MDVhOTFkYmMzMGVkMTBlYjcyMjJiNzc5N2I4MzRl
MDE4NjMwHhcNMjYwMTA5MTU1MTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2QyOTRiNDcwMDU0ZWQyZDhhOGJiYTYyYzY3MTFjYzZkYmI3ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf52aIiDZtfYd3eY36uGEXRhycRP
xS9MsJ6EWiPLbOjyFR/+MzfeDG2r10/UMklIzWYODlkzTdU7g1JywX+UrwMHBoOr
0bOZ8Ji+2PaKddoI1FAIEdg8Od1UK7zLw+rWPoNzM0pLBT7wuSBQ4fsxP/Pd5vPF
/6A8sOKjrl2D6r7pVuU5ZAmPk2l7yHUN268vv27p97R+zPtZR2k3sE2ifVM9pcqW
iehz9x/7rbSCwWBdTXxcFyYQYpF+pyESgU1hid+iF7JecniDgcpzw4/fwAbFy/cQ
1sHQe9hCVRrn+VIDNaOSoxGZpx+IdWAEPYe/Ea4Qw6+8INvXxMi2JY9sfwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMzSlLRwBU7S2Ki7pixnEcxtu3+2MB8GA1UdIwQY
MBaAFFJbcFqR28MO0Q63Iit3l7g04BhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQt
ZjQ2ODg3ZGY5ODYzLzEvek5LVXRIQUZUdExZcUx1bUxHY1J6RzI3ZjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQtZjQ2ODg3ZGY5ODYz
LzEvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQBuezwMBYE
AgACMBAwDgMEACoN6wMGACoN6wEAMA0GCSqGSIb3DQEBCwUAA4IBAQCApdzSQNgF
m/DgghHwKOtspNx2CqXxqtPd4j01m8zcpV3HAa7XtwVFSHvrByn97LKfdUgFiRew
3jYYkSzzgbAsuIc+SZiqePf7RJqoYz5Pg1i8lCXZr3G+08OhREPIoduGZxl/3jFY
5JxWEB1Xgzsx/20F6ZyjbRVTVvngyEn8o6FdBpg1CncJVwQxyDGKm/RBIy6dm9if
9QLN9hvqfqvI+JVDwUVYUyFtiS4advuN0pOUylgJMikgReUBX+crk2FC53HvVPn/
2C/8a92SnVMzXIo9q7G+NOa28uSRZLYm6AJy49d84mQpWaoKVFK2TVzaw5RSic1/
ys1zsJnaSB76
-----END CERTIFICATE-----