Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZwNFu4kzYro4S0QFXWvCkbCmO5M.roa
File:                     ZwNFu4kzYro4S0QFXWvCkbCmO5M.roa (raw, json)
Hash identifier:          I1hbLtHQUsldhQVVS77A6pJCs/eXXAADor0A4UbmWac=
Subject key identifier:   67:03:45:BB:89:33:62:BA:38:4B:44:05:5D:6B:C2:91:B0:A6:3B:93
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019A50CC623585FF599C0EEEC16E00AC9136
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZwNFu4kzYro4S0QFXWvCkbCmO5M.roa
Signing time:             Tue 04 Nov 2025 21:36:03 +0000
ROA not before:           Tue 04 Nov 2025 21:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43833
IP address blocks:        80.254.224.0/22 maxlen: 22
                          89.29.203.0/24 maxlen: 24
                          193.177.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:cc:62:35:85:ff:59:9c:0e:ee:c1:6e:00:ac:91:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Nov  4 21:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=670345bb893362ba384b44055d6bc291b0a63b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:23:17:d6:82:ad:ee:27:cd:5a:00:32:4f:31:
                    e7:9c:6f:61:ea:c3:f8:34:85:1b:a7:c7:fc:91:e5:
                    89:bd:48:60:3c:2f:9a:73:57:fb:02:ad:06:e6:f8:
                    1c:4d:5f:d1:61:3c:31:92:df:f9:30:f7:41:e3:97:
                    77:bd:8e:58:78:7f:b2:88:6f:a4:18:32:a6:db:01:
                    de:a0:b4:1a:a7:cc:cd:0d:a4:18:55:2f:2e:d2:aa:
                    10:4d:d1:46:4e:66:8b:9a:26:e5:db:f1:92:72:d4:
                    2b:8d:e3:66:8e:32:36:10:50:3e:62:9c:b3:c3:b0:
                    ae:5e:a8:84:d4:c0:94:22:f9:a9:3c:d0:62:ba:22:
                    02:77:55:57:38:29:f8:2f:a1:3a:f5:8a:3d:82:34:
                    ca:37:71:fe:97:4e:c9:d2:4e:84:a0:f7:0e:2d:2d:
                    4e:13:c7:ac:bc:d6:64:68:4b:5f:b3:41:0e:68:26:
                    f4:b3:4c:7c:2f:8a:b2:df:51:99:59:fa:b9:69:d5:
                    3f:81:cb:9d:53:9e:e7:1f:ea:37:60:28:09:61:39:
                    5f:fd:38:05:9a:25:fb:ec:d9:1f:91:04:d1:65:51:
                    bf:a0:20:3d:18:21:5d:7d:b7:f7:8d:04:8e:69:6a:
                    86:d8:23:8b:46:40:09:99:fe:93:13:b7:b6:44:90:
                    c0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:03:45:BB:89:33:62:BA:38:4B:44:05:5D:6B:C2:91:B0:A6:3B:93
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZwNFu4kzYro4S0QFXWvCkbCmO5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.224.0/22
                  89.29.203.0/24
                  193.177.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c9:41:38:b0:69:b2:d1:26:bf:e6:6c:9e:99:3f:f2:e9:f7:f5:
         07:8a:58:51:57:0b:47:46:80:c9:61:61:a0:e3:d6:72:75:ba:
         a8:61:4a:38:7b:01:ea:3e:fb:2e:50:fe:b4:77:ab:b7:d0:1b:
         06:39:aa:a9:a4:9b:c8:14:e9:71:61:3c:39:fc:7f:7e:fa:97:
         23:83:a8:b5:3a:76:6d:20:0f:26:83:44:7d:cd:88:c1:3e:b3:
         1c:d0:55:cb:39:31:1d:23:ff:f3:78:1a:ef:a7:74:26:57:b9:
         d9:de:e5:4e:af:be:d0:a4:cd:af:dd:e6:92:de:46:ea:ef:d0:
         d6:6f:d7:ce:31:01:2f:b9:45:a6:89:45:46:37:f4:bf:e7:48:
         33:5a:c8:83:11:96:d4:e9:99:33:d1:f1:05:f7:59:9e:39:45:
         5e:b5:c3:e2:d5:3b:73:ae:44:89:9a:bc:c9:b6:14:7e:f5:f9:
         f3:2e:39:34:9d:25:a0:67:fc:75:43:ab:7f:00:a6:a7:4b:a3:
         07:fb:29:8e:91:bc:e7:e8:bb:af:7f:7e:3e:87:b0:8f:4b:86:
         8c:d9:86:14:78:1e:32:b4:db:cd:c1:11:be:fb:bc:12:97:ee:
         f2:c3:7b:bc:62:e4:90:5c:0b:7c:70:ed:62:f5:f6:a9:b1:2d:
         d1:b1:94:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpQzGI1hf9ZnA7uwW4ArJE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUxMTA0MjEzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzAzNDViYjg5MzM2MmJhMzg0YjQ0MDU1ZDZiYzI5MWIwYTYzYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiMX1oKt7ifNWgAyTzHnnG9h6sP4
NIUbp8f8keWJvUhgPC+ac1f7Aq0G5vgcTV/RYTwxkt/5MPdB45d3vY5YeH+yiG+k
GDKm2wHeoLQap8zNDaQYVS8u0qoQTdFGTmaLmibl2/GSctQrjeNmjjI2EFA+Ypyz
w7CuXqiE1MCUIvmpPNBiuiICd1VXOCn4L6E69Yo9gjTKN3H+l07J0k6EoPcOLS1O
E8esvNZkaEtfs0EOaCb0s0x8L4qy31GZWfq5adU/gcudU57nH+o3YCgJYTlf/TgF
miX77NkfkQTRZVG/oCA9GCFdfbf3jQSOaWqG2COLRkAJmf6TE7e2RJDAVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGcDRbuJM2K6OEtEBV1rwpGwpjuTMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvWndORnU0a3pZcm80UzBRRlhXdkNrYkNtTzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCUP7gAwQA
WR3LAwQCwbHUMA0GCSqGSIb3DQEBCwUAA4IBAQDJQTiwabLRJr/mbJ6ZP/Lp9/UH
ilhRVwtHRoDJYWGg49ZydbqoYUo4ewHqPvsuUP60d6u30BsGOaqppJvIFOlxYTw5
/H9++pcjg6i1OnZtIA8mg0R9zYjBPrMc0FXLOTEdI//zeBrvp3QmV7nZ3uVOr77Q
pM2v3eaS3kbq79DWb9fOMQEvuUWmiUVGN/S/50gzWsiDEZbU6Zkz0fEF91meOUVe
tcPi1TtzrkSJmrzJthR+9fnzLjk0nSWgZ/x1Q6t/AKanS6MH+ymOkbzn6Luvf34+
h7CPS4aM2YYUeB4ytNvNwRG++7wSl+7yw3u8YuSQXAt8cO1i9fapsS3RsZRc
-----END CERTIFICATE-----