Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zly0HPjprxdyVkXHR1aHuRvdMX0.roa
File:                     zly0HPjprxdyVkXHR1aHuRvdMX0.roa (raw, json)
Hash identifier:          AhwMXgJ+aAK91jE5Y/Rl3QNmkW9Lhcao2gRRENl3Nek=
Subject key identifier:   CE:5C:B4:1C:F8:E9:AF:17:72:56:45:C7:47:56:87:B9:1B:DD:31:7D
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       019D72084DD74699A6396306E95AC6E8F295
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zly0HPjprxdyVkXHR1aHuRvdMX0.roa
Signing time:             Thu 09 Apr 2026 11:37:20 +0000
ROA not before:           Thu 09 Apr 2026 11:37:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50469
IP address blocks:        82.206.24.0/21 maxlen: 24
                          82.206.24.0/23 maxlen: 23
                          82.206.26.0/23 maxlen: 23
                          82.206.28.0/23 maxlen: 23
                          82.206.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:08:4d:d7:46:99:a6:39:63:06:e9:5a:c6:e8:f2:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Apr  9 11:37:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce5cb41cf8e9af17725645c7475687b91bdd317d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:41:7f:e2:ec:c2:37:17:c9:82:1c:a1:3b:9e:
                    7a:cb:b4:03:27:f9:c9:de:df:27:34:23:85:da:d0:
                    ff:56:fa:5d:2f:3d:5b:7f:ac:a5:fa:5e:44:e5:cf:
                    3f:0a:6e:ec:ad:4c:8c:d8:42:6e:80:4f:bc:ae:8b:
                    7f:35:c4:f6:d4:4c:bc:20:77:c9:9c:09:58:be:33:
                    ab:e8:cd:be:02:33:11:70:a1:dd:3a:a5:ed:c1:d6:
                    34:2e:7a:0f:71:40:21:bc:c7:56:09:a7:2e:e8:8f:
                    00:21:03:59:af:ec:fe:f2:bd:39:d4:63:77:98:5f:
                    c1:1e:c1:ab:86:ae:c5:d6:1a:21:d4:b8:8e:25:c4:
                    bb:e6:f6:64:c7:2e:de:93:a7:36:1a:e3:2b:05:03:
                    47:4f:5c:07:1c:55:f8:d5:ce:5d:2d:ac:f8:41:e3:
                    ed:80:b1:8a:8c:a7:39:aa:71:82:5a:ba:eb:21:41:
                    38:01:47:77:d6:92:b1:12:5d:3f:79:93:3b:63:ad:
                    b3:19:9f:e5:a4:8b:2c:4f:0b:27:8e:d1:fa:46:38:
                    40:b6:18:61:79:51:96:42:71:eb:20:7e:05:33:58:
                    5b:e5:10:41:96:19:89:31:a4:7d:99:00:d7:70:78:
                    b3:90:5c:87:5d:c7:d5:2e:8d:2c:f3:1f:1c:48:eb:
                    37:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5C:B4:1C:F8:E9:AF:17:72:56:45:C7:47:56:87:B9:1B:DD:31:7D
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zly0HPjprxdyVkXHR1aHuRvdMX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:6f:5e:ff:f2:f1:bf:f4:00:d5:ff:d0:5a:e1:81:32:fc:47:
         77:74:74:bf:00:c5:9a:aa:38:1c:68:5a:ee:74:78:89:b0:fd:
         ee:2d:d4:a5:6a:b3:e0:f1:76:80:05:22:7d:79:4a:6a:d9:0c:
         0a:c8:9e:cd:90:23:0c:2d:9f:a3:71:6c:34:51:79:f2:6e:59:
         66:48:55:34:00:21:2d:03:a1:6e:34:f9:d1:6c:a4:92:2a:0e:
         b3:31:96:06:ee:0b:dd:7b:e5:6e:c3:a8:58:d7:86:bb:e3:ae:
         b4:b8:d9:b3:ab:5c:fc:a3:d7:46:c1:34:29:b7:39:2b:20:02:
         8e:d7:9a:8e:2f:13:f8:a3:bf:88:d0:55:c5:1b:4a:ca:af:0e:
         2a:23:9d:68:b7:55:2e:26:d0:a7:1b:2a:9a:ab:8f:b4:1b:68:
         8d:47:09:13:eb:2f:30:e4:94:16:68:37:ea:18:55:e2:bb:76:
         43:24:a5:01:e6:52:76:1a:99:a5:c3:85:24:b9:9e:dc:62:b0:
         ba:9e:a4:8e:e7:58:8e:d0:00:6c:98:d9:f3:f9:9f:4f:f6:b5:
         e0:85:0d:64:1c:e3:5a:32:d4:59:1e:7f:c1:00:3f:1c:fb:ec:
         a9:e5:ce:11:fb:2f:f3:7f:9a:64:15:4a:64:b3:0e:fa:71:2e:
         d2:df:86:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yCE3XRpmmOWMG6VrG6PKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjYwNDA5MTEzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVjYjQxY2Y4ZTlhZjE3NzI1NjQ1Yzc0NzU2ODdiOTFiZGQzMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUF/4uzCNxfJghyhO556y7QDJ/nJ
3t8nNCOF2tD/VvpdLz1bf6yl+l5E5c8/Cm7srUyM2EJugE+8rot/NcT21Ey8IHfJ
nAlYvjOr6M2+AjMRcKHdOqXtwdY0LnoPcUAhvMdWCacu6I8AIQNZr+z+8r051GN3
mF/BHsGrhq7F1hoh1LiOJcS75vZkxy7ek6c2GuMrBQNHT1wHHFX41c5dLaz4QePt
gLGKjKc5qnGCWrrrIUE4AUd31pKxEl0/eZM7Y62zGZ/lpIssTwsnjtH6RjhAthhh
eVGWQnHrIH4FM1hb5RBBlhmJMaR9mQDXcHizkFyHXcfVLo0s8x8cSOs3+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5ctBz46a8XclZFx0dWh7kb3TF9MB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvemx5MEhQanByeGR5VmtYSFIxYUh1UnZkTVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUs4YMA0G
CSqGSIb3DQEBCwUAA4IBAQCMb17/8vG/9ADV/9Ba4YEy/Ed3dHS/AMWaqjgcaFru
dHiJsP3uLdSlarPg8XaABSJ9eUpq2QwKyJ7NkCMMLZ+jcWw0UXnybllmSFU0ACEt
A6FuNPnRbKSSKg6zMZYG7gvde+Vuw6hY14a74660uNmzq1z8o9dGwTQptzkrIAKO
15qOLxP4o7+I0FXFG0rKrw4qI51ot1UuJtCnGyqaq4+0G2iNRwkT6y8w5JQWaDfq
GFXiu3ZDJKUB5lJ2Gpmlw4UkuZ7cYrC6nqSO51iO0ABsmNnz+Z9P9rXghQ1kHONa
MtRZHn/BAD8c++yp5c4R+y/zf5pkFUpksw76cS7S34Yn
-----END CERTIFICATE-----