Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/ZFCTY3PsuMa71RzfQ6nCPjLEWBc.roa
File:                     ZFCTY3PsuMa71RzfQ6nCPjLEWBc.roa (raw, json)
Hash identifier:          wCYyiC0rq2E0dP/bzYjGwhF+dlIF9NLS1wNYb3WnGOE=
Subject key identifier:   64:50:93:63:73:EC:B8:C6:BB:D5:1C:DF:43:A9:C2:3E:32:C4:58:17
Certificate issuer:       /CN=b40c95867c3084c4c16a2febb46651090f3247e4
Certificate serial:       019B7F858ADCE034292051FF6E282425A898
Authority key identifier: B4:0C:95:86:7C:30:84:C4:C1:6A:2F:EB:B4:66:51:09:0F:32:47:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/ZFCTY3PsuMa71RzfQ6nCPjLEWBc.roa
Signing time:             Fri 02 Jan 2026 16:23:36 +0000
ROA not before:           Fri 02 Jan 2026 16:23:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50501
IP address blocks:        193.105.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:8a:dc:e0:34:29:20:51:ff:6e:28:24:25:a8:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b40c95867c3084c4c16a2febb46651090f3247e4
        Validity
            Not Before: Jan  2 16:23:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6450936373ecb8c6bbd51cdf43a9c23e32c45817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6c:97:86:ce:d2:b2:ed:85:7c:6e:1a:36:be:
                    53:56:0d:b6:c2:b2:21:03:d0:3e:14:d2:ab:f2:c3:
                    e2:4a:8b:a2:aa:a6:3b:ad:9f:87:89:e0:a4:e5:1a:
                    d4:0f:ec:15:89:d6:fc:b3:35:3a:cd:4f:54:7f:b1:
                    18:6b:d4:fb:c2:b4:b8:6c:82:08:70:a5:6c:23:d0:
                    54:4c:d8:9e:55:f1:a4:ee:84:e3:a6:52:54:2b:88:
                    fd:81:07:f2:2d:bf:64:9e:74:52:e9:6f:6e:84:ca:
                    79:d8:45:49:61:e2:24:3a:05:79:e3:0e:be:8a:98:
                    78:14:a9:73:a5:11:b2:f5:47:a2:73:d2:4e:dd:3f:
                    55:e9:06:dc:df:c4:42:41:35:61:a1:9b:ee:db:b4:
                    d3:fc:a8:f2:6e:df:b2:3f:1d:c6:01:67:10:8c:6e:
                    94:22:9a:56:ae:71:2c:14:0e:92:31:f3:da:da:72:
                    9a:48:3c:e7:1a:85:88:4f:97:19:db:f5:77:28:33:
                    92:cd:bc:f0:ea:a4:13:f6:8c:2c:51:75:d4:be:80:
                    b9:81:63:bc:f9:a0:0d:52:90:8c:53:a5:62:01:42:
                    f6:4c:25:65:8e:8b:fb:5f:69:74:ee:84:7f:6f:7c:
                    a0:85:77:37:5d:91:20:9d:27:41:dd:09:fc:ad:ff:
                    cc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:50:93:63:73:EC:B8:C6:BB:D5:1C:DF:43:A9:C2:3E:32:C4:58:17
            X509v3 Authority Key Identifier:
                keyid:B4:0C:95:86:7C:30:84:C4:C1:6A:2F:EB:B4:66:51:09:0F:32:47:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/ZFCTY3PsuMa71RzfQ6nCPjLEWBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:f9:78:19:48:e8:a2:5d:f1:e1:97:cc:47:85:b0:ac:13:10:
         e6:e8:b5:77:dc:c2:db:1b:df:43:08:f5:5a:43:58:93:66:eb:
         ad:4f:a7:35:2f:39:6a:18:78:55:ae:58:7d:9a:63:d9:d3:30:
         6e:31:a8:07:43:b9:e9:45:0b:5e:88:57:f3:23:3d:ca:2c:84:
         15:c2:92:6a:42:26:ea:91:15:df:f8:22:5a:3f:6f:26:0c:f7:
         b4:56:a9:65:f3:b6:a9:82:68:26:a4:94:58:f5:45:fc:23:35:
         01:8e:d8:21:64:d4:bd:30:ee:e8:3a:10:d8:aa:fd:eb:ee:cc:
         d3:6c:80:ca:86:fa:f5:9d:e0:a4:5b:54:ea:41:72:ec:fd:c6:
         9b:63:f6:be:16:52:75:60:43:c2:97:76:b8:5c:d9:d4:0b:98:
         13:a7:85:7a:17:a3:b9:4a:31:69:d0:0a:43:2a:31:5c:60:27:
         3c:b2:44:ed:3f:b2:aa:ea:89:ec:29:3e:5d:1e:a6:de:78:71:
         fc:30:e6:2a:3e:53:b3:3f:7d:f6:e9:f9:3b:71:b6:c5:c3:7e:
         d4:45:10:5e:c1:f9:07:f7:26:ca:d6:67:6f:d1:87:47:31:de:
         0e:51:5d:45:b6:5b:5d:e8:c5:a9:2a:88:95:f5:ca:35:0c:ec:
         8f:60:e4:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hYrc4DQpIFH/bigkJaiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MGM5NTg2N2MzMDg0YzRjMTZhMmZlYmI0NjY1MTA5MGYz
MjQ3ZTQwHhcNMjYwMTAyMTYyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUwOTM2MzczZWNiOGM2YmJkNTFjZGY0M2E5YzIzZTMyYzQ1ODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GyXhs7Ssu2FfG4aNr5TVg22wrIh
A9A+FNKr8sPiSouiqqY7rZ+HieCk5RrUD+wVidb8szU6zU9Uf7EYa9T7wrS4bIII
cKVsI9BUTNieVfGk7oTjplJUK4j9gQfyLb9knnRS6W9uhMp52EVJYeIkOgV54w6+
iph4FKlzpRGy9Ueic9JO3T9V6Qbc38RCQTVhoZvu27TT/Kjybt+yPx3GAWcQjG6U
IppWrnEsFA6SMfPa2nKaSDznGoWIT5cZ2/V3KDOSzbzw6qQT9owsUXXUvoC5gWO8
+aANUpCMU6ViAUL2TCVljov7X2l07oR/b3yghXc3XZEgnSdB3Qn8rf/MkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRQk2Nz7LjGu9Uc30Opwj4yxFgXMB8GA1UdIwQY
MBaAFLQMlYZ8MITEwWov67RmUQkPMkfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEF5Vmhud3doTVRCYWlfcnRHWlJDUTh5Ui1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zMTgyY2UtOWQyZi00YjIyLWFiY2Qt
YWNkOWEyZWNhMzNmLzEvWkZDVFkzUHN1TWE3MVJ6ZlE2bkNQakxFV0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zMTgyY2UtOWQyZi00YjIyLWFiY2QtYWNkOWEyZWNhMzNm
LzEvdEF5Vmhud3doTVRCYWlfcnRHWlJDUTh5Ui1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlVMA0G
CSqGSIb3DQEBCwUAA4IBAQCa+XgZSOiiXfHhl8xHhbCsExDm6LV33MLbG99DCPVa
Q1iTZuutT6c1LzlqGHhVrlh9mmPZ0zBuMagHQ7npRQteiFfzIz3KLIQVwpJqQibq
kRXf+CJaP28mDPe0Vqll87apgmgmpJRY9UX8IzUBjtghZNS9MO7oOhDYqv3r7szT
bIDKhvr1neCkW1TqQXLs/cabY/a+FlJ1YEPCl3a4XNnUC5gTp4V6F6O5SjFp0ApD
KjFcYCc8skTtP7Kq6onsKT5dHqbeeHH8MOYqPlOzP3326fk7cbbFw37URRBewfkH
9ybK1mdv0YdHMd4OUV1Ftltd6MWpKoiV9co1DOyPYOTw
-----END CERTIFICATE-----