Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/_Ztkitj_cASVHW2RAI2sAldy7Vo.roa
File:                     _Ztkitj_cASVHW2RAI2sAldy7Vo.roa (raw, json)
Hash identifier:          hW5RHVfn1YCqYqZcPChcTmTjzUnojtrXBaP46yWsbeg=
Subject key identifier:   FD:9B:64:8A:D8:FF:70:04:95:1D:6D:91:00:8D:AC:02:57:72:ED:5A
Certificate issuer:       /CN=3b5fc69b7c6ee869930ce0b8391ee5d84c53494a
Certificate serial:       019B7CED5C2B145ADDDDB58EB13FC43E995E
Authority key identifier: 3B:5F:C6:9B:7C:6E:E8:69:93:0C:E0:B8:39:1E:E5:D8:4C:53:49:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/_Ztkitj_cASVHW2RAI2sAldy7Vo.roa
Signing time:             Fri 02 Jan 2026 04:18:09 +0000
ROA not before:           Fri 02 Jan 2026 04:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213635
IP address blocks:        91.211.196.0/22 maxlen: 24
                          193.109.152.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:5c:2b:14:5a:dd:dd:b5:8e:b1:3f:c4:3e:99:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b5fc69b7c6ee869930ce0b8391ee5d84c53494a
        Validity
            Not Before: Jan  2 04:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd9b648ad8ff7004951d6d91008dac025772ed5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9b:d3:6b:66:ae:c8:a2:7d:07:ec:cc:b6:2e:
                    00:4a:47:2a:07:39:6e:5f:51:57:fe:dd:80:1c:5a:
                    0f:be:d8:39:d9:a3:d1:81:96:cb:17:38:ff:aa:e6:
                    e5:c3:3b:a7:f5:60:c1:a2:bb:be:48:8d:4c:6c:eb:
                    e5:c9:ca:f8:bf:ae:05:2b:80:e7:f6:96:c7:a6:4c:
                    0b:dd:0d:59:f5:2f:97:4b:d9:80:78:94:14:1c:11:
                    f8:c7:e5:51:18:7a:96:db:7e:76:fd:87:59:66:8a:
                    8f:b8:9b:b6:89:9e:9f:78:3b:54:e4:8d:a7:ad:00:
                    da:15:48:c2:33:cc:5f:77:7c:39:c7:d6:58:94:bf:
                    28:08:fe:73:bd:df:0d:30:de:de:bd:86:c4:fa:5f:
                    fa:1d:e0:50:b7:88:4c:98:aa:86:dc:ef:16:64:9d:
                    59:0f:63:cb:7c:e6:e4:d7:3f:d7:58:a1:0d:41:88:
                    56:90:f8:e6:32:e3:ee:e4:95:69:78:89:01:36:7d:
                    e6:55:60:10:3b:e6:2c:7a:c7:21:d7:c3:d0:dd:19:
                    b8:3a:7e:d8:34:8c:60:62:35:e9:f5:65:12:c4:7a:
                    46:1e:78:a1:0a:b1:59:5f:51:9f:6e:ce:4c:84:52:
                    f9:b2:5c:27:dc:81:c1:4a:46:28:50:8e:73:c0:41:
                    47:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9B:64:8A:D8:FF:70:04:95:1D:6D:91:00:8D:AC:02:57:72:ED:5A
            X509v3 Authority Key Identifier:
                keyid:3B:5F:C6:9B:7C:6E:E8:69:93:0C:E0:B8:39:1E:E5:D8:4C:53:49:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/_Ztkitj_cASVHW2RAI2sAldy7Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.196.0/22
                  193.109.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:ab:d6:9d:e1:83:39:fb:ed:d7:56:71:3b:b0:b6:86:c1:1e:
         31:a0:cb:d0:0f:b1:1c:66:06:8c:9c:a6:2e:31:fb:f3:b2:3a:
         b1:ce:37:61:1a:2a:77:04:de:20:7f:db:a8:ad:76:40:fd:b8:
         88:39:06:d8:15:e5:10:bb:bb:2b:2f:ac:f9:31:e7:97:9b:ae:
         ac:52:2c:74:fc:20:73:d1:d9:9c:8f:30:fb:ee:83:c9:ac:92:
         3f:1f:99:f9:71:9b:86:16:47:31:b3:34:89:2a:14:c2:10:9f:
         56:2b:da:5c:a6:4b:82:80:65:6c:8a:70:69:76:25:c3:73:5d:
         50:18:3b:11:e0:26:45:9a:9e:60:dc:d2:b2:82:d9:fa:a6:a2:
         10:cc:25:30:59:2e:bd:9f:20:45:8c:53:a2:b8:34:c2:ea:9c:
         87:9f:e5:f9:b1:36:f9:2b:ee:82:09:5a:67:48:ca:b5:cf:ae:
         26:20:ac:8b:ef:6b:ae:28:e5:d1:b9:e7:c4:94:ad:b9:ee:91:
         8c:65:63:ac:e8:4e:96:2d:d4:4e:16:ed:35:a5:91:d6:54:b2:
         b9:14:ac:0e:c0:15:6c:ed:43:97:f9:a7:54:93:f1:a7:7b:f2:
         1f:a4:75:6b:f5:a7:6c:23:f7:b7:cd:87:0f:e8:1b:90:88:ac:
         e9:a1:ec:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt87VwrFFrd3bWOsT/EPpleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNWZjNjliN2M2ZWU4Njk5MzBjZTBiODM5MWVlNWQ4NGM1
MzQ5NGEwHhcNMjYwMTAyMDQxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDliNjQ4YWQ4ZmY3MDA0OTUxZDZkOTEwMDhkYWMwMjU3NzJlZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5vTa2auyKJ9B+zMti4ASkcqBzlu
X1FX/t2AHFoPvtg52aPRgZbLFzj/qublwzun9WDBoru+SI1MbOvlycr4v64FK4Dn
9pbHpkwL3Q1Z9S+XS9mAeJQUHBH4x+VRGHqW2352/YdZZoqPuJu2iZ6feDtU5I2n
rQDaFUjCM8xfd3w5x9ZYlL8oCP5zvd8NMN7evYbE+l/6HeBQt4hMmKqG3O8WZJ1Z
D2PLfObk1z/XWKENQYhWkPjmMuPu5JVpeIkBNn3mVWAQO+Ysesch18PQ3Rm4On7Y
NIxgYjXp9WUSxHpGHnihCrFZX1Gfbs5MhFL5slwn3IHBSkYoUI5zwEFHMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP2bZIrY/3AElR1tkQCNrAJXcu1aMB8GA1UdIwQY
MBaAFDtfxpt8buhpkwzguDke5dhMU0lKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFfR20zeHU2R21URE9DNE9SN2wyRXhUU1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC83YzE3MjctOWVhZi00OWM5LWFhZmMt
Zjk5NDUzYTk1YTk5LzEvX1p0a2l0al9jQVNWSFcyUkFJMnNBbGR5N1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC83YzE3MjctOWVhZi00OWM5LWFhZmMtZjk5NDUzYTk1YTk5
LzEvTzFfR20zeHU2R21URE9DNE9SN2wyRXhUU1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9PEAwQD
wW2YMA0GCSqGSIb3DQEBCwUAA4IBAQAdq9ad4YM5++3XVnE7sLaGwR4xoMvQD7Ec
ZgaMnKYuMfvzsjqxzjdhGip3BN4gf9uorXZA/biIOQbYFeUQu7srL6z5MeeXm66s
Uix0/CBz0dmcjzD77oPJrJI/H5n5cZuGFkcxszSJKhTCEJ9WK9pcpkuCgGVsinBp
diXDc11QGDsR4CZFmp5g3NKygtn6pqIQzCUwWS69nyBFjFOiuDTC6pyHn+X5sTb5
K+6CCVpnSMq1z64mIKyL72uuKOXRuefElK257pGMZWOs6E6WLdROFu01pZHWVLK5
FKwOwBVs7UOX+adUk/Gne/IfpHVr9adsI/e3zYcP6BuQiKzpoexZ
-----END CERTIFICATE-----