Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/Zv79TTxsf83wSa-br66v_0Kz3P0.roa
File:                     Zv79TTxsf83wSa-br66v_0Kz3P0.roa (raw, json)
Hash identifier:          PshdlsPP60SM0Q8DKrvKNK5rgHz5shKnndSXnKZ2nf8=
Subject key identifier:   66:FE:FD:4D:3C:6C:7F:CD:F0:49:AF:9B:AF:AE:AF:FF:42:B3:DC:FD
Certificate issuer:       /CN=b0ff273a8fe212090ba1cb78c6331f80e78c3025
Certificate serial:       019B797DF8312F7EF0E23028B2FAC0AB21B5
Authority key identifier: B0:FF:27:3A:8F:E2:12:09:0B:A1:CB:78:C6:33:1F:80:E7:8C:30:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sP8nOo_iEgkLoct4xjMfgOeMMCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/Zv79TTxsf83wSa-br66v_0Kz3P0.roa
Signing time:             Thu 01 Jan 2026 12:17:37 +0000
ROA not before:           Thu 01 Jan 2026 12:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215454
IP address blocks:        91.103.139.0/24 maxlen: 24
                          2a13:30c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/sP8nOo_iEgkLoct4xjMfgOeMMCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/sP8nOo_iEgkLoct4xjMfgOeMMCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sP8nOo_iEgkLoct4xjMfgOeMMCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:f8:31:2f:7e:f0:e2:30:28:b2:fa:c0:ab:21:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0ff273a8fe212090ba1cb78c6331f80e78c3025
        Validity
            Not Before: Jan  1 12:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66fefd4d3c6c7fcdf049af9bafaeafff42b3dcfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:be:27:0d:85:7e:6f:98:70:7e:a7:3b:9a:
                    4c:58:e1:5a:54:26:1e:9b:85:09:e4:98:b2:17:18:
                    b8:bc:33:bc:48:e5:49:db:8a:ae:3b:d9:e9:83:d1:
                    74:e1:30:3d:71:96:6f:c2:b7:fa:7a:8b:0d:0c:8c:
                    1e:74:c3:08:3c:24:cb:b4:4d:64:7d:08:1c:6d:ef:
                    90:b2:af:8d:ed:86:e1:15:a5:97:f4:20:ad:ee:08:
                    53:d5:0d:69:c4:2a:12:39:38:cf:97:a7:e8:15:e0:
                    00:00:e0:c5:f9:18:db:2d:89:20:94:7f:08:a9:85:
                    87:6d:e6:8f:da:45:6d:a3:7d:76:25:48:d1:33:cd:
                    d2:58:3f:5d:c2:70:6f:19:6d:41:91:f0:22:94:63:
                    88:c3:3a:58:71:8a:f6:87:74:d1:60:32:6f:3d:af:
                    a3:a4:49:cc:0c:42:27:72:09:9a:44:47:0c:56:ef:
                    e9:01:12:02:93:92:ff:1f:ac:63:c6:db:d7:70:10:
                    7a:93:b6:81:e6:15:72:e0:06:45:93:bc:88:58:a8:
                    05:e3:3c:ef:82:25:45:57:d2:cf:71:5d:1f:aa:49:
                    51:9c:f3:e3:4b:c3:8d:59:c2:fc:92:0c:70:d8:de:
                    2b:e5:7d:c9:e4:c8:2f:56:a4:57:2b:b3:dd:40:93:
                    be:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FE:FD:4D:3C:6C:7F:CD:F0:49:AF:9B:AF:AE:AF:FF:42:B3:DC:FD
            X509v3 Authority Key Identifier:
                keyid:B0:FF:27:3A:8F:E2:12:09:0B:A1:CB:78:C6:33:1F:80:E7:8C:30:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sP8nOo_iEgkLoct4xjMfgOeMMCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/Zv79TTxsf83wSa-br66v_0Kz3P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7f1255-d3ad-4cb2-abfd-88d3ca9006d5/1/sP8nOo_iEgkLoct4xjMfgOeMMCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.139.0/24
                IPv6:
                  2a13:30c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:43:48:19:a5:13:6d:0b:11:ee:8e:1f:52:69:8e:86:23:94:
         e1:2b:39:04:f6:77:c0:13:4a:51:72:40:c5:66:88:3a:b8:fe:
         90:0f:29:01:99:91:33:25:06:14:bf:9f:db:03:59:b2:90:0e:
         12:0f:b4:52:32:e7:48:fd:d5:e9:4e:a3:97:15:e5:83:a8:01:
         1a:72:fe:9a:ea:88:50:0a:be:80:66:a7:f6:e5:b1:7a:1d:f6:
         37:2c:38:93:40:76:2e:5d:b1:e8:7e:f1:e1:dd:91:e9:fd:d4:
         96:2c:8f:5a:c7:20:6a:b6:db:be:5a:91:53:ae:2d:85:78:d0:
         96:b6:d6:73:1d:94:40:46:bc:a2:ad:56:d5:21:2d:47:e7:ae:
         e3:74:4d:17:25:07:cf:79:20:c4:89:b7:9d:2e:5c:49:b2:af:
         df:62:8b:17:94:66:39:ec:8e:9d:88:0b:d5:e8:af:12:1b:7e:
         57:1a:95:92:8f:e7:e7:2b:65:f2:74:d2:06:3c:a9:f9:06:e0:
         14:5f:fb:7e:04:37:05:de:61:2e:37:7e:ec:c1:43:4c:7a:47:
         e3:1a:ae:17:d2:a5:33:e7:f3:54:bd:c1:34:22:a9:91:4c:a7:
         56:ad:7f:27:b1:fc:08:5e:23:6b:08:6a:80:f0:28:ca:6e:16:
         47:37:4c:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5ffgxL37w4jAosvrAqyG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZmYyNzNhOGZlMjEyMDkwYmExY2I3OGM2MzMxZjgwZTc4
YzMwMjUwHhcNMjYwMTAxMTIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZlZmQ0ZDNjNmM3ZmNkZjA0OWFmOWJhZmFlYWZmZjQyYjNkY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxm+Jw2Ffm+YcH6nO5pMWOFaVCYe
m4UJ5JiyFxi4vDO8SOVJ24quO9npg9F04TA9cZZvwrf6eosNDIwedMMIPCTLtE1k
fQgcbe+Qsq+N7YbhFaWX9CCt7ghT1Q1pxCoSOTjPl6foFeAAAODF+RjbLYkglH8I
qYWHbeaP2kVto312JUjRM83SWD9dwnBvGW1BkfAilGOIwzpYcYr2h3TRYDJvPa+j
pEnMDEIncgmaREcMVu/pARICk5L/H6xjxtvXcBB6k7aB5hVy4AZFk7yIWKgF4zzv
giVFV9LPcV0fqklRnPPjS8ONWcL8kgxw2N4r5X3J5MgvVqRXK7PdQJO+GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGb+/U08bH/N8Emvm6+ur/9Cs9z9MB8GA1UdIwQY
MBaAFLD/JzqP4hIJC6HLeMYzH4DnjDAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1A4bk9vX2lFZ2tMb2N0NHhqTWZnT2VNTUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS83ZjEyNTUtZDNhZC00Y2IyLWFiZmQt
ODhkM2NhOTAwNmQ1LzEvWnY3OVRUeHNmODN3U2EtYnI2NnZfMEt6M1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS83ZjEyNTUtZDNhZC00Y2IyLWFiZmQtODhkM2NhOTAwNmQ1
LzEvc1A4bk9vX2lFZ2tMb2N0NHhqTWZnT2VNTUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW2eLMA0E
AgACMAcDBQMqEzDAMA0GCSqGSIb3DQEBCwUAA4IBAQBjQ0gZpRNtCxHujh9SaY6G
I5ThKzkE9nfAE0pRckDFZog6uP6QDykBmZEzJQYUv5/bA1mykA4SD7RSMudI/dXp
TqOXFeWDqAEacv6a6ohQCr6AZqf25bF6HfY3LDiTQHYuXbHofvHh3ZHp/dSWLI9a
xyBqttu+WpFTri2FeNCWttZzHZRARryirVbVIS1H567jdE0XJQfPeSDEibedLlxJ
sq/fYosXlGY57I6diAvV6K8SG35XGpWSj+fnK2XydNIGPKn5BuAUX/t+BDcF3mEu
N37swUNMekfjGq4X0qUz5/NUvcE0IqmRTKdWrX8nsfwIXiNrCGqA8CjKbhZHN0w1
-----END CERTIFICATE-----