Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ZYvL-zcAYTSTangwEs5MII0v6M0.roa
File:                     ZYvL-zcAYTSTangwEs5MII0v6M0.roa (raw, json)
Hash identifier:          J/C9tJEn+wZvt4vJdCPPf3D4iiBjhcxFDac3SCbC1H0=
Subject key identifier:   65:8B:CB:FB:37:00:61:34:93:6A:78:30:12:CE:4C:20:8D:2F:E8:CD
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       01982D8F9D83A04D5FDF6E8916CBE33FF9DF
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ZYvL-zcAYTSTangwEs5MII0v6M0.roa
Signing time:             Mon 21 Jul 2025 15:17:23 +0000
ROA not before:           Mon 21 Jul 2025 15:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        109.175.210.0/24 maxlen: 24
                          2a01:fb00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:8f:9d:83:a0:4d:5f:df:6e:89:16:cb:e3:3f:f9:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Jul 21 15:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=658bcbfb37006134936a783012ce4c208d2fe8cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:0c:63:7f:1b:41:d6:bc:ed:9a:51:b4:4e:ed:
                    0a:91:c5:cc:4a:d9:ce:c5:57:75:54:6f:83:ab:4e:
                    23:05:4e:fe:a0:80:70:94:a9:c9:f8:06:95:77:b5:
                    da:97:66:cb:24:51:7f:e6:56:a4:ad:83:68:7b:c6:
                    11:9a:38:a6:79:23:4e:83:29:25:53:69:91:23:1c:
                    95:bc:6f:83:53:51:c5:3d:88:0c:1e:ff:2d:60:f9:
                    98:cc:ca:32:1e:7f:1c:c7:05:ef:a8:e8:02:be:4d:
                    99:21:28:c8:b8:d2:c3:ae:d7:5e:a1:fa:ef:f0:e6:
                    fc:08:de:7f:17:51:1d:fa:20:b6:f5:5a:51:bd:1c:
                    7b:4e:85:d7:de:1c:8a:2e:df:bd:fb:32:87:84:e5:
                    35:11:30:47:c1:1a:6b:94:74:f4:eb:4f:93:78:ac:
                    78:ce:8e:53:93:76:83:5b:e7:0b:aa:ad:95:9c:d1:
                    92:6a:ec:a5:f8:e2:e4:cb:e7:8f:13:80:78:bb:70:
                    a1:b2:23:b7:a0:86:31:c7:47:93:97:a3:25:33:c5:
                    66:5d:d4:a6:e9:f7:d2:cc:58:ab:5e:8e:0c:0c:0d:
                    b2:ce:65:65:20:ce:c1:e9:8a:0f:ac:2c:26:5f:f0:
                    06:23:f9:bb:52:93:e8:ff:50:fd:f0:c8:64:ca:cf:
                    bd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8B:CB:FB:37:00:61:34:93:6A:78:30:12:CE:4C:20:8D:2F:E8:CD
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ZYvL-zcAYTSTangwEs5MII0v6M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.210.0/24
                IPv6:
                  2a01:fb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:dc:9f:de:1a:b7:78:5d:70:47:84:46:85:01:3a:26:6d:e9:
         32:b6:96:bd:51:c0:b8:3b:b5:7e:1e:00:50:e1:fa:ac:13:a5:
         c5:2c:26:86:fb:82:ff:42:3c:fe:54:87:95:ce:5c:8a:6e:23:
         c3:c8:b5:06:8b:15:02:9f:70:ec:5f:15:38:5c:1e:fc:64:f3:
         28:01:8a:b5:01:d5:b3:da:f5:3b:39:fc:fb:e0:3b:84:e8:7d:
         02:58:96:d3:67:71:0a:cd:35:ed:54:e4:f2:d1:bf:6d:30:7c:
         ca:35:b6:58:ac:6c:ef:4b:d3:8f:b9:44:62:21:ad:ec:5d:73:
         6f:26:ea:a5:ae:14:fb:5d:d1:46:b7:72:bf:d5:ed:d4:f8:2c:
         d4:d4:64:9c:64:2e:0d:7f:06:77:d0:c6:c9:fa:a1:63:de:1f:
         15:35:0b:f5:cf:c1:eb:d2:3a:ea:83:1c:6b:53:36:e9:f1:e3:
         42:34:db:61:53:cb:35:82:16:66:c2:22:f4:77:51:b8:8d:1e:
         ed:16:01:ba:f2:c9:ab:17:5f:b0:8f:b3:34:4f:d7:eb:b2:48:
         81:52:f9:25:46:99:76:f0:bb:7d:82:b4:35:ef:2a:d3:a8:c7:
         f0:66:0f:53:b2:ff:70:24:09:f8:84:24:bd:0f:0c:57:2f:e2:
         cd:31:5c:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgtj52DoE1f326JFsvjP/nfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUwNzIxMTUxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThiY2JmYjM3MDA2MTM0OTM2YTc4MzAxMmNlNGMyMDhkMmZlOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9gxjfxtB1rztmlG0Tu0KkcXMStnO
xVd1VG+Dq04jBU7+oIBwlKnJ+AaVd7Xal2bLJFF/5lakrYNoe8YRmjimeSNOgykl
U2mRIxyVvG+DU1HFPYgMHv8tYPmYzMoyHn8cxwXvqOgCvk2ZISjIuNLDrtdeofrv
8Ob8CN5/F1Ed+iC29VpRvRx7ToXX3hyKLt+9+zKHhOU1ETBHwRprlHT060+TeKx4
zo5Tk3aDW+cLqq2VnNGSauyl+OLky+ePE4B4u3ChsiO3oIYxx0eTl6MlM8VmXdSm
6ffSzFirXo4MDA2yzmVlIM7B6YoPrCwmX/AGI/m7UpPo/1D98Mhkys+9FwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGWLy/s3AGE0k2p4MBLOTCCNL+jNMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvWll2TC16Y0FZVFNUYW5nd0VzNU1JSTB2Nk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAba/SMA0E
AgACMAcDBQAqAfsAMA0GCSqGSIb3DQEBCwUAA4IBAQAj3J/eGrd4XXBHhEaFATom
bekytpa9UcC4O7V+HgBQ4fqsE6XFLCaG+4L/Qjz+VIeVzlyKbiPDyLUGixUCn3Ds
XxU4XB78ZPMoAYq1AdWz2vU7Ofz74DuE6H0CWJbTZ3EKzTXtVOTy0b9tMHzKNbZY
rGzvS9OPuURiIa3sXXNvJuqlrhT7XdFGt3K/1e3U+CzU1GScZC4NfwZ30MbJ+qFj
3h8VNQv1z8Hr0jrqgxxrUzbp8eNCNNthU8s1ghZmwiL0d1G4jR7tFgG68smrF1+w
j7M0T9frskiBUvklRpl28Lt9grQ17yrTqMfwZg9Tsv9wJAn4hCS9DwxXL+LNMVxs
-----END CERTIFICATE-----