Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/mzjq_E9j-9cKk2TKoQGkLBC5u4Q.roa
File:                     mzjq_E9j-9cKk2TKoQGkLBC5u4Q.roa (raw, json)
Hash identifier:          2CE2j2LCoSSQcA7NTRzO1EXIEEufcX6KVxq3KWqXbTI=
Subject key identifier:   9B:38:EA:FC:4F:63:FB:D7:0A:93:64:CA:A1:01:A4:2C:10:B9:BB:84
Certificate issuer:       /CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
Certificate serial:       019D5241EF43C7CC4E76C669C12438960B0F
Authority key identifier: AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/mzjq_E9j-9cKk2TKoQGkLBC5u4Q.roa
Signing time:             Fri 03 Apr 2026 07:32:25 +0000
ROA not before:           Fri 03 Apr 2026 07:32:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199128
IP address blocks:        62.162.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:41:ef:43:c7:cc:4e:76:c6:69:c1:24:38:96:0b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
        Validity
            Not Before: Apr  3 07:32:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b38eafc4f63fbd70a9364caa101a42c10b9bb84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:22:69:6b:19:b0:5f:0d:d8:b1:dd:04:79:d8:
                    87:75:39:69:e0:fb:6e:ad:0e:9b:b0:50:50:8a:75:
                    9c:44:b9:7d:d6:1a:dd:f4:a4:fa:65:c2:73:cc:02:
                    19:07:f4:10:5a:39:44:a5:21:06:7c:47:bc:7d:ec:
                    63:18:14:f9:cc:df:e9:99:95:1e:39:57:6d:63:4e:
                    6c:25:75:9d:db:d0:6c:9e:b3:76:f8:99:18:bd:0d:
                    1c:c2:fd:2f:69:25:0c:89:2a:a4:7f:34:9c:95:8c:
                    7d:2c:08:71:da:64:0c:12:87:96:34:1b:09:bb:8c:
                    a7:63:c0:61:44:77:b9:ee:18:e2:91:26:fc:34:dc:
                    18:8e:67:6e:9a:82:df:e0:c7:a0:a1:ed:b7:d2:db:
                    48:ae:f8:0e:86:44:a6:30:6f:92:0a:70:53:e4:ee:
                    c9:57:0a:9d:00:4a:3e:29:a1:22:46:dd:47:bc:e7:
                    f7:97:b3:bf:45:ba:72:0e:15:4b:d7:65:86:56:d2:
                    b0:7e:e8:c9:cf:af:e3:76:73:84:b3:23:8b:2f:19:
                    bc:e6:6c:6e:9f:83:ce:d0:74:ac:65:b2:a6:6e:3f:
                    91:5d:89:7d:6b:38:30:76:29:06:25:95:78:88:36:
                    ab:07:ca:4e:4b:1c:53:b3:ec:84:6b:3b:9f:3f:f8:
                    e7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:38:EA:FC:4F:63:FB:D7:0A:93:64:CA:A1:01:A4:2C:10:B9:BB:84
            X509v3 Authority Key Identifier:
                keyid:AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/mzjq_E9j-9cKk2TKoQGkLBC5u4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.162.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:d5:1d:40:57:47:58:5b:32:59:66:60:90:f4:65:77:88:f9:
         62:43:60:4a:d8:6e:42:15:1f:6f:3c:a7:d6:de:70:b8:b5:de:
         91:d3:72:74:dd:6a:d3:b0:46:c9:5f:b8:69:43:8c:c2:09:a6:
         cc:39:95:4d:3d:db:40:42:69:5e:ec:5f:e1:7e:ba:29:d1:98:
         58:e1:55:f4:29:8d:61:8c:0e:12:72:33:e8:0c:07:59:4d:43:
         f2:3f:3b:71:dc:30:d1:2f:7a:1c:f8:b1:4c:5c:cc:bc:49:e2:
         01:98:43:3d:28:d8:2b:66:0f:1e:e7:50:f4:0a:ec:4e:a7:cb:
         46:4b:60:15:41:46:0c:69:b9:b6:21:1c:1e:87:3f:fb:95:95:
         dc:9b:fd:ea:16:0f:da:f7:43:cf:89:c7:9d:37:e2:95:02:52:
         e3:2a:40:2c:86:15:af:f4:1c:fd:ef:39:2c:ab:3b:08:84:41:
         f0:c0:96:a8:a8:b8:f2:12:c1:96:a9:e8:d4:87:35:6b:04:85:
         f1:c1:32:4b:e8:5a:83:1d:18:57:ae:f2:63:58:6c:4f:be:e7:
         36:d8:fe:07:6a:6f:da:5a:79:66:b6:74:b4:eb:63:b6:67:45:
         9a:f6:c8:4b:4c:0d:f1:71:f2:d6:f6:34:b9:4b:e8:2d:dd:ff:
         c4:ca:0e:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SQe9Dx8xOdsZpwSQ4lgsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjYxYThkZjUzMjkyYzczMGUyYWUxZGZjZmM0ZmUzZmY3
NmIxZDAwHhcNMjYwNDAzMDczMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM4ZWFmYzRmNjNmYmQ3MGE5MzY0Y2FhMTAxYTQyYzEwYjliYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SJpaxmwXw3Ysd0EediHdTlp4Ptu
rQ6bsFBQinWcRLl91hrd9KT6ZcJzzAIZB/QQWjlEpSEGfEe8fexjGBT5zN/pmZUe
OVdtY05sJXWd29BsnrN2+JkYvQ0cwv0vaSUMiSqkfzSclYx9LAhx2mQMEoeWNBsJ
u4ynY8BhRHe57hjikSb8NNwYjmdumoLf4Megoe230ttIrvgOhkSmMG+SCnBT5O7J
VwqdAEo+KaEiRt1HvOf3l7O/RbpyDhVL12WGVtKwfujJz6/jdnOEsyOLLxm85mxu
n4PO0HSsZbKmbj+RXYl9azgwdikGJZV4iDarB8pOSxxTs+yEazufP/jnAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs46vxPY/vXCpNkyqEBpCwQubuEMB8GA1UdIwQY
MBaAFK4mGo31MpLHMOKuHfz8T+P/drHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQt
NTY5NWQ4OWQ3YjM2LzEvbXpqcV9FOWotOWNLazJUS29RR2tMQkM1dTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQtNTY5NWQ4OWQ3YjM2
LzEvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqKuMA0G
CSqGSIb3DQEBCwUAA4IBAQC61R1AV0dYWzJZZmCQ9GV3iPliQ2BK2G5CFR9vPKfW
3nC4td6R03J03WrTsEbJX7hpQ4zCCabMOZVNPdtAQmle7F/hfrop0ZhY4VX0KY1h
jA4ScjPoDAdZTUPyPztx3DDRL3oc+LFMXMy8SeIBmEM9KNgrZg8e51D0CuxOp8tG
S2AVQUYMabm2IRwehz/7lZXcm/3qFg/a90PPicedN+KVAlLjKkAshhWv9Bz97zks
qzsIhEHwwJaoqLjyEsGWqejUhzVrBIXxwTJL6FqDHRhXrvJjWGxPvuc22P4Ham/a
WnlmtnS062O2Z0Wa9shLTA3xcfLW9jS5S+gt3f/Eyg4f
-----END CERTIFICATE-----