Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZyJv936Npo-nHRc9qhQJDLSYf6k.roa
File:                     ZyJv936Npo-nHRc9qhQJDLSYf6k.roa (raw, json)
Hash identifier:          XsWiwL2Pg0ERAsxfjbrTWq+9oP0ipe4hzV4L2K+S3/w=
Subject key identifier:   67:22:6F:F7:7E:8D:A6:8F:A7:1D:17:3D:AA:14:09:0C:B4:98:7F:A9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197835E80C7324663E8FA4DE6D229656894
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZyJv936Npo-nHRc9qhQJDLSYf6k.roa
Signing time:             Wed 18 Jun 2025 14:08:18 +0000
ROA not before:           Wed 18 Jun 2025 14:08:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        192.124.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:83:5e:80:c7:32:46:63:e8:fa:4d:e6:d2:29:65:68:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 18 14:08:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67226ff77e8da68fa71d173daa14090cb4987fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ea:00:8a:c9:1a:8b:e3:5d:45:62:cd:6b:d2:
                    52:b4:8f:0b:fc:2e:b4:66:13:03:84:7b:42:cf:a2:
                    3e:3e:66:ee:1f:35:10:14:cb:15:de:62:61:a3:61:
                    5a:33:62:61:e3:3f:bc:6a:42:24:c2:3f:30:57:b0:
                    0f:4d:a6:98:fa:59:d8:d1:cd:01:f5:e0:a7:c3:e1:
                    7c:2a:a0:3c:1d:1d:1a:dc:c5:cf:f1:d2:8a:9e:e6:
                    b4:db:51:7b:49:32:1d:5a:32:9f:ce:55:7e:74:c9:
                    28:df:bb:b8:40:72:d6:83:3b:26:62:bb:1d:2e:a9:
                    98:1f:29:65:d7:94:6c:39:76:fd:bc:82:92:7f:10:
                    36:ba:55:89:34:6e:78:66:3f:38:e6:48:7a:9d:d0:
                    94:11:da:d4:12:38:d9:4c:c3:1f:40:25:4d:5e:71:
                    44:b4:e9:6c:b4:40:b7:07:01:01:32:7b:2a:25:10:
                    16:a4:ee:e5:27:3b:84:89:cc:b0:70:bd:44:95:b8:
                    ab:d1:c7:11:0c:7b:09:25:5e:cc:14:fd:d6:eb:6c:
                    ef:20:3c:5e:ed:00:38:9c:9c:51:1c:9d:27:74:64:
                    0d:97:23:6e:f0:18:74:06:a6:5b:79:a7:90:51:00:
                    f6:a5:1c:54:8c:32:9f:0c:17:08:78:34:78:13:33:
                    47:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:22:6F:F7:7E:8D:A6:8F:A7:1D:17:3D:AA:14:09:0C:B4:98:7F:A9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZyJv936Npo-nHRc9qhQJDLSYf6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6d:a0:08:22:0e:67:5a:81:29:f5:44:f0:92:13:54:1e:42:
         e1:78:3c:e0:a0:82:a4:1b:ad:15:f6:c6:70:f9:8b:45:57:74:
         f6:48:42:43:56:0e:6b:47:75:c3:86:44:fa:b3:36:6e:0b:31:
         c1:b6:1a:4a:52:fd:4c:78:ff:28:bb:a3:2d:08:bc:77:93:93:
         ec:f4:99:56:d7:2a:d7:06:3f:9b:65:a3:19:16:f1:77:47:6c:
         77:14:c4:0e:46:bf:76:4a:91:84:64:82:55:29:86:ed:d5:5e:
         13:7d:f7:b1:a4:fb:a8:fa:a1:15:9e:4e:fa:30:e9:f1:71:d1:
         25:12:08:c9:84:f8:d7:61:77:d8:9f:84:ea:2a:90:f6:f2:da:
         f3:aa:6a:03:80:f4:62:f2:9a:3c:09:b1:b2:16:73:6f:9d:a5:
         ca:e4:af:2c:c0:c8:10:31:11:97:da:74:8f:a2:6e:41:4e:79:
         a7:de:57:48:86:55:95:61:1d:52:04:6a:f7:c8:55:81:50:5a:
         d3:5c:2b:f0:93:2c:f3:85:71:96:d6:5d:af:e0:e4:99:cf:81:
         70:e8:09:5c:8c:dc:98:a8:ce:4c:59:b3:25:6d:d3:3c:8f:eb:
         45:2f:78:83:af:1d:2a:c6:46:d3:86:58:a9:ac:68:ef:63:a4:
         f2:b0:40:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeDXoDHMkZj6PpN5tIpZWiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNjE4MTQwODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzIyNmZmNzdlOGRhNjhmYTcxZDE3M2RhYTE0MDkwY2I0OTg3ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+oAiskai+NdRWLNa9JStI8L/C60
ZhMDhHtCz6I+PmbuHzUQFMsV3mJho2FaM2Jh4z+8akIkwj8wV7APTaaY+lnY0c0B
9eCnw+F8KqA8HR0a3MXP8dKKnua021F7STIdWjKfzlV+dMko37u4QHLWgzsmYrsd
LqmYHyll15RsOXb9vIKSfxA2ulWJNG54Zj845kh6ndCUEdrUEjjZTMMfQCVNXnFE
tOlstEC3BwEBMnsqJRAWpO7lJzuEicywcL1Elbir0ccRDHsJJV7MFP3W62zvIDxe
7QA4nJxRHJ0ndGQNlyNu8Bh0BqZbeaeQUQD2pRxUjDKfDBcIeDR4EzNHHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcib/d+jaaPpx0XPaoUCQy0mH+pMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWnlKdjkzNk5wby1uSFJjOXFoUUpETFNZZjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHy2MA0G
CSqGSIb3DQEBCwUAA4IBAQA2baAIIg5nWoEp9UTwkhNUHkLheDzgoIKkG60V9sZw
+YtFV3T2SEJDVg5rR3XDhkT6szZuCzHBthpKUv1MeP8ou6MtCLx3k5Ps9JlW1yrX
Bj+bZaMZFvF3R2x3FMQORr92SpGEZIJVKYbt1V4TffexpPuo+qEVnk76MOnxcdEl
EgjJhPjXYXfYn4TqKpD28trzqmoDgPRi8po8CbGyFnNvnaXK5K8swMgQMRGX2nSP
om5BTnmn3ldIhlWVYR1SBGr3yFWBUFrTXCvwkyzzhXGW1l2v4OSZz4Fw6AlcjNyY
qM5MWbMlbdM8j+tFL3iDrx0qxkbThliprGjvY6TysEAd
-----END CERTIFICATE-----