Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/ZTjWvW3_UDwWz5igtbbCJdukgBg.roa
File:                     ZTjWvW3_UDwWz5igtbbCJdukgBg.roa (raw, json)
Hash identifier:          yrRO/z/hbGoHDtMqzYpJp8RqBS++UjuABdQAeDOiMoA=
Subject key identifier:   65:38:D6:BD:6D:FF:50:3C:16:CF:98:A0:B5:B6:C2:25:DB:A4:80:18
Certificate issuer:       /CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
Certificate serial:       019E08CB87D84546AA0D996A6AF2B4216ED6
Authority key identifier: 30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/ZTjWvW3_UDwWz5igtbbCJdukgBg.roa
Signing time:             Fri 08 May 2026 18:13:36 +0000
ROA not before:           Fri 08 May 2026 18:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        185.54.80.0/22 maxlen: 32
                          2a02:4460::/32 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:cb:87:d8:45:46:aa:0d:99:6a:6a:f2:b4:21:6e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
        Validity
            Not Before: May  8 18:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6538d6bd6dff503c16cf98a0b5b6c225dba48018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cb:0d:7b:28:8d:c7:65:29:df:57:3b:c8:0d:
                    90:6c:3b:7c:33:3d:c0:f8:a2:9c:a3:df:be:d2:cb:
                    37:b4:09:7b:0e:31:60:2f:cc:de:18:20:ef:b6:99:
                    5f:ec:39:8a:64:20:6b:60:63:32:60:f3:04:94:04:
                    4a:f8:79:71:b9:9a:b6:eb:ff:56:9a:32:78:62:5a:
                    6d:d9:54:09:92:11:7d:21:8d:99:8d:34:0c:00:ac:
                    9f:6a:05:05:37:ad:e3:be:56:d0:54:ed:38:ee:57:
                    74:4a:f8:20:72:38:b8:a7:f0:18:71:4a:c2:1a:e7:
                    53:5d:19:1a:6c:dd:db:31:63:e1:1e:1a:dc:79:47:
                    43:a7:30:f2:e6:e5:46:6e:09:ab:3f:2d:5c:ce:63:
                    15:a5:97:a2:58:7e:a3:02:6a:be:47:d0:77:d3:65:
                    27:66:46:07:09:10:cf:5e:20:3b:37:02:ab:d0:5f:
                    0f:16:85:77:47:74:46:b6:92:b6:ef:34:04:0b:f8:
                    93:55:09:18:9d:82:5f:be:9a:54:a8:65:b4:b0:a0:
                    6d:2b:03:ca:51:c8:79:6c:2c:3a:10:65:e6:5b:5f:
                    c0:cc:7e:d8:8d:89:17:d1:ff:c7:21:d3:e9:c5:a7:
                    b6:8f:62:c1:45:6f:28:cd:ef:d9:e8:6c:37:e5:09:
                    c3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:38:D6:BD:6D:FF:50:3C:16:CF:98:A0:B5:B6:C2:25:DB:A4:80:18
            X509v3 Authority Key Identifier:
                keyid:30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/ZTjWvW3_UDwWz5igtbbCJdukgBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.80.0/22
                IPv6:
                  2a02:4460::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:24:31:2d:70:a2:ec:72:3b:c1:d9:35:e6:e5:9f:83:03:f7:
         ff:c4:76:25:89:5b:41:6b:2b:2b:e4:0f:de:2b:92:5a:3a:3d:
         4b:4d:59:80:66:c7:88:f8:60:62:4d:bf:a2:75:6c:a6:28:0c:
         bb:a8:38:e5:3b:b3:a1:c0:96:79:14:07:96:35:3e:c3:e0:ef:
         3b:7f:1f:ad:bd:aa:36:61:5b:f7:86:2b:d9:46:f2:3d:92:dc:
         15:85:1a:e2:90:50:cd:a9:ab:9f:57:30:8b:bc:cf:f9:35:69:
         9b:f6:27:83:28:64:79:4e:78:53:6f:4f:1e:3f:89:c6:b9:6c:
         07:39:d5:4a:7f:1f:28:d8:c5:df:13:37:7e:01:3b:70:62:f6:
         7c:87:cb:74:ee:87:d7:90:51:35:8e:89:91:04:d1:65:6e:49:
         53:27:8c:9a:7b:b9:5c:6e:f9:c5:37:c0:da:ed:ee:00:e8:70:
         26:33:3a:f3:a1:2d:25:26:42:17:62:45:33:a4:c1:73:14:53:
         eb:27:6b:b1:70:e0:16:54:1a:b4:32:c2:2a:37:b7:12:37:7d:
         7d:23:28:04:65:84:16:7b:f2:29:53:31:2d:fd:43:7d:66:7d:
         d1:ba:6d:f7:b1:a5:36:0f:ec:8f:e3:f7:0c:99:4a:39:b3:4d:
         ec:85:a2:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4Iy4fYRUaqDZlqavK0IW7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDhhNjQ5MDNjZmEyMTczNzk3NDlmMThiN2ZkY2VhMWRh
YjZkYjQwHhcNMjYwNTA4MTgxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM4ZDZiZDZkZmY1MDNjMTZjZjk4YTBiNWI2YzIyNWRiYTQ4MDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmssNeyiNx2Up31c7yA2QbDt8Mz3A
+KKco9++0ss3tAl7DjFgL8zeGCDvtplf7DmKZCBrYGMyYPMElARK+HlxuZq26/9W
mjJ4Ylpt2VQJkhF9IY2ZjTQMAKyfagUFN63jvlbQVO047ld0Svggcji4p/AYcUrC
GudTXRkabN3bMWPhHhrceUdDpzDy5uVGbgmrPy1czmMVpZeiWH6jAmq+R9B302Un
ZkYHCRDPXiA7NwKr0F8PFoV3R3RGtpK27zQEC/iTVQkYnYJfvppUqGW0sKBtKwPK
Uch5bCw6EGXmW1/AzH7YjYkX0f/HIdPpxae2j2LBRW8oze/Z6Gw35QnDpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGU41r1t/1A8Fs+YoLW2wiXbpIAYMB8GA1UdIwQY
MBaAFDDYpkkDz6IXN5dJ8Yt/3Oodq220MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgt
MWY2NmZhYWI0YWI1LzEvWlRqV3ZXM19VRHdXejVpZ3RiYkNKZHVrZ0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgtMWY2NmZhYWI0YWI1
LzEvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTZQMA0E
AgACMAcDBQAqAkRgMA0GCSqGSIb3DQEBCwUAA4IBAQCzJDEtcKLscjvB2TXm5Z+D
A/f/xHYliVtBaysr5A/eK5JaOj1LTVmAZseI+GBiTb+idWymKAy7qDjlO7OhwJZ5
FAeWNT7D4O87fx+tvao2YVv3hivZRvI9ktwVhRrikFDNqaufVzCLvM/5NWmb9ieD
KGR5TnhTb08eP4nGuWwHOdVKfx8o2MXfEzd+ATtwYvZ8h8t07ofXkFE1jomRBNFl
bklTJ4yae7lcbvnFN8Da7e4A6HAmMzrzoS0lJkIXYkUzpMFzFFPrJ2uxcOAWVBq0
MsIqN7cSN319IygEZYQWe/IpUzEt/UN9Zn3Rum33saU2D+yP4/cMmUo5s03shaIB
-----END CERTIFICATE-----