Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZN2BTZcUzKzPWIDmgfpQ4_J4rWU.roa
File:                     ZN2BTZcUzKzPWIDmgfpQ4_J4rWU.roa (raw, json)
Hash identifier:          inXXzkMKQwpyNAisYdjb+0WkGiiYcAmXaAzartPEVyU=
Subject key identifier:   64:DD:81:4D:97:14:CC:AC:CF:58:80:E6:81:FA:50:E3:F2:78:AD:65
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D2464E00BDDB35B33489358A03DF2A0B0
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZN2BTZcUzKzPWIDmgfpQ4_J4rWU.roa
Signing time:             Wed 25 Mar 2026 09:48:03 +0000
ROA not before:           Wed 25 Mar 2026 09:48:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212139
IP address blocks:        206.203.0.0/23 maxlen: 23
                          206.203.0.0/24 maxlen: 24
                          206.203.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:64:e0:0b:dd:b3:5b:33:48:93:58:a0:3d:f2:a0:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 25 09:48:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64dd814d9714ccaccf5880e681fa50e3f278ad65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:32:48:84:7c:20:ae:e5:93:1f:d5:f5:29:cb:
                    1b:35:a0:c3:57:05:6b:a2:90:2e:f5:7e:a4:97:f4:
                    d5:1c:01:91:64:aa:b2:5d:db:3e:b6:fb:05:c1:ed:
                    27:aa:4c:76:da:e9:80:d8:49:22:a3:e8:7d:a7:2e:
                    32:72:c6:24:9f:03:67:4c:f9:c8:1a:5a:f1:ee:42:
                    b5:6a:ec:b3:4d:c8:02:18:79:ff:7c:0a:91:88:fb:
                    ac:e2:d0:e8:10:40:9d:33:cb:5c:ac:44:aa:87:a8:
                    53:38:f6:52:f1:b5:5e:82:f0:f6:70:1e:a4:ed:47:
                    ed:5d:d7:c2:e1:3c:8e:1e:b9:fa:d3:0d:ea:91:b3:
                    1b:87:d6:56:40:f5:f9:55:90:76:fb:e4:46:b7:5c:
                    b4:09:a0:ea:b5:4f:9a:5a:0f:6f:2b:2a:c6:0f:f5:
                    36:10:46:b0:0a:5b:02:e3:57:bb:63:f2:1e:1e:ad:
                    44:f0:f3:46:c3:60:62:e8:b2:b2:01:48:66:42:1b:
                    2b:b1:3a:56:65:70:df:27:53:55:34:a0:b3:cb:52:
                    6d:b4:45:02:bc:bb:54:fa:34:f2:91:3e:84:02:cd:
                    6b:8a:78:67:d4:31:e0:8b:52:3c:cd:68:b7:b5:fd:
                    30:fe:8f:8b:ac:32:1a:68:9d:ee:8f:f8:0d:ac:77:
                    c8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DD:81:4D:97:14:CC:AC:CF:58:80:E6:81:FA:50:E3:F2:78:AD:65
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZN2BTZcUzKzPWIDmgfpQ4_J4rWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.203.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:8a:02:d7:04:23:f7:23:45:bd:f7:ce:47:96:99:7d:f9:68:
         54:e0:b0:b6:d2:85:98:da:64:27:ea:56:32:aa:d2:e6:3c:c8:
         a1:01:1a:32:67:eb:19:81:61:05:0a:4a:0f:ab:cd:2f:63:20:
         cb:11:ab:bb:e7:c6:15:57:c1:19:9e:70:fe:61:26:2f:77:e8:
         72:9d:71:1b:d3:29:d4:bb:76:14:bc:ff:d1:df:9e:30:d1:d6:
         13:08:fb:92:ed:59:4f:a1:80:08:cc:00:a1:0a:f3:6e:e1:77:
         4c:ec:55:11:e8:37:b1:99:9e:4f:8f:88:ab:f9:56:76:d5:d3:
         cd:77:e0:46:4d:82:5f:5b:a7:d2:76:aa:6b:50:f8:57:8b:66:
         54:57:cf:9d:84:df:3b:73:28:3d:c0:6f:a7:23:cc:0b:8f:9e:
         03:0c:c6:e8:06:17:c5:80:54:0f:22:ba:b7:26:49:ff:d2:b1:
         00:b6:76:4f:1f:ee:57:14:76:14:d6:2f:81:b3:e3:21:93:90:
         3b:81:fa:18:81:62:75:07:2e:c8:08:b1:ad:08:5d:a6:3f:ce:
         2e:36:ea:cf:3c:90:a3:52:9f:61:de:9c:4c:4b:cd:74:1a:bf:
         29:3c:7b:02:bc:27:d0:e8:43:62:ee:ba:d0:0d:30:17:56:fc:
         dc:af:12:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kZOAL3bNbM0iTWKA98qCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzI1MDk0ODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRkODE0ZDk3MTRjY2FjY2Y1ODgwZTY4MWZhNTBlM2YyNzhhZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljJIhHwgruWTH9X1KcsbNaDDVwVr
opAu9X6kl/TVHAGRZKqyXds+tvsFwe0nqkx22umA2Ekio+h9py4ycsYknwNnTPnI
Glrx7kK1auyzTcgCGHn/fAqRiPus4tDoEECdM8tcrESqh6hTOPZS8bVegvD2cB6k
7UftXdfC4TyOHrn60w3qkbMbh9ZWQPX5VZB2++RGt1y0CaDqtU+aWg9vKyrGD/U2
EEawClsC41e7Y/IeHq1E8PNGw2Bi6LKyAUhmQhsrsTpWZXDfJ1NVNKCzy1JttEUC
vLtU+jTykT6EAs1rinhn1DHgi1I8zWi3tf0w/o+LrDIaaJ3uj/gNrHfIYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTdgU2XFMysz1iA5oH6UOPyeK1lMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWk4yQlRaY1V6S3pQV0lEbWdmcFE0X0o0cldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBzssAMA0G
CSqGSIb3DQEBCwUAA4IBAQARigLXBCP3I0W9985Hlpl9+WhU4LC20oWY2mQn6lYy
qtLmPMihARoyZ+sZgWEFCkoPq80vYyDLEau758YVV8EZnnD+YSYvd+hynXEb0ynU
u3YUvP/R354w0dYTCPuS7VlPoYAIzAChCvNu4XdM7FUR6DexmZ5Pj4ir+VZ21dPN
d+BGTYJfW6fSdqprUPhXi2ZUV8+dhN87cyg9wG+nI8wLj54DDMboBhfFgFQPIrq3
Jkn/0rEAtnZPH+5XFHYU1i+Bs+Mhk5A7gfoYgWJ1By7ICLGtCF2mP84uNurPPJCj
Up9h3pxMS810Gr8pPHsCvCfQ6ENi7rrQDTAXVvzcrxID
-----END CERTIFICATE-----