Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/zMEZwInn6qsQsb3EuTqc1XMLlMs.roa
File:                     zMEZwInn6qsQsb3EuTqc1XMLlMs.roa (raw, json)
Hash identifier:          c5HbgBUG/gYeARGBH8gV4wwyAcZTcsGV67Ia/kHFnGc=
Subject key identifier:   CC:C1:19:C0:89:E7:EA:AB:10:B1:BD:C4:B9:3A:9C:D5:73:0B:94:CB
Certificate issuer:       /CN=edafdca6eace4f1293223b02eebc278243869b7b
Certificate serial:       0199DDA2322E18777A498438CC75EDB99DFF
Authority key identifier: ED:AF:DC:A6:EA:CE:4F:12:93:22:3B:02:EE:BC:27:82:43:86:9B:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7a_cpurOTxKTIjsC7rwngkOGm3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/zMEZwInn6qsQsb3EuTqc1XMLlMs.roa
Signing time:             Mon 13 Oct 2025 12:53:38 +0000
ROA not before:           Mon 13 Oct 2025 12:53:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1902
IP address blocks:        185.156.128.0/22 maxlen: 22
                          2a07:9e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/7a_cpurOTxKTIjsC7rwngkOGm3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/7a_cpurOTxKTIjsC7rwngkOGm3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7a_cpurOTxKTIjsC7rwngkOGm3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:a2:32:2e:18:77:7a:49:84:38:cc:75:ed:b9:9d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edafdca6eace4f1293223b02eebc278243869b7b
        Validity
            Not Before: Oct 13 12:53:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccc119c089e7eaab10b1bdc4b93a9cd5730b94cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0c:60:de:c1:0f:f1:da:e3:15:28:9b:ff:cf:
                    fb:ec:4e:1a:11:4e:9e:84:70:08:6b:07:12:31:a1:
                    90:4c:02:97:1a:7c:7b:4e:17:bc:c5:6a:61:e3:75:
                    5c:fa:6a:8e:58:7d:fe:bd:14:67:b7:6b:c7:00:f0:
                    b3:88:5c:96:b1:94:ff:b1:e8:f1:2f:8e:8a:a6:09:
                    58:94:aa:c9:d3:ea:59:f3:87:01:e0:77:4a:32:11:
                    e5:be:63:63:c2:af:be:d9:e7:b5:40:64:10:ac:3d:
                    70:0b:c2:04:cf:1c:26:ff:5e:79:38:4b:5e:bb:8d:
                    2f:0b:09:da:84:e6:09:e1:9d:8b:e8:37:05:96:80:
                    f7:b4:2d:cc:09:f5:25:b5:46:68:c3:cc:93:b5:fd:
                    5b:13:26:d0:36:74:1a:4e:1e:35:51:cb:bb:8c:f5:
                    a7:4f:3d:5d:7a:87:7e:bc:7e:af:8c:1a:20:88:f7:
                    f3:b6:f0:12:57:4d:d4:33:20:8c:dc:a1:3d:0d:99:
                    82:0d:ac:33:52:18:0a:24:44:c6:d6:7d:f6:ec:3c:
                    5d:99:6c:09:4b:66:b9:f0:14:c4:46:83:db:f2:fb:
                    ed:8e:6a:59:98:1f:03:58:7b:c7:cb:01:77:be:2e:
                    93:9d:c2:3d:da:3b:af:8e:2a:ec:f2:3f:2b:43:83:
                    79:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C1:19:C0:89:E7:EA:AB:10:B1:BD:C4:B9:3A:9C:D5:73:0B:94:CB
            X509v3 Authority Key Identifier:
                keyid:ED:AF:DC:A6:EA:CE:4F:12:93:22:3B:02:EE:BC:27:82:43:86:9B:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a_cpurOTxKTIjsC7rwngkOGm3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/zMEZwInn6qsQsb3EuTqc1XMLlMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b476f9-d242-465a-8748-5f1dc0a0bfcf/1/7a_cpurOTxKTIjsC7rwngkOGm3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.128.0/22
                IPv6:
                  2a07:9e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:4f:4c:bd:b5:84:15:84:cb:b8:e0:a6:b2:0e:8c:4f:d9:05:
         2d:98:47:ef:03:67:e4:ea:2d:f3:40:9f:c2:52:67:f7:aa:d4:
         64:f1:bd:97:45:48:44:da:8d:b2:4e:2c:a0:95:bd:35:bc:48:
         27:d6:57:9e:e7:aa:6f:b0:6e:da:71:08:ab:aa:5f:c8:90:7b:
         f2:38:4a:41:34:ba:d9:6d:5e:d5:26:67:e9:88:0e:cd:25:f0:
         b9:e9:0f:57:8d:2d:ed:1e:26:80:7e:d9:05:46:94:13:b4:30:
         f7:a7:f8:40:1a:60:7f:15:c5:99:5c:e5:92:a5:da:f7:42:5f:
         2a:b4:21:fd:d4:14:8c:0f:0d:7f:01:05:2f:16:4b:62:84:c4:
         36:d8:51:e5:05:57:4e:63:d3:df:8b:4c:e5:a5:c9:6a:a3:f0:
         d9:55:aa:65:50:d2:bb:65:83:55:2b:f1:f1:fe:13:c4:7a:46:
         89:00:27:6e:30:05:91:fc:e1:7c:18:97:9d:01:f7:d3:95:21:
         9a:05:66:a9:0c:96:a9:9d:5f:e5:bd:42:44:a0:f3:95:1b:5b:
         cd:92:65:76:6a:fa:43:1d:af:c2:d9:28:36:fc:d6:07:a9:cd:
         6f:17:bf:ed:38:67:b4:45:d4:a0:0e:d9:80:29:49:39:bf:06:
         7b:53:93:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZndojIuGHd6SYQ4zHXtuZ3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYWZkY2E2ZWFjZTRmMTI5MzIyM2IwMmVlYmMyNzgyNDM4
NjliN2IwHhcNMjUxMDEzMTI1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2MxMTljMDg5ZTdlYWFiMTBiMWJkYzRiOTNhOWNkNTczMGI5NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Axg3sEP8drjFSib/8/77E4aEU6e
hHAIawcSMaGQTAKXGnx7The8xWph43Vc+mqOWH3+vRRnt2vHAPCziFyWsZT/sejx
L46KpglYlKrJ0+pZ84cB4HdKMhHlvmNjwq++2ee1QGQQrD1wC8IEzxwm/155OEte
u40vCwnahOYJ4Z2L6DcFloD3tC3MCfUltUZow8yTtf1bEybQNnQaTh41Ucu7jPWn
Tz1deod+vH6vjBogiPfztvASV03UMyCM3KE9DZmCDawzUhgKJETG1n327DxdmWwJ
S2a58BTERoPb8vvtjmpZmB8DWHvHywF3vi6TncI92juvjirs8j8rQ4N5WwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzBGcCJ5+qrELG9xLk6nNVzC5TLMB8GA1UdIwQY
MBaAFO2v3Kbqzk8SkyI7Au68J4JDhpt7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2FfY3B1ck9UeEtUSWpzQzdyd25na09HbTNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9iNDc2ZjktZDI0Mi00NjVhLTg3NDgt
NWYxZGMwYTBiZmNmLzEvek1FWndJbm42cXNRc2IzRXVUcWMxWE1MbE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9iNDc2ZjktZDI0Mi00NjVhLTg3NDgtNWYxZGMwYTBiZmNm
LzEvN2FfY3B1ck9UeEtUSWpzQzdyd25na09HbTNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZyAMA0E
AgACMAcDBQMqB55AMA0GCSqGSIb3DQEBCwUAA4IBAQAHT0y9tYQVhMu44KayDoxP
2QUtmEfvA2fk6i3zQJ/CUmf3qtRk8b2XRUhE2o2yTiyglb01vEgn1lee56pvsG7a
cQirql/IkHvyOEpBNLrZbV7VJmfpiA7NJfC56Q9XjS3tHiaAftkFRpQTtDD3p/hA
GmB/FcWZXOWSpdr3Ql8qtCH91BSMDw1/AQUvFktihMQ22FHlBVdOY9Pfi0zlpclq
o/DZVaplUNK7ZYNVK/Hx/hPEekaJACduMAWR/OF8GJedAffTlSGaBWapDJapnV/l
vUJEoPOVG1vNkmV2avpDHa/C2Sg2/NYHqc1vF7/tOGe0RdSgDtmAKUk5vwZ7U5MA
-----END CERTIFICATE-----