Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zzYl9sYGWzbrcOp0AzaJz_RiKmE.roa
File:                     zzYl9sYGWzbrcOp0AzaJz_RiKmE.roa (raw, json)
Hash identifier:          4fRsfAp+VUAU5KLkd7ehzhSep78UbMuGKQBVJNTpoZQ=
Subject key identifier:   CF:36:25:F6:C6:06:5B:36:EB:70:EA:74:03:36:89:CF:F4:62:2A:61
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0197A39FFD5A766A04058145F7A11D761A2E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zzYl9sYGWzbrcOp0AzaJz_RiKmE.roa
Signing time:             Tue 24 Jun 2025 20:27:40 +0000
ROA not before:           Tue 24 Jun 2025 20:27:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        103.212.80.0/24 maxlen: 24
                          185.121.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a3:9f:fd:5a:76:6a:04:05:81:45:f7:a1:1d:76:1a:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 24 20:27:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf3625f6c6065b36eb70ea74033689cff4622a61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:cf:52:e8:c0:fb:2c:48:2a:ce:9f:e7:a6:9e:
                    6f:c6:19:02:e4:52:d9:6f:bf:0a:da:16:83:b5:cf:
                    45:76:a7:c6:26:6b:b7:9e:11:be:b9:bc:f1:fa:4c:
                    18:b3:e7:34:a6:81:0a:cd:22:47:84:7f:8e:78:03:
                    59:cc:3c:25:58:f9:75:b9:73:27:f4:31:54:7e:1c:
                    45:40:92:d4:dc:74:d9:a8:2c:3f:46:91:4f:f8:1d:
                    34:a1:1d:71:c1:6a:40:fd:bf:ad:07:80:3f:f8:2f:
                    cf:5d:db:e5:60:c9:72:6d:1b:2d:d6:61:24:70:d1:
                    6e:a6:83:0f:16:c0:69:30:b6:3a:96:3d:b5:ca:ff:
                    1a:04:f4:c6:4c:e3:c7:12:0a:47:4f:36:13:65:a7:
                    88:8e:59:70:bc:9f:57:07:62:0f:2d:ed:e9:b5:7b:
                    b0:7e:2b:d1:f9:ef:f9:f5:31:7e:32:0f:6f:41:86:
                    6e:5d:8f:35:5a:c2:4c:61:c6:8d:8a:2a:e5:92:90:
                    a6:2c:bd:ac:1f:05:50:c2:11:4b:00:89:f6:7b:fb:
                    0e:df:18:4e:5f:9c:3b:06:93:ac:49:f2:60:53:20:
                    0d:1d:b3:20:9a:4f:16:65:18:c8:35:a4:36:1b:d9:
                    6f:1c:82:61:47:bf:14:a8:cd:c0:15:65:1e:34:46:
                    e9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:36:25:F6:C6:06:5B:36:EB:70:EA:74:03:36:89:CF:F4:62:2A:61
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zzYl9sYGWzbrcOp0AzaJz_RiKmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.212.80.0/24
                  185.121.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:87:b8:a2:af:a0:bd:71:98:78:2b:1b:27:ce:f3:f7:f9:62:
         c2:71:66:98:3c:e0:19:e5:e2:c2:7b:89:cc:08:1e:f6:31:51:
         66:54:08:cf:87:72:72:84:d0:88:19:c4:5e:aa:e6:f6:04:60:
         ea:51:cb:70:20:56:3a:86:a6:9b:f3:3c:7e:32:80:f7:24:81:
         81:ea:24:50:a4:c3:60:36:db:bd:5d:dc:40:5a:c0:7a:d4:87:
         55:1c:3c:28:08:b9:37:a1:9a:69:30:e2:0c:b7:f0:16:a8:8d:
         46:52:2b:c1:83:6d:e2:2b:90:58:1a:a6:e4:f9:5e:55:56:cd:
         48:d5:d9:65:04:a7:72:7d:8a:d1:d5:b2:db:fd:0c:ed:2b:64:
         ef:fc:2e:ee:4c:fc:5b:73:74:b9:2e:09:b1:4d:7d:d5:e2:8a:
         d2:cf:df:15:66:95:7f:5f:0b:4b:28:9a:ff:9e:0a:b4:d7:dc:
         95:a3:b1:da:ba:67:36:c4:e4:24:af:05:c9:8d:55:0a:2c:15:
         28:49:ef:d9:cb:27:0b:96:40:4f:41:77:87:a9:04:19:05:72:
         22:af:13:bb:cc:5f:92:0a:eb:59:d9:3d:61:df:e8:21:38:80:
         f8:54:bb:13:76:ef:90:2e:d1:94:65:42:7b:41:fe:2a:4b:4d:
         60:bc:f7:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZejn/1admoEBYFF96EddhouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwNjI0MjAyNzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjM2MjVmNmM2MDY1YjM2ZWI3MGVhNzQwMzM2ODljZmY0NjIyYTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s9S6MD7LEgqzp/npp5vxhkC5FLZ
b78K2haDtc9FdqfGJmu3nhG+ubzx+kwYs+c0poEKzSJHhH+OeANZzDwlWPl1uXMn
9DFUfhxFQJLU3HTZqCw/RpFP+B00oR1xwWpA/b+tB4A/+C/PXdvlYMlybRst1mEk
cNFupoMPFsBpMLY6lj21yv8aBPTGTOPHEgpHTzYTZaeIjllwvJ9XB2IPLe3ptXuw
fivR+e/59TF+Mg9vQYZuXY81WsJMYcaNiirlkpCmLL2sHwVQwhFLAIn2e/sO3xhO
X5w7BpOsSfJgUyANHbMgmk8WZRjINaQ2G9lvHIJhR78UqM3AFWUeNEbpWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM82JfbGBls263DqdAM2ic/0YiphMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvenpZbDlzWUdXemJyY09wMEF6YUp6X1JpS21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ9RQAwQB
uXl6MA0GCSqGSIb3DQEBCwUAA4IBAQAvh7iir6C9cZh4KxsnzvP3+WLCcWaYPOAZ
5eLCe4nMCB72MVFmVAjPh3JyhNCIGcRequb2BGDqUctwIFY6hqab8zx+MoD3JIGB
6iRQpMNgNtu9XdxAWsB61IdVHDwoCLk3oZppMOIMt/AWqI1GUivBg23iK5BYGqbk
+V5VVs1I1dllBKdyfYrR1bLb/QztK2Tv/C7uTPxbc3S5LgmxTX3V4orSz98VZpV/
XwtLKJr/ngq019yVo7Haumc2xOQkrwXJjVUKLBUoSe/ZyycLlkBPQXeHqQQZBXIi
rxO7zF+SCutZ2T1h3+ghOID4VLsTdu+QLtGUZUJ7Qf4qS01gvPdr
-----END CERTIFICATE-----