Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Z9Q6TpYhUX-RgIKjZEgzzfOnnbg.roa
File:                     Z9Q6TpYhUX-RgIKjZEgzzfOnnbg.roa (raw, json)
Hash identifier:          GDfSQmfXjh6HIgHuPNpGSyxzN9pt2yQdSRBlkSy/ldA=
Subject key identifier:   67:D4:3A:4E:96:21:51:7F:91:80:82:A3:64:48:33:CD:F3:A7:9D:B8
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019D06889D2B1C8B3F1640F867289BF22811
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Z9Q6TpYhUX-RgIKjZEgzzfOnnbg.roa
Signing time:             Thu 19 Mar 2026 14:38:29 +0000
ROA not before:           Thu 19 Mar 2026 14:38:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        185.56.46.0/24 maxlen: 24
                          185.56.47.0/24 maxlen: 24
                          185.87.57.0/24 maxlen: 24
                          185.87.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:88:9d:2b:1c:8b:3f:16:40:f8:67:28:9b:f2:28:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar 19 14:38:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67d43a4e9621517f918082a3644833cdf3a79db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:d0:5a:22:e4:00:cf:2f:70:e5:10:8c:af:
                    45:dc:07:15:c6:06:b5:59:58:ae:10:f9:c5:ab:55:
                    75:fc:9c:36:a4:ff:68:1e:77:37:61:ed:4c:9b:12:
                    ab:c4:d4:d6:ea:59:a2:cc:61:e3:07:4b:87:bb:67:
                    9a:53:2c:7b:a8:0a:ea:4c:6e:5b:3d:0d:ff:e8:44:
                    d2:64:53:8b:64:d8:51:34:3a:43:aa:e1:e1:96:f2:
                    1e:19:6f:4a:e6:c0:ad:4d:d3:fb:fc:43:7c:f8:d5:
                    69:d9:a6:7c:7b:ac:8e:fc:7d:96:9b:e7:e6:de:11:
                    df:da:e2:a4:de:0e:16:8c:ca:77:4d:a4:e2:40:fc:
                    d4:49:e7:8c:cd:24:4a:ea:4e:c8:78:c9:73:25:fe:
                    5b:61:39:17:05:52:c0:00:fb:d8:cc:0d:0b:c7:93:
                    5e:2d:2d:9a:e4:46:20:df:4b:3d:fc:8d:eb:98:a8:
                    a0:8c:3b:b5:fc:b4:b5:25:1d:d6:42:b3:c4:de:05:
                    73:97:6d:e0:e0:5d:84:1f:86:bd:bd:bb:12:e4:6e:
                    01:71:7c:c6:8e:7d:60:fc:05:76:c5:83:67:c8:2a:
                    5b:92:52:9c:93:56:50:92:ec:77:08:80:b0:3b:75:
                    c6:01:80:31:67:ac:38:a0:67:0b:d9:06:cf:f6:8e:
                    19:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D4:3A:4E:96:21:51:7F:91:80:82:A3:64:48:33:CD:F3:A7:9D:B8
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Z9Q6TpYhUX-RgIKjZEgzzfOnnbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.46.0/23
                  185.87.57.0-185.87.58.255

    Signature Algorithm: sha256WithRSAEncryption
         71:06:0f:28:aa:e3:20:13:cc:7f:70:16:89:37:43:19:1e:a5:
         61:d7:3d:30:4f:aa:c8:c7:4a:66:36:87:95:76:4f:00:3d:b2:
         cf:ea:a6:82:27:5d:1c:c9:ab:e3:1c:be:da:c8:32:22:da:7e:
         86:a0:c2:50:01:e2:7f:74:b5:f5:fa:8b:31:be:93:e9:34:72:
         12:08:a3:44:83:68:69:96:c8:a2:60:41:74:1f:89:67:98:4d:
         e9:f5:a1:80:09:69:7a:35:f1:0b:88:cb:01:c9:95:94:41:ee:
         15:78:fc:8f:65:aa:fa:eb:69:b2:2a:fb:ec:35:d9:84:cc:0b:
         4a:ee:cb:c5:e3:f9:8f:29:b5:16:96:ab:e6:1f:29:ad:03:d1:
         b3:58:8d:a9:34:59:88:07:ec:76:5e:31:2f:e9:0b:2d:ed:8f:
         8f:9d:f0:cc:02:47:17:d9:bf:3a:0a:9e:9d:7a:e3:28:a7:56:
         eb:2b:9d:ce:97:f9:d2:53:de:ea:e3:f4:00:b9:1b:84:98:c8:
         76:03:ff:7c:76:6d:4e:0d:0a:64:b7:59:fd:b7:e8:48:ed:7b:
         73:e5:cd:18:8a:78:f7:c0:e4:c7:de:86:7a:40:89:03:be:cb:
         2f:f5:38:89:fc:d8:95:79:56:4e:f3:0b:2b:2a:5a:e9:ed:8f:
         1d:ec:b3:0d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0GiJ0rHIs/FkD4Zyib8igRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzE5MTQzODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q0M2E0ZTk2MjE1MTdmOTE4MDgyYTM2NDQ4MzNjZGYzYTc5ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF7QWiLkAM8vcOUQjK9F3AcVxga1
WViuEPnFq1V1/Jw2pP9oHnc3Ye1MmxKrxNTW6lmizGHjB0uHu2eaUyx7qArqTG5b
PQ3/6ETSZFOLZNhRNDpDquHhlvIeGW9K5sCtTdP7/EN8+NVp2aZ8e6yO/H2Wm+fm
3hHf2uKk3g4WjMp3TaTiQPzUSeeMzSRK6k7IeMlzJf5bYTkXBVLAAPvYzA0Lx5Ne
LS2a5EYg30s9/I3rmKigjDu1/LS1JR3WQrPE3gVzl23g4F2EH4a9vbsS5G4BcXzG
jn1g/AV2xYNnyCpbklKck1ZQkux3CICwO3XGAYAxZ6w4oGcL2QbP9o4ZHQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGfUOk6WIVF/kYCCo2RIM83zp524MB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvWjlRNlRwWWhVWC1SZ0lLalpFZ3p6Zk9ubmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBuTguMAwD
BAC5VzkDBAC5VzowDQYJKoZIhvcNAQELBQADggEBAHEGDyiq4yATzH9wFok3Qxke
pWHXPTBPqsjHSmY2h5V2TwA9ss/qpoInXRzJq+McvtrIMiLafoagwlAB4n90tfX6
izG+k+k0chIIo0SDaGmWyKJgQXQfiWeYTen1oYAJaXo18QuIywHJlZRB7hV4/I9l
qvrrabIq++w12YTMC0ruy8Xj+Y8ptRaWq+YfKa0D0bNYjak0WYgH7HZeMS/pCy3t
j4+d8MwCRxfZvzoKnp164yinVusrnc6X+dJT3urj9AC5G4SYyHYD/3x2bU4NCmS3
Wf236Ejte3PlzRiKePfA5MfehnpAiQO+yy/1OIn82JV5Vk7zCysqWuntjx3ssw0=
-----END CERTIFICATE-----