Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/bTOnRxNxvECcf7nHGrRBggKpVis.roa
File:                     bTOnRxNxvECcf7nHGrRBggKpVis.roa (raw, json)
Hash identifier:          jNHyRUZLE/GNpUxOo+zEa+SVHdha0P98kuHnkgY64OA=
Subject key identifier:   6D:33:A7:47:13:71:BC:40:9C:7F:B9:C7:1A:B4:41:82:02:A9:56:2B
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019CF6ED406F79CA19CAAD7F4A14F460E325
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/bTOnRxNxvECcf7nHGrRBggKpVis.roa
Signing time:             Mon 16 Mar 2026 13:54:29 +0000
ROA not before:           Mon 16 Mar 2026 13:54:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        188.246.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:ed:40:6f:79:ca:19:ca:ad:7f:4a:14:f4:60:e3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar 16 13:54:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d33a7471371bc409c7fb9c71ab4418202a9562b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3f:46:00:81:c7:9a:14:e9:79:1a:b5:61:80:
                    05:f6:62:92:92:5c:44:2b:8e:c8:dc:e0:9f:87:31:
                    e0:2c:d2:67:bc:79:e5:98:35:57:c9:e5:6f:5c:c9:
                    c8:ef:1e:73:a2:ef:d5:50:61:24:ff:59:ad:6e:07:
                    92:15:e4:45:65:c0:dc:bf:e2:7c:a9:46:d1:af:fa:
                    94:b2:5f:32:7c:de:fe:88:34:c9:dc:fc:93:cc:cc:
                    7e:05:a2:c8:49:ed:01:25:d3:9a:3d:e7:64:44:0d:
                    8b:24:8a:a8:74:b9:b9:24:a8:4c:06:04:29:92:ac:
                    cb:8a:1e:dc:9a:a9:4c:ae:94:b9:cd:24:14:90:04:
                    d3:83:d5:7d:d2:f3:39:7d:2f:83:59:dc:de:57:cc:
                    8b:33:49:a8:d3:53:52:b4:fc:a9:9c:d5:91:40:ef:
                    24:05:e0:a5:4c:fe:b1:fa:f6:90:31:98:08:8e:37:
                    64:0b:ea:bb:2d:54:78:fc:4d:7d:a7:d7:a8:ab:d5:
                    fe:cd:c4:b2:10:3c:e7:e2:1b:5b:a3:2e:26:6c:51:
                    fd:5a:a7:82:82:8b:3b:7a:4c:e0:d9:75:de:f1:bf:
                    0f:b5:40:74:ec:a2:2c:88:aa:66:37:24:69:27:da:
                    8b:e4:5a:9d:b9:5a:c6:09:ca:1a:78:b1:b3:1d:31:
                    46:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:33:A7:47:13:71:BC:40:9C:7F:B9:C7:1A:B4:41:82:02:A9:56:2B
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/bTOnRxNxvECcf7nHGrRBggKpVis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:5d:e6:11:5b:8c:92:bb:99:ef:e4:75:99:4c:9e:87:0e:24:
         12:ed:a0:33:c3:4f:1f:84:7c:10:63:ad:19:9d:d1:25:29:03:
         41:f1:fa:79:99:2c:e8:79:da:1a:1e:fc:d0:1d:40:09:ff:3c:
         45:2b:82:6d:d4:1b:44:3a:e6:07:d3:6e:82:5d:58:d7:33:62:
         c7:09:e7:0c:44:39:fc:d2:f5:12:32:40:c1:89:a0:e1:14:07:
         d5:36:ea:ba:79:fe:53:09:2f:7b:56:e9:61:fe:13:86:6f:5d:
         34:38:80:13:c2:9a:08:6f:9a:20:2f:1a:ec:14:42:77:1e:fb:
         11:cf:03:18:25:46:af:00:43:ea:48:95:93:0a:4f:8a:df:e2:
         db:7a:b8:88:0d:6a:c4:5f:15:5b:6f:38:c2:e2:dc:d0:b1:4d:
         10:45:cc:7e:ac:61:1e:0e:dd:8f:9f:c4:50:3f:3e:0e:a8:3b:
         e4:3a:52:77:0c:91:26:09:ed:24:fe:de:8c:15:5e:dd:c3:b4:
         94:d4:5d:f7:af:c9:12:c1:9d:73:6a:5e:a5:47:41:bf:3a:6b:
         59:f0:3d:3f:15:d3:5a:b3:8d:2d:d3:8f:bc:fd:41:ac:66:70:
         5d:46:a3:45:7a:0b:d5:a1:73:77:db:ff:bf:6a:fb:d9:fc:b3:
         66:69:3a:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz27UBvecoZyq1/ShT0YOMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzE2MTM1NDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDMzYTc0NzEzNzFiYzQwOWM3ZmI5YzcxYWI0NDE4MjAyYTk1NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT9GAIHHmhTpeRq1YYAF9mKSklxE
K47I3OCfhzHgLNJnvHnlmDVXyeVvXMnI7x5zou/VUGEk/1mtbgeSFeRFZcDcv+J8
qUbRr/qUsl8yfN7+iDTJ3PyTzMx+BaLISe0BJdOaPedkRA2LJIqodLm5JKhMBgQp
kqzLih7cmqlMrpS5zSQUkATTg9V90vM5fS+DWdzeV8yLM0mo01NStPypnNWRQO8k
BeClTP6x+vaQMZgIjjdkC+q7LVR4/E19p9eoq9X+zcSyEDzn4htboy4mbFH9WqeC
gos7ekzg2XXe8b8PtUB07KIsiKpmNyRpJ9qL5FqduVrGCcoaeLGzHTFGiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0zp0cTcbxAnH+5xxq0QYICqVYrMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvYlRPblJ4Tnh2RUNjZjduSEdyUkJnZ0twVmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPbQMA0G
CSqGSIb3DQEBCwUAA4IBAQCTXeYRW4ySu5nv5HWZTJ6HDiQS7aAzw08fhHwQY60Z
ndElKQNB8fp5mSzoedoaHvzQHUAJ/zxFK4Jt1BtEOuYH026CXVjXM2LHCecMRDn8
0vUSMkDBiaDhFAfVNuq6ef5TCS97Vulh/hOGb100OIATwpoIb5ogLxrsFEJ3HvsR
zwMYJUavAEPqSJWTCk+K3+LberiIDWrEXxVbbzjC4tzQsU0QRcx+rGEeDt2Pn8RQ
Pz4OqDvkOlJ3DJEmCe0k/t6MFV7dw7SU1F33r8kSwZ1zal6lR0G/OmtZ8D0/FdNa
s40t04+8/UGsZnBdRqNFegvVoXN32/+/avvZ/LNmaTpe
-----END CERTIFICATE-----