Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/aCTYERjrsgQgd2eNcJ-xT6iLuVA.roa
File:                     aCTYERjrsgQgd2eNcJ-xT6iLuVA.roa (raw, json)
Hash identifier:          FSNpstLHIA+MgvTMObqgBgedN4krH4ykjVcUB8HPSAs=
Subject key identifier:   68:24:D8:11:18:EB:B2:04:20:77:67:8D:70:9F:B1:4F:A8:8B:B9:50
Certificate issuer:       /CN=19b390b62d09950d500cd6bbbd78d0390560ec42
Certificate serial:       019CF1F93FFB6E5B0BF2913110C3E39AF475
Authority key identifier: 19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/aCTYERjrsgQgd2eNcJ-xT6iLuVA.roa
Signing time:             Sun 15 Mar 2026 14:49:29 +0000
ROA not before:           Sun 15 Mar 2026 14:49:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        185.133.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:f9:3f:fb:6e:5b:0b:f2:91:31:10:c3:e3:9a:f4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b390b62d09950d500cd6bbbd78d0390560ec42
        Validity
            Not Before: Mar 15 14:49:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6824d81118ebb2042077678d709fb14fa88bb950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:41:fe:cc:fe:e4:95:b7:cc:76:08:20:01:00:
                    ba:38:1c:34:ee:8f:c4:8e:a0:2c:0c:cb:e2:84:18:
                    c7:b9:7f:1b:5d:d0:19:58:a4:57:bc:d2:c0:d1:13:
                    76:2b:55:8f:ec:86:02:87:fe:12:0c:d6:bb:0e:c2:
                    8f:54:0d:ea:2c:68:4e:13:9e:52:0b:a7:b6:bc:f4:
                    b4:0d:2d:43:3e:d3:17:64:ed:6c:e8:3c:6f:5e:6e:
                    dd:9a:42:c5:1c:20:97:94:b2:bd:2c:d3:e2:21:bb:
                    08:79:b5:f4:27:9b:78:a8:01:c1:9f:fa:b3:10:a0:
                    81:32:2c:a3:8d:64:11:1c:91:e0:0f:07:d6:69:23:
                    41:bc:c6:f9:7d:4e:bb:27:07:c7:cc:73:42:9d:13:
                    36:64:10:65:6a:75:2f:d5:70:4f:e8:27:f3:37:94:
                    c8:a0:4f:24:f2:54:73:d9:d4:a9:d1:a0:35:a8:03:
                    85:07:21:da:72:27:99:66:5e:1a:38:85:c4:35:01:
                    71:df:4c:46:a9:8d:a7:e8:56:d7:e4:10:65:62:6a:
                    32:24:2a:08:ef:85:fb:e8:2d:1d:69:02:50:e7:26:
                    58:ac:39:44:02:54:be:bf:f8:8c:07:5a:a8:76:7a:
                    0a:d1:02:0b:84:4e:21:c8:85:84:18:9c:e2:6d:34:
                    ad:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:24:D8:11:18:EB:B2:04:20:77:67:8D:70:9F:B1:4F:A8:8B:B9:50
            X509v3 Authority Key Identifier:
                keyid:19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/aCTYERjrsgQgd2eNcJ-xT6iLuVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ec:d0:03:c9:c3:f3:35:ac:7a:66:53:cf:1b:06:17:6f:14:
         2d:14:2a:ba:fe:0a:c6:26:4e:f6:2f:8b:9c:e1:e1:31:42:2c:
         b8:2a:63:22:32:ea:f9:6f:48:e4:c7:d7:5c:1e:4b:9e:c9:75:
         54:9f:da:d8:11:3c:06:28:53:d1:e2:e5:80:1f:de:54:c8:fa:
         d2:2e:5f:89:ea:12:96:3e:c3:b7:9a:ba:a9:4c:be:ee:41:44:
         6e:a9:89:6e:51:a2:69:b0:01:fc:1c:e5:75:bd:b3:24:42:4d:
         86:c8:c0:ad:5e:7d:4d:bb:d0:0b:20:28:70:3b:45:97:48:c3:
         68:06:bf:ba:f0:1a:3f:89:b0:7f:aa:2a:e4:c6:3b:50:d6:33:
         d7:60:fa:07:cd:8d:9f:58:9a:c0:c0:6e:b8:9a:ca:52:61:05:
         52:1d:e4:e6:d3:67:91:8d:28:94:a0:39:03:5b:3d:38:e0:da:
         9a:82:4f:6c:6a:27:aa:ac:54:fe:75:61:1f:d2:0f:bd:36:70:
         0e:df:f6:5a:d5:fd:f5:8b:98:51:7e:20:87:60:c2:75:77:f1:
         23:4a:5f:50:85:b5:62:64:1b:c7:7d:4e:ea:fc:be:57:72:60:
         25:63:08:15:d1:58:6e:34:5e:39:c5:e2:12:b3:55:00:20:ed:
         29:b9:72:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzx+T/7blsL8pExEMPjmvR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjM5MGI2MmQwOTk1MGQ1MDBjZDZiYmJkNzhkMDM5MDU2
MGVjNDIwHhcNMjYwMzE1MTQ0OTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODI0ZDgxMTE4ZWJiMjA0MjA3NzY3OGQ3MDlmYjE0ZmE4OGJiOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0H+zP7klbfMdgggAQC6OBw07o/E
jqAsDMvihBjHuX8bXdAZWKRXvNLA0RN2K1WP7IYCh/4SDNa7DsKPVA3qLGhOE55S
C6e2vPS0DS1DPtMXZO1s6DxvXm7dmkLFHCCXlLK9LNPiIbsIebX0J5t4qAHBn/qz
EKCBMiyjjWQRHJHgDwfWaSNBvMb5fU67JwfHzHNCnRM2ZBBlanUv1XBP6CfzN5TI
oE8k8lRz2dSp0aA1qAOFByHacieZZl4aOIXENQFx30xGqY2n6FbX5BBlYmoyJCoI
74X76C0daQJQ5yZYrDlEAlS+v/iMB1qodnoK0QILhE4hyIWEGJzibTStHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgk2BEY67IEIHdnjXCfsU+oi7lQMB8GA1UdIwQY
MBaAFBmzkLYtCZUNUAzWu7140DkFYOxCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2Mt
MTQ0ZDc0NzNlYTU5LzEvYUNUWUVSanJzZ1FnZDJlTmNKLXhUNmlMdVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2MtMTQ0ZDc0NzNlYTU5
LzEvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXyMA0G
CSqGSIb3DQEBCwUAA4IBAQBb7NADycPzNax6ZlPPGwYXbxQtFCq6/grGJk72L4uc
4eExQiy4KmMiMur5b0jkx9dcHkueyXVUn9rYETwGKFPR4uWAH95UyPrSLl+J6hKW
PsO3mrqpTL7uQURuqYluUaJpsAH8HOV1vbMkQk2GyMCtXn1Nu9ALIChwO0WXSMNo
Br+68Bo/ibB/qirkxjtQ1jPXYPoHzY2fWJrAwG64mspSYQVSHeTm02eRjSiUoDkD
Wz044Nqagk9saieqrFT+dWEf0g+9NnAO3/Za1f31i5hRfiCHYMJ1d/EjSl9QhbVi
ZBvHfU7q/L5XcmAlYwgV0VhuNF45xeISs1UAIO0puXLx
-----END CERTIFICATE-----