Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/B8B9K97Hxo9p2HPdq3X7_bUrNOc.roa
File:                     B8B9K97Hxo9p2HPdq3X7_bUrNOc.roa (raw, json)
Hash identifier:          NIA5ys2Jl6RcIrrYViu7257LN1PDUAXmE2FRelr4fiI=
Subject key identifier:   07:C0:7D:2B:DE:C7:C6:8F:69:D8:73:DD:AB:75:FB:FD:B5:2B:34:E7
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CC2BA2CCC41E4790707C11CEF368A4C20
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/B8B9K97Hxo9p2HPdq3X7_bUrNOc.roa
Signing time:             Fri 06 Mar 2026 10:38:26 +0000
ROA not before:           Fri 06 Mar 2026 10:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        92.62.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:ba:2c:cc:41:e4:79:07:07:c1:1c:ef:36:8a:4c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar  6 10:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07c07d2bdec7c68f69d873ddab75fbfdb52b34e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f9:9e:70:14:60:74:e6:66:48:83:3d:99:6d:
                    12:39:77:d0:b2:6a:a0:52:08:e2:a1:bf:be:b6:41:
                    a8:5b:51:f1:73:05:e7:05:e4:d5:da:ee:09:ae:d2:
                    a7:5f:01:df:9e:a5:21:ce:62:91:a7:14:75:46:fb:
                    91:52:db:e8:13:22:5c:2e:ba:45:17:e2:80:16:fc:
                    8c:e4:c5:6b:61:0b:f1:96:1f:25:89:30:e0:d0:18:
                    42:ad:16:e2:4e:71:22:d3:4f:78:2c:2c:35:05:f2:
                    17:9c:6a:51:ca:74:c7:0d:a1:6a:c3:b2:fd:91:31:
                    b4:85:be:24:52:ec:c4:17:d3:9c:64:34:d9:dc:71:
                    69:91:7e:be:dc:a3:4e:8a:95:49:d6:19:02:19:29:
                    0d:3b:0e:6f:4d:46:b2:96:bd:71:74:90:46:8a:64:
                    e7:18:dd:d5:96:ed:e2:f1:3c:0b:c3:f0:78:61:58:
                    87:db:c2:05:39:ec:6e:ac:16:eb:06:43:7e:e1:47:
                    55:23:9c:41:a9:74:3f:4d:19:67:33:c6:80:59:41:
                    9f:ff:18:aa:82:3d:2a:28:2f:d0:f1:f8:4b:e1:3d:
                    1b:f9:fd:fe:73:ff:93:a8:b7:fe:9a:10:4d:60:96:
                    68:48:57:87:7c:38:3d:0e:8c:43:b7:3f:0a:2a:57:
                    1a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C0:7D:2B:DE:C7:C6:8F:69:D8:73:DD:AB:75:FB:FD:B5:2B:34:E7
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/B8B9K97Hxo9p2HPdq3X7_bUrNOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a6:7c:3d:89:74:63:94:21:48:44:95:86:20:04:8b:b4:95:
         32:79:c1:03:20:41:26:6f:89:54:ea:dd:17:3b:21:39:24:16:
         39:64:6b:bf:f9:75:d0:8e:b6:5f:16:18:4e:07:bf:61:ec:59:
         94:37:3f:3e:97:20:c7:bb:65:18:93:ce:2b:d1:e6:47:9a:19:
         6b:05:b2:36:4c:29:8d:a3:11:e2:ca:12:61:ea:39:72:30:3f:
         60:1e:20:07:b5:7d:da:69:39:96:fb:c0:49:ef:d7:a0:2d:88:
         65:4b:93:89:20:8c:90:a1:67:f2:c9:e2:78:12:fb:83:89:c6:
         2e:f3:4e:46:46:93:22:1e:59:7c:b7:23:eb:b9:a6:03:d2:47:
         34:ce:b1:7f:b2:62:b3:cb:9f:19:22:c7:34:e3:d9:31:a0:d9:
         87:5c:99:b4:a8:bb:17:f4:8f:31:f4:5a:5a:be:86:5f:65:b3:
         85:e5:91:13:75:d6:24:86:aa:d3:35:39:8b:9b:4a:d5:92:11:
         2d:51:18:8c:54:0d:c8:ef:f3:57:f1:c3:dd:ea:ea:09:35:7d:
         76:df:63:9c:ab:d3:b9:68:f7:c4:37:cd:ec:ff:8a:80:f4:14:
         03:97:39:dc:07:50:85:ae:d3:22:b3:1b:ab:c8:26:a0:af:f7:
         bc:a6:b0:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCuizMQeR5BwfBHO82ikwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzA2MTAzODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2MwN2QyYmRlYzdjNjhmNjlkODczZGRhYjc1ZmJmZGI1MmIzNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvmecBRgdOZmSIM9mW0SOXfQsmqg
Ugjiob++tkGoW1HxcwXnBeTV2u4JrtKnXwHfnqUhzmKRpxR1RvuRUtvoEyJcLrpF
F+KAFvyM5MVrYQvxlh8liTDg0BhCrRbiTnEi0094LCw1BfIXnGpRynTHDaFqw7L9
kTG0hb4kUuzEF9OcZDTZ3HFpkX6+3KNOipVJ1hkCGSkNOw5vTUaylr1xdJBGimTn
GN3Vlu3i8TwLw/B4YViH28IFOexurBbrBkN+4UdVI5xBqXQ/TRlnM8aAWUGf/xiq
gj0qKC/Q8fhL4T0b+f3+c/+TqLf+mhBNYJZoSFeHfDg9DoxDtz8KKlcakQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfAfSvex8aPadhz3at1+/21KzTnMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvQjhCOUs5N0h4bzlwMkhQZHEzWDdfYlVyTk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7+MA0G
CSqGSIb3DQEBCwUAA4IBAQAPpnw9iXRjlCFIRJWGIASLtJUyecEDIEEmb4lU6t0X
OyE5JBY5ZGu/+XXQjrZfFhhOB79h7FmUNz8+lyDHu2UYk84r0eZHmhlrBbI2TCmN
oxHiyhJh6jlyMD9gHiAHtX3aaTmW+8BJ79egLYhlS5OJIIyQoWfyyeJ4EvuDicYu
805GRpMiHll8tyPruaYD0kc0zrF/smKzy58ZIsc049kxoNmHXJm0qLsX9I8x9Fpa
voZfZbOF5ZETddYkhqrTNTmLm0rVkhEtURiMVA3I7/NX8cPd6uoJNX1232Ocq9O5
aPfEN83s/4qA9BQDlzncB1CFrtMisxuryCagr/e8prB/
-----END CERTIFICATE-----