Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/0JKJErErT3c5yGsDABKWandhVXg.roa
File:                     0JKJErErT3c5yGsDABKWandhVXg.roa (raw, json)
Hash identifier:          LqnDDTfQ4i9/DFwQQhZWC7hGQfTU/0ibBIuHY+9l1Co=
Subject key identifier:   D0:92:89:12:B1:2B:4F:77:39:C8:6B:03:00:12:96:6A:77:61:55:78
Certificate issuer:       /CN=a5013d6b2b553de176dd6ec81ce7b9032539cbba
Certificate serial:       019B7DCA0258AE70FEAFFC9BD3B1520C1FCB
Authority key identifier: A5:01:3D:6B:2B:55:3D:E1:76:DD:6E:C8:1C:E7:B9:03:25:39:CB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQE9aytVPeF23W7IHOe5AyU5y7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/0JKJErErT3c5yGsDABKWandhVXg.roa
Signing time:             Fri 02 Jan 2026 08:19:09 +0000
ROA not before:           Fri 02 Jan 2026 08:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212394
IP address blocks:        89.38.154.0/24 maxlen: 24
                          185.210.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/pQE9aytVPeF23W7IHOe5AyU5y7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/pQE9aytVPeF23W7IHOe5AyU5y7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pQE9aytVPeF23W7IHOe5AyU5y7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:02:58:ae:70:fe:af:fc:9b:d3:b1:52:0c:1f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5013d6b2b553de176dd6ec81ce7b9032539cbba
        Validity
            Not Before: Jan  2 08:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0928912b12b4f7739c86b030012966a77615578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fd:98:7f:cd:29:16:97:65:b3:39:90:53:a0:
                    91:8a:c0:9e:57:03:9f:2b:a0:01:d1:cb:f6:f2:90:
                    35:6e:8a:d7:6b:50:55:54:36:1f:48:04:09:7d:c9:
                    e5:24:bd:56:56:7d:86:cd:e9:9f:e1:29:be:c5:c5:
                    6a:28:59:2c:25:19:44:99:27:04:1f:15:3a:da:18:
                    83:29:41:18:c5:77:ba:a3:f3:a8:64:c2:1a:b6:2b:
                    ce:52:52:8d:d5:23:30:b8:98:5c:72:1e:d0:a0:9b:
                    f0:33:0b:04:e0:f6:ab:7a:3f:6d:7b:d2:ca:2e:31:
                    eb:80:3f:60:f7:ef:48:3a:92:52:03:ae:0d:07:56:
                    4f:ff:6c:8a:a6:24:28:95:6f:06:a1:bc:17:00:ac:
                    01:86:cd:7c:1c:7d:59:24:81:0b:cf:ca:7e:c8:a5:
                    13:38:d9:fa:82:8b:1a:53:9f:e9:4f:60:5e:69:1e:
                    81:09:15:40:6a:c0:e9:17:38:79:4a:8d:01:60:f7:
                    ce:a3:37:a9:58:14:6c:3b:08:19:21:ce:9b:e4:be:
                    b4:98:86:8a:ce:40:ec:a1:7c:40:15:e4:b2:de:0f:
                    85:48:1c:18:51:44:c5:a7:de:21:76:cf:34:d5:2d:
                    61:40:07:9d:3c:06:c7:80:14:17:1b:18:bd:d6:d0:
                    1a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:92:89:12:B1:2B:4F:77:39:C8:6B:03:00:12:96:6A:77:61:55:78
            X509v3 Authority Key Identifier:
                keyid:A5:01:3D:6B:2B:55:3D:E1:76:DD:6E:C8:1C:E7:B9:03:25:39:CB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQE9aytVPeF23W7IHOe5AyU5y7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/0JKJErErT3c5yGsDABKWandhVXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5d4ae1-16e8-4fc4-a81a-13fd2ccf8790/1/pQE9aytVPeF23W7IHOe5AyU5y7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.154.0/24
                  185.210.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:99:fb:e6:7a:9d:c1:ab:6e:80:6a:42:a8:2b:7f:99:23:1b:
         5f:51:10:c3:be:ae:c0:d6:be:15:55:af:e0:16:86:5d:4d:1c:
         f5:9c:1f:63:ce:1e:a2:cd:44:b6:1f:e0:5d:0d:07:ba:be:36:
         9b:2c:18:f8:4b:d5:9c:a0:e6:fb:2c:23:e2:e4:3c:c3:7e:cc:
         3a:9b:9c:a2:73:df:ef:72:9d:21:78:71:4f:28:93:1d:9d:1b:
         f5:6d:ff:27:4d:36:07:fa:58:54:43:50:e3:cf:f2:61:45:09:
         cc:00:2a:b8:2a:39:b9:56:46:63:9f:97:15:02:c6:a1:c6:b0:
         89:3c:55:cb:10:97:7c:07:38:fe:ac:50:ff:1c:40:86:17:0b:
         ed:22:06:9a:59:3b:80:d3:a0:d6:21:52:b4:ad:bc:1d:2d:60:
         75:b5:2c:10:18:8e:2b:22:ab:89:7e:9e:5f:48:f1:2f:b7:94:
         26:08:41:39:7d:6e:c1:0e:e5:5c:4f:02:24:53:6a:38:e6:24:
         37:08:b9:a1:13:3f:ff:08:db:46:78:a1:bd:93:9d:f1:00:1a:
         e8:e5:06:e6:8b:b9:b1:31:40:5d:37:21:c7:fe:8f:ef:7b:e4:
         12:d3:81:33:92:32:03:24:8d:14:c8:6a:3d:a9:e7:57:67:c8:
         58:92:cb:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt9ygJYrnD+r/yb07FSDB/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MDEzZDZiMmI1NTNkZTE3NmRkNmVjODFjZTdiOTAzMjUz
OWNiYmEwHhcNMjYwMTAyMDgxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDkyODkxMmIxMmI0Zjc3MzljODZiMDMwMDEyOTY2YTc3NjE1NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP2Yf80pFpdlszmQU6CRisCeVwOf
K6AB0cv28pA1borXa1BVVDYfSAQJfcnlJL1WVn2Gzemf4Sm+xcVqKFksJRlEmScE
HxU62hiDKUEYxXe6o/OoZMIativOUlKN1SMwuJhcch7QoJvwMwsE4Parej9te9LK
LjHrgD9g9+9IOpJSA64NB1ZP/2yKpiQolW8GobwXAKwBhs18HH1ZJIELz8p+yKUT
ONn6gosaU5/pT2BeaR6BCRVAasDpFzh5So0BYPfOozepWBRsOwgZIc6b5L60mIaK
zkDsoXxAFeSy3g+FSBwYUUTFp94hds801S1hQAedPAbHgBQXGxi91tAa0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNCSiRKxK093OchrAwASlmp3YVV4MB8GA1UdIwQY
MBaAFKUBPWsrVT3hdt1uyBznuQMlOcu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFFFOWF5dFZQZUYyM1c3SUhPZTVBeVU1eTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ZDRhZTEtMTZlOC00ZmM0LWE4MWEt
MTNmZDJjY2Y4NzkwLzEvMEpLSkVyRXJUM2M1eUdzREFCS1dhbmRoVlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ZDRhZTEtMTZlOC00ZmM0LWE4MWEtMTNmZDJjY2Y4Nzkw
LzEvcFFFOWF5dFZQZUYyM1c3SUhPZTVBeVU1eTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSaaAwQA
udKfMA0GCSqGSIb3DQEBCwUAA4IBAQARmfvmep3Bq26AakKoK3+ZIxtfURDDvq7A
1r4VVa/gFoZdTRz1nB9jzh6izUS2H+BdDQe6vjabLBj4S9WcoOb7LCPi5DzDfsw6
m5yic9/vcp0heHFPKJMdnRv1bf8nTTYH+lhUQ1Djz/JhRQnMACq4Kjm5VkZjn5cV
AsahxrCJPFXLEJd8Bzj+rFD/HECGFwvtIgaaWTuA06DWIVK0rbwdLWB1tSwQGI4r
IquJfp5fSPEvt5QmCEE5fW7BDuVcTwIkU2o45iQ3CLmhEz//CNtGeKG9k53xABro
5Qbmi7mxMUBdNyHH/o/ve+QS04EzkjIDJI0UyGo9qedXZ8hYksvH
-----END CERTIFICATE-----