Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/nieh0sc1APDpOfzH0MPtR51QZ14.roa
File:                     nieh0sc1APDpOfzH0MPtR51QZ14.roa (raw, json)
Hash identifier:          cv//t3csuZnG7+u/q0h4zp9zH0W6oEKPTW0buyQiPLk=
Subject key identifier:   9E:27:A1:D2:C7:35:00:F0:E9:39:FC:C7:D0:C3:ED:47:9D:50:67:5E
Certificate issuer:       /CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
Certificate serial:       019DD628C40E0BCBF77EC3A92ED03F65643B
Authority key identifier: A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/nieh0sc1APDpOfzH0MPtR51QZ14.roa
Signing time:             Tue 28 Apr 2026 22:14:49 +0000
ROA not before:           Tue 28 Apr 2026 22:14:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214915
IP address blocks:        185.220.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d6:28:c4:0e:0b:cb:f7:7e:c3:a9:2e:d0:3f:65:64:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
        Validity
            Not Before: Apr 28 22:14:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e27a1d2c73500f0e939fcc7d0c3ed479d50675e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6e:d6:0d:4c:23:47:e1:b8:27:a2:bb:05:e2:
                    2a:4a:19:11:ac:c4:c3:7a:32:51:23:dc:3f:1d:86:
                    bb:ee:f6:56:b5:8b:37:3e:e1:13:a1:ad:15:fb:bd:
                    82:65:be:55:10:45:8d:d5:42:f6:e5:d0:ee:5e:71:
                    06:d0:12:11:99:6f:d8:c9:5d:23:98:c9:57:dc:c0:
                    64:84:19:71:e0:10:3e:d8:1e:72:7a:31:f6:7d:bf:
                    0f:7a:67:35:94:48:ba:cd:b5:36:f5:ba:67:7f:48:
                    4d:fc:f3:13:21:a0:fa:e4:27:52:b7:3b:83:4f:70:
                    8d:b2:9e:88:3b:a1:17:0e:db:c7:af:59:e6:cb:05:
                    5f:3a:7f:1d:4e:a1:d3:33:c0:4b:cb:9f:d1:8b:1c:
                    82:7f:35:d7:d9:c3:8d:bb:9c:18:c7:7f:a7:f0:da:
                    8b:88:1b:20:89:4f:21:b9:d9:d0:28:a9:28:25:89:
                    f5:5f:38:e9:4a:4b:58:5f:44:f1:fd:3a:48:ea:2f:
                    c2:b1:a2:34:2c:f9:78:1b:71:be:09:12:72:bf:8d:
                    ba:3d:47:9f:f7:07:d6:b7:2e:46:0b:63:ea:ad:bc:
                    72:92:43:62:50:07:40:46:48:cc:d2:4e:10:92:7c:
                    89:8b:8f:7f:f7:5c:a0:2b:2c:20:ab:57:ea:7d:4e:
                    fb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:27:A1:D2:C7:35:00:F0:E9:39:FC:C7:D0:C3:ED:47:9D:50:67:5E
            X509v3 Authority Key Identifier:
                keyid:A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/nieh0sc1APDpOfzH0MPtR51QZ14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:12:a6:a3:71:04:fa:d7:dd:ae:2d:1a:9d:26:cb:f0:71:b1:
         96:ee:61:56:cf:b5:42:0c:28:26:1e:04:4f:8b:f7:76:e4:75:
         8b:2a:86:93:9c:16:dd:60:8a:03:ed:c4:1a:dd:0a:6d:b0:c9:
         03:54:8e:26:3b:92:c1:84:86:40:a8:37:3b:35:7d:1d:97:4b:
         78:c3:f8:0f:e8:84:3c:07:e0:d1:c7:c9:67:06:5d:42:8a:db:
         64:ee:46:a5:f1:fb:ee:69:7a:8e:2b:7f:1f:56:6d:0b:59:9a:
         79:e5:ae:b0:ea:0b:44:81:46:44:11:9a:07:ed:f4:5d:07:4c:
         57:c7:af:8d:75:f2:21:5d:35:2b:4a:93:c8:34:02:0f:7f:8a:
         01:68:08:89:c1:b7:d5:c0:06:b0:95:78:8f:54:6d:ae:37:23:
         a7:a0:ae:e3:4c:c4:0a:55:ed:37:b7:3a:10:54:c1:23:7c:2b:
         4c:d4:c6:10:f3:d5:98:07:4f:aa:d3:f7:7d:a8:94:28:48:3c:
         f2:57:51:03:a9:da:14:b3:16:86:6f:87:bd:09:e6:f8:8b:9b:
         ae:7f:9d:96:a0:0b:52:f5:c8:b6:40:c5:92:dc:59:5b:2e:7f:
         98:a2:83:b8:11:ae:ae:a8:44:e4:4c:f0:17:e9:2f:46:5e:14:
         96:4b:4c:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3WKMQOC8v3fsOpLtA/ZWQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWUzZjk3NGI1Zjk3NDY1NmNjZjRkNDU1OTZjYWFkMWI5
MDk2ZDQwHhcNMjYwNDI4MjIxNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI3YTFkMmM3MzUwMGYwZTkzOWZjYzdkMGMzZWQ0NzlkNTA2NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2G7WDUwjR+G4J6K7BeIqShkRrMTD
ejJRI9w/HYa77vZWtYs3PuEToa0V+72CZb5VEEWN1UL25dDuXnEG0BIRmW/YyV0j
mMlX3MBkhBlx4BA+2B5yejH2fb8Pemc1lEi6zbU29bpnf0hN/PMTIaD65CdStzuD
T3CNsp6IO6EXDtvHr1nmywVfOn8dTqHTM8BLy5/RixyCfzXX2cONu5wYx3+n8NqL
iBsgiU8hudnQKKkoJYn1XzjpSktYX0Tx/TpI6i/CsaI0LPl4G3G+CRJyv426PUef
9wfWty5GC2PqrbxykkNiUAdARkjM0k4QknyJi49/91ygKywgq1fqfU77wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4nodLHNQDw6Tn8x9DD7UedUGdeMB8GA1UdIwQY
MBaAFKFeP5dLX5dGVsz01FWWyq0bkJbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWIt
ZDI0YjY4OTY2ZTBlLzEvbmllaDBzYzFBUERwT2Z6SDBNUHRSNTFRWjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWItZDI0YjY4OTY2ZTBl
LzEvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudyXMA0G
CSqGSIb3DQEBCwUAA4IBAQBPEqajcQT6192uLRqdJsvwcbGW7mFWz7VCDCgmHgRP
i/d25HWLKoaTnBbdYIoD7cQa3QptsMkDVI4mO5LBhIZAqDc7NX0dl0t4w/gP6IQ8
B+DRx8lnBl1Cittk7kal8fvuaXqOK38fVm0LWZp55a6w6gtEgUZEEZoH7fRdB0xX
x6+NdfIhXTUrSpPINAIPf4oBaAiJwbfVwAawlXiPVG2uNyOnoK7jTMQKVe03tzoQ
VMEjfCtM1MYQ89WYB0+q0/d9qJQoSDzyV1EDqdoUsxaGb4e9Ceb4i5uuf52WoAtS
9ci2QMWS3FlbLn+YooO4Ea6uqETkTPAX6S9GXhSWS0wo
-----END CERTIFICATE-----