Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xrhspKtgWz-HzVKp6IMu09T5-c4.roa
File:                     xrhspKtgWz-HzVKp6IMu09T5-c4.roa (raw, json)
Hash identifier:          0GOwfG3WIE+OzJuCOmHnZzbXs6C9DoG0W/dapZ0W3y4=
Subject key identifier:   C6:B8:6C:A4:AB:60:5B:3F:87:CD:52:A9:E8:83:2E:D3:D4:F9:F9:CE
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D24CB09667D62AF32892819A63ADA42D4
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xrhspKtgWz-HzVKp6IMu09T5-c4.roa
Signing time:             Wed 25 Mar 2026 11:39:39 +0000
ROA not before:           Wed 25 Mar 2026 11:39:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        194.231.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:cb:09:66:7d:62:af:32:89:28:19:a6:3a:da:42:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 25 11:39:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6b86ca4ab605b3f87cd52a9e8832ed3d4f9f9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:51:cb:fa:dc:89:9b:20:4c:64:46:dc:62:46:
                    62:ef:0c:a8:80:3b:43:de:3e:07:5d:05:1a:b0:d1:
                    39:87:f6:12:fb:6a:d6:90:7c:28:44:14:6f:ab:26:
                    ac:f1:cc:b4:a7:e3:33:f2:f5:75:7a:c5:89:46:b9:
                    66:e3:8b:37:0f:a8:f4:fe:2d:b9:47:dc:4f:f2:ce:
                    eb:9d:c1:cd:8f:3b:51:da:9a:f7:97:4a:e7:b5:01:
                    fa:26:6d:a3:0a:37:fd:27:12:83:79:9a:30:f8:06:
                    7a:7c:bf:a2:ea:3f:18:dc:6b:46:bc:19:e8:7c:cb:
                    eb:62:7e:9e:d0:3b:06:b8:70:de:8e:27:35:35:c2:
                    b1:36:f2:76:ef:21:be:d2:3a:72:10:ed:21:5f:45:
                    39:76:0e:1d:bb:df:62:05:a0:6e:61:a5:14:0b:d5:
                    fc:d1:0f:cc:c0:cb:de:67:89:da:21:93:96:16:ae:
                    5b:eb:89:dc:c4:86:d2:57:12:20:ac:37:9d:52:f2:
                    cd:63:91:94:ef:c1:ad:de:75:6b:8c:50:9f:71:97:
                    bb:09:2a:6f:07:66:2c:fe:a1:0e:66:1f:c9:83:86:
                    c9:16:07:aa:fb:41:58:8f:6a:1e:b6:72:e9:fc:02:
                    af:8f:36:96:f4:ec:bb:56:6a:1d:63:46:6e:29:6f:
                    68:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B8:6C:A4:AB:60:5B:3F:87:CD:52:A9:E8:83:2E:D3:D4:F9:F9:CE
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xrhspKtgWz-HzVKp6IMu09T5-c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:63:08:3a:8f:2a:c7:c4:c6:89:97:bb:98:4b:d3:3e:14:a2:
         7f:cd:69:3e:33:84:08:81:6d:8d:2d:71:5e:86:38:3d:46:1a:
         2a:c0:1f:dd:85:75:11:af:4e:85:d9:91:27:75:30:1a:b3:80:
         fc:68:f9:19:d3:63:0c:8e:83:9b:da:b8:97:cc:c6:13:88:3b:
         68:5b:91:4c:77:45:a1:6f:63:21:45:74:54:e3:12:8e:17:27:
         2b:0c:ef:cb:8f:41:d9:02:c4:6a:ee:64:65:18:4d:6b:95:49:
         0c:d2:da:82:19:bc:d0:3a:8d:58:bc:c6:41:ea:2f:7e:35:76:
         7d:28:50:4d:49:8e:90:1f:c3:7f:95:c3:44:e0:91:a6:22:7e:
         31:90:da:f2:d9:53:4d:19:76:30:0d:33:23:68:eb:9c:30:12:
         f9:b6:27:a0:fd:1b:6c:97:49:11:42:3c:5b:6e:e2:9b:38:bc:
         b9:13:3e:9c:af:85:6f:6e:17:dd:7c:8c:bf:7b:89:93:49:e5:
         69:18:5d:39:ca:ee:26:d3:ce:38:6c:6f:9b:5c:f5:bf:95:1f:
         e6:db:87:74:24:92:3a:ed:a2:a7:38:56:d6:3d:96:f4:64:6e:
         2d:8d:8f:01:7a:0a:ec:9a:0f:7f:d8:7d:4b:e7:50:24:4d:ff:
         d2:1d:98:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kywlmfWKvMokoGaY62kLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzI1MTEzOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI4NmNhNGFiNjA1YjNmODdjZDUyYTllODgzMmVkM2Q0ZjlmOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFHL+tyJmyBMZEbcYkZi7wyogDtD
3j4HXQUasNE5h/YS+2rWkHwoRBRvqyas8cy0p+Mz8vV1esWJRrlm44s3D6j0/i25
R9xP8s7rncHNjztR2pr3l0rntQH6Jm2jCjf9JxKDeZow+AZ6fL+i6j8Y3GtGvBno
fMvrYn6e0DsGuHDejic1NcKxNvJ27yG+0jpyEO0hX0U5dg4du99iBaBuYaUUC9X8
0Q/MwMveZ4naIZOWFq5b64ncxIbSVxIgrDedUvLNY5GU78Gt3nVrjFCfcZe7CSpv
B2Ys/qEOZh/Jg4bJFgeq+0FYj2oetnLp/AKvjzaW9Oy7VmodY0ZuKW9oMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa4bKSrYFs/h81SqeiDLtPU+fnOMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveHJoc3BLdGdXei1IelZLcDZJTXUwOVQ1LWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueJMA0G
CSqGSIb3DQEBCwUAA4IBAQAHYwg6jyrHxMaJl7uYS9M+FKJ/zWk+M4QIgW2NLXFe
hjg9RhoqwB/dhXURr06F2ZEndTAas4D8aPkZ02MMjoOb2riXzMYTiDtoW5FMd0Wh
b2MhRXRU4xKOFycrDO/Lj0HZAsRq7mRlGE1rlUkM0tqCGbzQOo1YvMZB6i9+NXZ9
KFBNSY6QH8N/lcNE4JGmIn4xkNry2VNNGXYwDTMjaOucMBL5tieg/Rtsl0kRQjxb
buKbOLy5Ez6cr4VvbhfdfIy/e4mTSeVpGF05yu4m0844bG+bXPW/lR/m24d0JJI6
7aKnOFbWPZb0ZG4tjY8Begrsmg9/2H1L51AkTf/SHZg0
-----END CERTIFICATE-----