Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/es1iBWrDxSoVjTixXfd8Wl2RtbI.roa
File:                     es1iBWrDxSoVjTixXfd8Wl2RtbI.roa (raw, json)
Hash identifier:          ImGNbUsRLu1f8Kf6PK+TPQHQbr8h8vASXyDQn3OqsUE=
Subject key identifier:   7A:CD:62:05:6A:C3:C5:2A:15:8D:38:B1:5D:F7:7C:5A:5D:91:B5:B2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D04C718149EAB4DDF15618D28CDB2A2AE
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/es1iBWrDxSoVjTixXfd8Wl2RtbI.roa
Signing time:             Thu 19 Mar 2026 06:27:29 +0000
ROA not before:           Thu 19 Mar 2026 06:27:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        79.175.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:04:c7:18:14:9e:ab:4d:df:15:61:8d:28:cd:b2:a2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 19 06:27:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7acd62056ac3c52a158d38b15df77c5a5d91b5b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:07:52:13:24:1c:6d:99:e8:84:87:3e:ae:e0:
                    a8:2c:04:bc:91:40:b5:00:2e:27:3b:16:7b:67:04:
                    e6:50:b8:04:74:62:d3:49:28:ce:5c:0b:dc:a6:5e:
                    d7:e3:1f:b9:7c:7a:07:7d:c2:b7:ba:36:90:4f:79:
                    d7:98:dc:37:65:b9:03:2c:0a:b1:85:17:7c:49:e7:
                    d7:04:0d:c2:66:a0:6c:ad:a5:1a:2c:db:6a:7c:40:
                    cd:c7:0b:d1:0a:86:17:0b:23:b8:e6:b9:5f:de:4b:
                    4b:ff:52:9a:a9:7d:41:5a:d0:80:f5:31:47:85:9f:
                    8f:b4:6b:cc:9a:d1:db:82:bf:5b:3f:be:09:c5:92:
                    a0:dc:3b:8a:a4:6c:70:15:75:31:08:fa:a8:e4:c3:
                    a8:10:4a:7e:2c:06:36:d4:4f:fa:6d:c9:0c:9b:b5:
                    67:14:dc:d0:13:55:b1:34:bb:55:e7:c4:ee:92:c0:
                    1d:4d:b1:d5:6b:bc:d3:68:a3:7c:cf:65:5e:53:cd:
                    13:6e:78:fb:5f:70:1e:4d:72:85:b5:3f:b9:90:22:
                    94:d6:3a:f5:2b:5f:3a:d1:4f:a5:58:5b:07:8d:7c:
                    c9:42:68:9f:84:0e:ee:5a:d3:0c:06:51:a7:2d:36:
                    74:57:94:5c:f6:99:7f:3b:1b:17:af:5a:30:15:61:
                    2b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CD:62:05:6A:C3:C5:2A:15:8D:38:B1:5D:F7:7C:5A:5D:91:B5:B2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/es1iBWrDxSoVjTixXfd8Wl2RtbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:43:d9:90:8a:c6:0c:8d:e0:f1:81:d9:7a:c7:55:cc:26:af:
         10:c4:9e:49:19:b5:77:ff:ee:58:57:88:e8:8d:cb:48:25:28:
         4c:53:76:09:cf:41:0e:d6:a4:18:4e:35:af:ad:0d:43:b3:e6:
         86:d5:d6:e5:4b:bd:63:6f:30:aa:ce:b2:fb:bd:5c:cc:10:d9:
         c5:a8:87:2d:4f:28:7c:21:f8:f9:a6:8e:49:c5:0b:5f:55:21:
         db:03:b2:13:d7:0b:2d:79:81:fd:04:af:0e:25:eb:91:0e:4d:
         17:22:76:e1:6f:02:4f:8c:03:c9:28:93:da:1e:f3:92:bc:93:
         95:53:d8:2a:80:b7:9c:96:b7:49:b0:24:a3:3b:d5:59:f4:b9:
         74:ad:0b:be:e2:01:31:3e:bb:4d:18:e9:50:64:70:2f:dd:b3:
         7a:2b:fe:48:67:8e:03:24:f9:1a:d7:b3:66:7e:93:d3:95:b6:
         2a:de:f9:8c:e0:74:7e:00:32:b6:19:17:49:6a:2c:03:bb:8a:
         01:8e:a7:40:04:7f:64:0a:cc:b2:df:db:66:29:8c:f3:7e:d9:
         9d:72:eb:c1:72:e3:18:0f:e6:43:35:6b:06:41:2b:32:cc:40:
         58:82:67:20:b9:0a:89:77:16:7f:f0:6a:0a:0d:fb:ec:00:32:
         9f:cb:c3:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ExxgUnqtN3xVhjSjNsqKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzE5MDYyNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNkNjIwNTZhYzNjNTJhMTU4ZDM4YjE1ZGY3N2M1YTVkOTFiNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAdSEyQcbZnohIc+ruCoLAS8kUC1
AC4nOxZ7ZwTmULgEdGLTSSjOXAvcpl7X4x+5fHoHfcK3ujaQT3nXmNw3ZbkDLAqx
hRd8SefXBA3CZqBsraUaLNtqfEDNxwvRCoYXCyO45rlf3ktL/1KaqX1BWtCA9TFH
hZ+PtGvMmtHbgr9bP74JxZKg3DuKpGxwFXUxCPqo5MOoEEp+LAY21E/6bckMm7Vn
FNzQE1WxNLtV58TuksAdTbHVa7zTaKN8z2VeU80Tbnj7X3AeTXKFtT+5kCKU1jr1
K1860U+lWFsHjXzJQmifhA7uWtMMBlGnLTZ0V5Rc9pl/OxsXr1owFWErZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrNYgVqw8UqFY04sV33fFpdkbWyMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvZXMxaUJXckR4U29WalRpeFhmZDhXbDJSdGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT69pMA0G
CSqGSIb3DQEBCwUAA4IBAQBhQ9mQisYMjeDxgdl6x1XMJq8QxJ5JGbV3/+5YV4jo
jctIJShMU3YJz0EO1qQYTjWvrQ1Ds+aG1dblS71jbzCqzrL7vVzMENnFqIctTyh8
Ifj5po5JxQtfVSHbA7IT1wsteYH9BK8OJeuRDk0XInbhbwJPjAPJKJPaHvOSvJOV
U9gqgLeclrdJsCSjO9VZ9Ll0rQu+4gExPrtNGOlQZHAv3bN6K/5IZ44DJPka17Nm
fpPTlbYq3vmM4HR+ADK2GRdJaiwDu4oBjqdABH9kCsyy39tmKYzzftmdcuvBcuMY
D+ZDNWsGQSsyzEBYgmcguQqJdxZ/8GoKDfvsADKfy8MB
-----END CERTIFICATE-----