Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/y95HZtf6ljFTlQS7GT9uqXnjJnI.roa
File:                     y95HZtf6ljFTlQS7GT9uqXnjJnI.roa (raw, json)
Hash identifier:          72ysblRdwkofAQYbkGbuUgIvvVzilyYh8p5im2o/LE4=
Subject key identifier:   CB:DE:47:66:D7:FA:96:31:53:95:04:BB:19:3F:6E:A9:79:E3:26:72
Certificate issuer:       /CN=f965ac006d35ac2f5e2e62b53bb0af0fd27e3a31
Certificate serial:       019DB4171CA110918C90FC820E4345A1AC05
Authority key identifier: F9:65:AC:00:6D:35:AC:2F:5E:2E:62:B5:3B:B0:AF:0F:D2:7E:3A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WWsAG01rC9eLmK1O7CvD9J-OjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/y95HZtf6ljFTlQS7GT9uqXnjJnI.roa
Signing time:             Wed 22 Apr 2026 07:28:26 +0000
ROA not before:           Wed 22 Apr 2026 07:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34439
IP address blocks:        85.158.192.0/21 maxlen: 21
                          2a03:7700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/1-WWsAG01rC9eLmK1O7CvD9J-OjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/1-WWsAG01rC9eLmK1O7CvD9J-OjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WWsAG01rC9eLmK1O7CvD9J-OjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:17:1c:a1:10:91:8c:90:fc:82:0e:43:45:a1:ac:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f965ac006d35ac2f5e2e62b53bb0af0fd27e3a31
        Validity
            Not Before: Apr 22 07:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbde4766d7fa9631539504bb193f6ea979e32672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0d:72:61:b3:32:aa:69:97:8a:02:2a:8a:18:
                    42:23:4d:3c:7f:4c:a5:2a:17:b2:0c:f1:d8:47:2c:
                    91:65:53:29:a4:b2:f6:8d:cd:fc:fd:d7:26:97:9b:
                    39:96:f8:66:b7:3d:22:b0:f6:be:d6:af:ae:cd:80:
                    88:15:6b:9d:f6:e8:e8:74:b3:d4:dd:ec:e2:c0:25:
                    13:04:d3:fb:8f:95:57:45:3d:31:75:97:cf:6e:76:
                    39:c5:35:cc:39:03:36:24:48:af:c8:f6:c9:e8:73:
                    1c:2c:78:56:28:da:20:be:c5:32:2b:58:74:52:87:
                    c1:2f:bd:08:89:e7:65:0e:4c:e5:d0:b5:49:e6:34:
                    34:28:7d:d3:3d:27:39:b5:57:58:48:88:7c:e1:5a:
                    04:90:4d:02:5a:2d:a7:16:df:30:bc:1c:89:97:fe:
                    11:09:af:a9:eb:a0:4a:b0:e0:d2:5d:67:52:10:2e:
                    d7:fb:c7:3c:2d:0c:bc:a7:5e:98:48:f9:30:49:3d:
                    c8:6a:eb:cc:41:df:c5:3a:aa:a9:3e:5c:98:26:bd:
                    9a:8a:a3:9c:74:aa:68:21:62:47:d2:62:bc:55:98:
                    1a:eb:7d:22:98:28:45:cc:ad:46:2a:ff:b1:2a:cf:
                    84:78:d2:04:66:de:ca:68:1d:73:6f:85:ad:97:51:
                    c0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:DE:47:66:D7:FA:96:31:53:95:04:BB:19:3F:6E:A9:79:E3:26:72
            X509v3 Authority Key Identifier:
                keyid:F9:65:AC:00:6D:35:AC:2F:5E:2E:62:B5:3B:B0:AF:0F:D2:7E:3A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WWsAG01rC9eLmK1O7CvD9J-OjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/y95HZtf6ljFTlQS7GT9uqXnjJnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2c2115-40d8-4c33-8da4-17aecd777ae7/1/1-WWsAG01rC9eLmK1O7CvD9J-OjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.192.0/21
                IPv6:
                  2a03:7700::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:0e:07:e3:79:55:13:11:0e:6d:c8:d4:32:52:a8:f5:b7:f1:
         2e:2e:77:7f:3f:07:7b:ab:24:1d:08:55:09:89:b3:fe:82:da:
         39:8e:a8:68:46:51:33:85:01:1f:72:d5:43:56:dc:f0:86:e1:
         63:f1:ef:f3:2b:63:0d:b8:3c:d9:76:f4:d1:21:75:ba:45:52:
         60:d4:8f:5a:4a:c0:36:4b:f9:50:28:83:45:47:e6:de:b6:30:
         f3:4a:79:78:ed:52:3c:b2:5d:67:05:a1:06:ec:f6:34:c6:f9:
         ae:11:88:b4:bc:0d:f4:28:27:c3:69:6c:fe:86:45:70:11:3d:
         74:94:20:6c:9e:21:f7:46:bf:f1:d6:85:cd:52:be:b6:c6:2d:
         0b:37:73:0d:91:09:bf:39:3f:03:0a:3d:be:41:e9:8b:a3:44:
         07:b5:af:32:34:4e:00:89:13:36:a9:4f:8c:12:da:95:ad:c3:
         b7:15:e1:72:38:b1:88:eb:4e:a3:0d:81:11:4f:c6:bd:36:5f:
         fa:84:86:9d:79:b1:dd:81:33:8c:ef:9a:ae:80:95:3e:6e:25:
         f0:76:bb:bc:67:ee:73:30:11:75:4d:7e:3b:1c:5f:85:b4:63:
         62:3e:12:a2:7b:91:12:d9:48:6e:40:51:0b:70:d3:79:73:71:
         e7:31:e0:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ20FxyhEJGMkPyCDkNFoawFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NjVhYzAwNmQzNWFjMmY1ZTJlNjJiNTNiYjBhZjBmZDI3
ZTNhMzEwHhcNMjYwNDIyMDcyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmRlNDc2NmQ3ZmE5NjMxNTM5NTA0YmIxOTNmNmVhOTc5ZTMyNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA1yYbMyqmmXigIqihhCI008f0yl
KheyDPHYRyyRZVMppLL2jc38/dcml5s5lvhmtz0isPa+1q+uzYCIFWud9ujodLPU
3eziwCUTBNP7j5VXRT0xdZfPbnY5xTXMOQM2JEivyPbJ6HMcLHhWKNogvsUyK1h0
UofBL70IiedlDkzl0LVJ5jQ0KH3TPSc5tVdYSIh84VoEkE0CWi2nFt8wvByJl/4R
Ca+p66BKsODSXWdSEC7X+8c8LQy8p16YSPkwST3IauvMQd/FOqqpPlyYJr2aiqOc
dKpoIWJH0mK8VZga630imChFzK1GKv+xKs+EeNIEZt7KaB1zb4Wtl1HAZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMveR2bX+pYxU5UEuxk/bql54yZyMB8GA1UdIwQY
MBaAFPllrABtNawvXi5itTuwrw/SfjoxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XV3NBRzAxckM5ZUxtSzFPN0N2RDlKLU9qRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvMmMyMTE1LTQwZDgtNGMzMy04ZGE0
LTE3YWVjZDc3N2FlNy8xL3k5NUhadGY2bGpGVGxRUzdHVDl1cVhuakpuSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzcvMmMyMTE1LTQwZDgtNGMzMy04ZGE0LTE3YWVjZDc3N2Fl
Ny8xLzEtV1dzQUcwMXJDOWVMbUsxTzdDdkQ5Si1PakUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBANVnsAw
DQQCAAIwBwMFACoDdwAwDQYJKoZIhvcNAQELBQADggEBAJAOB+N5VRMRDm3I1DJS
qPW38S4ud38/B3urJB0IVQmJs/6C2jmOqGhGUTOFAR9y1UNW3PCG4WPx7/MrYw24
PNl29NEhdbpFUmDUj1pKwDZL+VAog0VH5t62MPNKeXjtUjyyXWcFoQbs9jTG+a4R
iLS8DfQoJ8NpbP6GRXARPXSUIGyeIfdGv/HWhc1SvrbGLQs3cw2RCb85PwMKPb5B
6YujRAe1rzI0TgCJEzapT4wS2pWtw7cV4XI4sYjrTqMNgRFPxr02X/qEhp15sd2B
M4zvmq6AlT5uJfB2u7xn7nMwEXVNfjscX4W0Y2I+EqJ7kRLZSG5AUQtw03lzcecx
4JU=
-----END CERTIFICATE-----