Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/kNHeejH9UWVsvWWApLpc25wsTxE.roa
File:                     kNHeejH9UWVsvWWApLpc25wsTxE.roa (raw, json)
Hash identifier:          fxr+p6jIf+XT5GupHuF/9yqj6BcoS+KmnsW6mYE/AOY=
Subject key identifier:   90:D1:DE:7A:31:FD:51:65:6C:BD:65:80:A4:BA:5C:DB:9C:2C:4F:11
Certificate issuer:       /CN=17b8beb555dafa82c3d6aa336909ae5ade35a83d
Certificate serial:       019CDBEAE86142AD517AF78B8E44037ABE6D
Authority key identifier: 17:B8:BE:B5:55:DA:FA:82:C3:D6:AA:33:69:09:AE:5A:DE:35:A8:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/kNHeejH9UWVsvWWApLpc25wsTxE.roa
Signing time:             Wed 11 Mar 2026 08:02:11 +0000
ROA not before:           Wed 11 Mar 2026 08:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205604
IP address blocks:        185.212.64.0/24 maxlen: 24
                          185.212.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:db:ea:e8:61:42:ad:51:7a:f7:8b:8e:44:03:7a:be:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b8beb555dafa82c3d6aa336909ae5ade35a83d
        Validity
            Not Before: Mar 11 08:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90d1de7a31fd51656cbd6580a4ba5cdb9c2c4f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:85:5e:f1:8f:f5:87:48:6a:f1:ca:01:a4:fb:
                    bf:94:d4:57:a7:71:5b:46:85:8a:96:42:12:2a:2d:
                    79:af:6b:9e:18:6a:0b:d1:a7:81:7a:f4:06:85:ee:
                    03:87:72:20:b8:c9:83:33:c1:6c:c7:92:d7:9b:88:
                    fc:06:99:9e:54:55:63:99:6e:d3:ed:b6:d4:10:bd:
                    3c:a4:15:9b:bd:56:e0:26:87:01:1f:e8:19:82:66:
                    38:41:5d:c4:2f:c8:37:e6:04:73:6c:6e:8d:06:d9:
                    df:50:8b:01:4a:68:a1:96:6a:58:34:f9:8a:c5:4b:
                    8f:28:2c:b7:3e:5a:95:62:dd:1b:b4:e1:df:5e:92:
                    2a:e9:1a:bf:e0:99:8b:55:31:a7:f6:4b:6f:92:7e:
                    b2:d0:2e:76:09:57:ea:ca:82:9f:5c:b1:80:9e:1c:
                    6d:94:76:65:bb:a6:30:88:56:12:4c:d7:05:31:13:
                    e0:c1:c9:85:2b:33:9b:4c:44:e7:22:ce:b3:0e:1f:
                    58:e7:7e:46:cf:f2:43:2c:d5:76:4f:86:91:53:6a:
                    90:8a:c9:58:51:1d:c5:4a:a3:8c:b8:6b:ae:7f:32:
                    3b:af:12:bb:ca:08:35:e9:06:86:db:5f:ce:b5:e9:
                    25:bf:06:23:0c:6a:ae:55:be:a2:0e:23:97:18:81:
                    19:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D1:DE:7A:31:FD:51:65:6C:BD:65:80:A4:BA:5C:DB:9C:2C:4F:11
            X509v3 Authority Key Identifier:
                keyid:17:B8:BE:B5:55:DA:FA:82:C3:D6:AA:33:69:09:AE:5A:DE:35:A8:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/kNHeejH9UWVsvWWApLpc25wsTxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:ef:5d:43:83:5f:8d:60:57:13:c2:97:89:e7:67:6c:95:7e:
         77:cf:70:22:2e:ad:98:9d:76:b9:b6:e7:62:0b:5b:19:87:7c:
         de:77:b4:4c:e7:4d:6f:2e:61:a9:13:fa:8f:fe:a5:fe:9e:12:
         9f:b9:5d:41:72:d4:aa:92:de:cc:91:ea:10:70:1f:17:0b:6f:
         88:e6:84:96:02:ec:02:f0:e1:1b:f3:4f:e7:71:4b:7f:14:cb:
         b2:fa:65:9d:8e:bf:92:56:4f:a9:fe:1e:b4:76:cc:71:7b:cc:
         8a:d0:50:c2:c5:3f:29:40:b8:7e:a3:95:e7:8c:d9:d2:4a:8e:
         b8:ef:cd:cf:47:2e:00:19:31:84:f6:d4:4d:3f:a9:f1:56:a3:
         98:43:ac:6a:69:8b:9f:51:bf:8c:f9:6e:d5:ca:2f:a4:d8:25:
         c6:49:9c:8e:67:a5:48:9d:e0:6e:03:16:7c:f7:86:40:4c:e4:
         54:bf:25:73:43:12:73:93:55:7d:ed:ae:ee:fd:cc:b0:44:16:
         02:3c:5e:15:f6:c2:7a:13:2e:74:d0:ff:1a:b1:fe:6c:7b:2f:
         2f:d8:c4:f9:56:97:67:ba:0d:34:69:4c:0c:85:3c:70:c2:54:
         39:37:df:68:ff:4e:de:60:5d:de:c4:5a:4d:79:c6:d6:50:73:
         b3:49:db:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzb6uhhQq1ReveLjkQDer5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjhiZWI1NTVkYWZhODJjM2Q2YWEzMzY5MDlhZTVhZGUz
NWE4M2QwHhcNMjYwMzExMDgwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQxZGU3YTMxZmQ1MTY1NmNiZDY1ODBhNGJhNWNkYjljMmM0ZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoVe8Y/1h0hq8coBpPu/lNRXp3Fb
RoWKlkISKi15r2ueGGoL0aeBevQGhe4Dh3IguMmDM8Fsx5LXm4j8BpmeVFVjmW7T
7bbUEL08pBWbvVbgJocBH+gZgmY4QV3EL8g35gRzbG6NBtnfUIsBSmihlmpYNPmK
xUuPKCy3PlqVYt0btOHfXpIq6Rq/4JmLVTGn9ktvkn6y0C52CVfqyoKfXLGAnhxt
lHZlu6YwiFYSTNcFMRPgwcmFKzObTETnIs6zDh9Y535Gz/JDLNV2T4aRU2qQislY
UR3FSqOMuGuufzI7rxK7ygg16QaG21/OteklvwYjDGquVb6iDiOXGIEZzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDR3nox/VFlbL1lgKS6XNucLE8RMB8GA1UdIwQY
MBaAFBe4vrVV2vqCw9aqM2kJrlreNag9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdpLXRWWGEtb0xEMXFvemFRbXVXdDQxcUQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi81MTUxOWMtMWU5My00NGE5LWFjNzAt
N2UyNDI2NzRkZWZjLzEva05IZWVqSDlVV1ZzdldXQXBMcGMyNXdzVHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi81MTUxOWMtMWU5My00NGE5LWFjNzAtN2UyNDI2NzRkZWZj
LzEvRjdpLXRWWGEtb0xEMXFvemFRbXVXdDQxcUQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBr711Dg1+NYFcTwpeJ52dslX53z3AiLq2YnXa5tudi
C1sZh3zed7RM501vLmGpE/qP/qX+nhKfuV1BctSqkt7MkeoQcB8XC2+I5oSWAuwC
8OEb80/ncUt/FMuy+mWdjr+SVk+p/h60dsxxe8yK0FDCxT8pQLh+o5XnjNnSSo64
783PRy4AGTGE9tRNP6nxVqOYQ6xqaYufUb+M+W7Vyi+k2CXGSZyOZ6VIneBuAxZ8
94ZATORUvyVzQxJzk1V97a7u/cywRBYCPF4V9sJ6Ey500P8asf5sey8v2MT5Vpdn
ug00aUwMhTxwwlQ5N99o/07eYF3exFpNecbWUHOzSdtp
-----END CERTIFICATE-----