Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wRsmJd7CIJgwynHO3eDWK5E65EA.roa
File:                     wRsmJd7CIJgwynHO3eDWK5E65EA.roa (raw, json)
Hash identifier:          Is86hG9/O11lh+0TSiK7Jnli8yF4j5q5FW3grn/LkD0=
Subject key identifier:   C1:1B:26:25:DE:C2:20:98:30:CA:71:CE:DD:E0:D6:2B:91:3A:E4:40
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019DFE0D60A126E7F0FD1A894C6E770468A0
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wRsmJd7CIJgwynHO3eDWK5E65EA.roa
Signing time:             Wed 06 May 2026 16:09:42 +0000
ROA not before:           Wed 06 May 2026 16:09:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        85.232.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:0d:60:a1:26:e7:f0:fd:1a:89:4c:6e:77:04:68:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: May  6 16:09:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c11b2625dec2209830ca71cedde0d62b913ae440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ef:0b:b9:b4:7b:f6:a8:c9:b0:b4:fc:38:db:
                    37:34:d4:75:38:ab:ce:cb:a3:8f:db:90:2c:f9:50:
                    d9:06:e2:1b:fa:80:09:9e:ae:99:c9:e2:72:a1:76:
                    b6:21:aa:fc:71:a0:2d:a5:75:77:b5:3c:4d:cc:02:
                    9e:b8:12:c1:26:97:31:0c:d8:1e:e2:37:57:9b:7a:
                    e3:c8:19:4b:ad:29:f0:7b:c9:9b:09:d5:9b:7a:12:
                    53:70:11:32:07:b0:9c:c6:b2:3d:7b:6f:a1:1c:59:
                    56:00:0a:c7:ae:92:3d:01:a9:2d:ce:9e:72:6d:dd:
                    26:f3:af:d7:d8:19:ec:30:c9:08:c8:4a:f3:c7:01:
                    0c:da:6f:d1:80:42:84:4f:40:ac:9b:d3:65:c6:ec:
                    64:81:ed:8f:d5:72:9b:d7:51:bd:9b:c7:51:cc:72:
                    8c:28:07:47:1b:6b:7b:b8:b7:22:c9:3c:a2:2f:fd:
                    08:da:f9:e4:9d:1f:54:0a:f1:7f:55:14:c2:33:5f:
                    28:1a:da:53:c6:d3:3c:0d:d6:40:60:32:b4:db:2c:
                    c9:8a:cc:80:c4:4d:8d:33:7c:c0:91:43:5d:ff:e2:
                    72:91:2e:e7:d2:74:b5:33:f6:db:f8:33:97:2f:b5:
                    65:ce:0b:1e:23:04:f5:0f:67:a9:ae:be:53:d4:28:
                    67:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1B:26:25:DE:C2:20:98:30:CA:71:CE:DD:E0:D6:2B:91:3A:E4:40
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wRsmJd7CIJgwynHO3eDWK5E65EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:32:be:12:4e:11:6e:0c:08:54:4b:a0:8a:8e:2c:d8:96:83:
         c0:81:5a:6e:40:f6:74:94:42:31:92:ea:50:42:8b:0b:8a:1c:
         d9:29:66:a9:9b:23:25:18:6a:d8:f5:f5:a0:46:a5:59:1c:1e:
         b6:85:e7:d9:4a:81:65:03:8d:07:8b:57:10:4d:9b:19:6b:7d:
         f3:7a:77:b4:f5:6b:05:c5:26:f5:cd:46:0f:e5:b7:8b:f2:03:
         b2:08:8a:5a:68:b2:4d:f2:f3:e8:95:b4:ac:cb:72:5f:f7:25:
         fc:f5:f2:38:42:56:48:b6:5a:67:a2:7f:fa:17:59:01:6a:2e:
         94:46:a7:fd:1b:00:29:47:5a:f5:7d:de:f8:e2:04:df:38:1b:
         b8:7d:66:88:c0:db:0a:37:77:3f:08:aa:ad:ee:40:45:bd:4e:
         7c:6f:f2:3f:e0:51:70:61:02:65:1c:7f:0b:f3:93:ef:cb:4a:
         54:c8:d6:74:79:15:01:f4:0e:98:0e:88:c9:f1:cb:b3:5a:04:
         0c:e4:f6:a8:4a:37:35:35:cc:65:57:ac:12:c2:b1:b6:17:bb:
         dc:ea:74:e9:05:6d:e3:3c:b5:d8:e0:82:1e:78:68:b8:77:1e:
         21:93:12:5a:a6:2d:1d:71:c7:36:fc:42:da:13:69:9a:cc:d1:
         95:9c:82:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+DWChJufw/RqJTG53BGigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNTA2MTYwOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTFiMjYyNWRlYzIyMDk4MzBjYTcxY2VkZGUwZDYyYjkxM2FlNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte8LubR79qjJsLT8ONs3NNR1OKvO
y6OP25As+VDZBuIb+oAJnq6ZyeJyoXa2Iar8caAtpXV3tTxNzAKeuBLBJpcxDNge
4jdXm3rjyBlLrSnwe8mbCdWbehJTcBEyB7CcxrI9e2+hHFlWAArHrpI9Aaktzp5y
bd0m86/X2BnsMMkIyErzxwEM2m/RgEKET0Csm9Nlxuxkge2P1XKb11G9m8dRzHKM
KAdHG2t7uLciyTyiL/0I2vnknR9UCvF/VRTCM18oGtpTxtM8DdZAYDK02yzJisyA
xE2NM3zAkUNd/+JykS7n0nS1M/bb+DOXL7VlzgseIwT1D2eprr5T1ChnQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEbJiXewiCYMMpxzt3g1iuROuRAMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvd1JzbUpkN0NJSmd3eW5ITzNlRFdLNUU2NUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei1MA0G
CSqGSIb3DQEBCwUAA4IBAQB7Mr4SThFuDAhUS6CKjizYloPAgVpuQPZ0lEIxkupQ
QosLihzZKWapmyMlGGrY9fWgRqVZHB62hefZSoFlA40Hi1cQTZsZa33zene09WsF
xSb1zUYP5beL8gOyCIpaaLJN8vPolbSsy3Jf9yX89fI4QlZItlpnon/6F1kBai6U
Rqf9GwApR1r1fd744gTfOBu4fWaIwNsKN3c/CKqt7kBFvU58b/I/4FFwYQJlHH8L
85Pvy0pUyNZ0eRUB9A6YDojJ8cuzWgQM5PaoSjc1NcxlV6wSwrG2F7vc6nTpBW3j
PLXY4IIeeGi4dx4hkxJapi0dccc2/ELaE2mazNGVnILl
-----END CERTIFICATE-----