Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/uK5RbvmqEmpV3Hbsrt6dn6Q9IEs.roa
File:                     uK5RbvmqEmpV3Hbsrt6dn6Q9IEs.roa (raw, json)
Hash identifier:          VzPFB10Yr7Qb/TIPDL8kAqTC6cjaz2x8iEKjNkc8avQ=
Subject key identifier:   B8:AE:51:6E:F9:AA:12:6A:55:DC:76:EC:AE:DE:9D:9F:A4:3D:20:4B
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019C097E714E0EDFA50144020A1DB1212A1C
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/uK5RbvmqEmpV3Hbsrt6dn6Q9IEs.roa
Signing time:             Thu 29 Jan 2026 11:23:27 +0000
ROA not before:           Thu 29 Jan 2026 11:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213881
IP address blocks:        94.20.80.0/24 maxlen: 24
                          94.20.140.0/24 maxlen: 24
                          94.20.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:7e:71:4e:0e:df:a5:01:44:02:0a:1d:b1:21:2a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan 29 11:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8ae516ef9aa126a55dc76ecaede9d9fa43d204b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:63:64:c3:ed:a6:3d:27:c2:f5:ca:c4:7d:ef:
                    64:c3:68:62:eb:08:3a:a2:be:e7:37:a1:ac:b0:f1:
                    63:d9:70:03:9e:7c:53:04:c1:91:b2:09:3f:b4:c0:
                    8d:06:89:7e:1b:59:1f:91:f4:c0:c4:4d:fb:85:60:
                    fb:23:7d:f1:e1:02:04:17:72:52:0b:40:38:5a:a9:
                    b1:08:68:89:d1:f3:33:19:c8:a2:63:a0:e9:ba:cf:
                    6a:79:04:63:4a:65:11:c4:87:9c:11:a9:30:b5:42:
                    99:10:08:6b:73:65:f6:78:24:fa:1a:75:8a:94:62:
                    66:48:e6:34:43:66:a1:24:b9:af:e8:9f:de:9e:09:
                    cf:1a:57:1f:80:21:cc:5f:8a:7b:00:69:72:a9:53:
                    e3:2f:85:b1:4c:67:46:26:11:83:56:54:6d:36:2c:
                    f2:aa:10:20:45:53:0d:04:99:f2:8f:4b:e7:38:e2:
                    a4:c7:3f:4e:48:b0:78:61:30:c0:1c:79:6a:57:e1:
                    e0:d4:48:75:9a:04:55:11:32:fa:e1:86:c4:64:d4:
                    ef:e8:83:ce:b1:8d:d7:a4:ac:10:95:2d:96:84:64:
                    a6:52:82:7d:d9:87:c5:2a:f2:47:a0:c6:83:84:aa:
                    b5:88:90:e1:b2:49:da:51:75:f7:1f:1b:2a:0e:52:
                    7c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:AE:51:6E:F9:AA:12:6A:55:DC:76:EC:AE:DE:9D:9F:A4:3D:20:4B
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/uK5RbvmqEmpV3Hbsrt6dn6Q9IEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.20.80.0/24
                  94.20.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:5f:bc:6f:70:a7:5a:b3:59:3e:78:59:4d:c1:58:2e:18:bb:
         41:4c:4b:09:b6:4c:92:b8:96:6b:d3:03:7c:0a:5c:68:3c:16:
         dc:46:9a:01:ea:f7:8f:aa:b5:67:a7:33:37:7c:a9:4e:1a:a0:
         05:58:33:02:7c:84:1c:23:95:50:da:1c:1f:fd:c2:36:a6:5c:
         88:89:84:78:a4:af:14:2a:7e:71:64:bd:95:b3:44:c5:76:f1:
         35:9a:a0:0c:39:de:f4:51:d1:a4:b9:44:27:41:df:4f:0e:a3:
         39:62:7f:15:ca:a9:2d:80:2d:21:4d:a1:9a:a1:44:56:e3:f5:
         39:d1:e9:03:a6:fe:a6:7d:3c:84:1a:a3:c9:91:19:73:c6:19:
         34:52:dc:3e:df:50:6b:ce:a2:00:00:e5:ed:c9:8a:46:e6:18:
         c6:c1:56:1d:a3:10:16:6e:96:36:08:7d:96:79:8c:e1:80:1c:
         4e:02:2a:8b:32:36:67:c8:a3:97:48:99:f4:89:5a:a1:61:fd:
         55:90:26:1f:58:ae:a6:7b:ec:a0:4e:11:79:3d:6d:1f:31:af:
         ef:dd:c3:da:5e:29:52:59:1b:ba:4d:12:82:03:25:56:32:df:
         11:d2:84:cb:10:e4:54:18:2f:68:3a:7e:77:cf:7a:ff:25:4a:
         4a:19:80:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwJfnFODt+lAUQCCh2xISocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMTI5MTEyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGFlNTE2ZWY5YWExMjZhNTVkYzc2ZWNhZWRlOWQ5ZmE0M2QyMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWNkw+2mPSfC9crEfe9kw2hi6wg6
or7nN6GssPFj2XADnnxTBMGRsgk/tMCNBol+G1kfkfTAxE37hWD7I33x4QIEF3JS
C0A4WqmxCGiJ0fMzGciiY6Dpus9qeQRjSmURxIecEakwtUKZEAhrc2X2eCT6GnWK
lGJmSOY0Q2ahJLmv6J/engnPGlcfgCHMX4p7AGlyqVPjL4WxTGdGJhGDVlRtNizy
qhAgRVMNBJnyj0vnOOKkxz9OSLB4YTDAHHlqV+Hg1Eh1mgRVETL64YbEZNTv6IPO
sY3XpKwQlS2WhGSmUoJ92YfFKvJHoMaDhKq1iJDhsknaUXX3HxsqDlJ8iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLiuUW75qhJqVdx27K7enZ+kPSBLMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvdUs1UmJ2bXFFbXBWM0hic3J0NmRuNlE5SUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXhRQAwQB
XhSMMA0GCSqGSIb3DQEBCwUAA4IBAQCLX7xvcKdas1k+eFlNwVguGLtBTEsJtkyS
uJZr0wN8ClxoPBbcRpoB6vePqrVnpzM3fKlOGqAFWDMCfIQcI5VQ2hwf/cI2plyI
iYR4pK8UKn5xZL2Vs0TFdvE1mqAMOd70UdGkuUQnQd9PDqM5Yn8VyqktgC0hTaGa
oURW4/U50ekDpv6mfTyEGqPJkRlzxhk0Utw+31BrzqIAAOXtyYpG5hjGwVYdoxAW
bpY2CH2WeYzhgBxOAiqLMjZnyKOXSJn0iVqhYf1VkCYfWK6me+ygThF5PW0fMa/v
3cPaXilSWRu6TRKCAyVWMt8R0oTLEORUGC9oOn53z3r/JUpKGYBq
-----END CERTIFICATE-----