Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/k-sgoPln1cp3T1zJqrvhOdrGKoA.roa
File:                     k-sgoPln1cp3T1zJqrvhOdrGKoA.roa (raw, json)
Hash identifier:          SszWmAr0Z6FAYJPxwEksshrBGWaRl09WGMF21cgmoSs=
Subject key identifier:   93:EB:20:A0:F9:67:D5:CA:77:4F:5C:C9:AA:BB:E1:39:DA:C6:2A:80
Certificate issuer:       /CN=8488872a5ae2ff8a3b7b72b629a1d85ffe65e3b2
Certificate serial:       019CDD1648337E3BE34CB092B0586EFE68BE
Authority key identifier: 84:88:87:2A:5A:E2:FF:8A:3B:7B:72:B6:29:A1:D8:5F:FE:65:E3:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hIiHKlri_4o7e3K2KaHYX_5l47I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/k-sgoPln1cp3T1zJqrvhOdrGKoA.roa
Signing time:             Wed 11 Mar 2026 13:29:10 +0000
ROA not before:           Wed 11 Mar 2026 13:29:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31278
IP address blocks:        193.26.129.0/24 maxlen: 24
                          193.227.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/hIiHKlri_4o7e3K2KaHYX_5l47I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/hIiHKlri_4o7e3K2KaHYX_5l47I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hIiHKlri_4o7e3K2KaHYX_5l47I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:16:48:33:7e:3b:e3:4c:b0:92:b0:58:6e:fe:68:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8488872a5ae2ff8a3b7b72b629a1d85ffe65e3b2
        Validity
            Not Before: Mar 11 13:29:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93eb20a0f967d5ca774f5cc9aabbe139dac62a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b9:74:72:69:44:20:67:ff:71:8a:80:df:6f:
                    94:a1:c6:54:6b:9d:ef:64:4c:14:f4:36:dd:2d:0f:
                    29:56:11:6c:c5:ae:52:3c:19:44:0d:68:73:0a:50:
                    cb:84:04:e9:5f:f5:65:24:40:2b:44:7d:6e:8b:bf:
                    47:4c:02:c3:dc:26:6a:8e:71:d5:83:2b:5b:7a:e1:
                    c7:84:42:31:fa:08:07:36:41:35:23:f5:5e:a9:21:
                    75:e9:eb:27:6f:b9:5f:95:40:9d:28:ee:a9:f7:b0:
                    c9:ae:d0:e3:d9:92:64:68:76:ed:6c:65:e3:dc:e5:
                    a7:3a:54:bd:ea:c6:61:ca:53:fa:5b:f0:fb:20:6c:
                    d2:02:05:cd:73:8c:d0:43:9c:00:12:87:3c:3c:28:
                    c2:77:4d:ea:f6:e2:63:d8:03:89:4c:2c:f7:b7:f8:
                    b8:5b:6b:4d:55:0a:66:77:ca:92:57:11:71:13:ac:
                    ae:2e:6d:dc:95:c5:e7:d4:b1:67:2a:4b:00:7b:58:
                    b1:e9:84:62:91:9f:34:7f:69:66:d7:5a:2e:3d:d2:
                    26:df:52:e5:3c:ee:76:a7:0b:2d:0d:b5:54:04:b2:
                    d6:37:e3:7e:45:f6:38:38:9a:85:84:f0:fe:03:35:
                    77:8e:53:0b:78:bb:14:ca:fb:20:e1:b5:15:c0:1e:
                    18:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:EB:20:A0:F9:67:D5:CA:77:4F:5C:C9:AA:BB:E1:39:DA:C6:2A:80
            X509v3 Authority Key Identifier:
                keyid:84:88:87:2A:5A:E2:FF:8A:3B:7B:72:B6:29:A1:D8:5F:FE:65:E3:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hIiHKlri_4o7e3K2KaHYX_5l47I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/k-sgoPln1cp3T1zJqrvhOdrGKoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/11b83b-79ea-47ce-befc-88d1ce63dbeb/1/hIiHKlri_4o7e3K2KaHYX_5l47I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.129.0/24
                  193.227.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:5f:62:7b:f9:6a:5a:8c:47:79:2d:2c:79:ce:37:e9:04:6c:
         4c:59:c8:26:6c:d7:a5:59:cb:70:c8:67:3b:4d:57:f5:df:85:
         bb:4b:0b:67:1e:f2:e5:72:44:2a:8c:dc:ae:27:a5:51:82:41:
         a3:95:15:5e:6e:fa:6d:2b:52:24:4e:3b:15:44:68:5d:b0:a2:
         c1:42:01:35:99:0a:bb:7c:a6:fe:bd:c4:4e:03:ce:ef:50:96:
         0b:a0:05:3c:32:a1:ed:c4:31:e1:d3:2e:b1:22:25:57:cd:aa:
         4d:93:d2:b8:3e:58:22:57:9e:67:96:eb:3c:e5:15:f5:29:00:
         1c:bd:ed:7f:a4:bd:09:a7:7e:1c:47:50:90:79:11:9c:e7:be:
         d2:0d:12:9e:bc:32:d9:d1:61:bc:62:f6:5b:6a:ec:3d:4d:1e:
         0a:35:22:c3:19:52:db:d7:74:6f:ea:e1:78:35:ca:98:0e:10:
         df:e6:48:bc:e5:9f:7f:fa:cd:ef:ed:26:36:c9:90:c1:f2:2a:
         31:2e:13:5b:7a:27:59:29:27:cc:43:a0:08:d6:e1:61:5b:27:
         b9:40:cc:72:28:f9:5f:bd:d6:b6:32:c3:fd:75:75:02:89:09:
         83:55:41:7b:29:31:4d:f0:94:8c:40:1e:29:71:49:d0:f4:8d:
         2d:95:c8:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzdFkgzfjvjTLCSsFhu/mi+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ODg4NzJhNWFlMmZmOGEzYjdiNzJiNjI5YTFkODVmZmU2
NWUzYjIwHhcNMjYwMzExMTMyOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ViMjBhMGY5NjdkNWNhNzc0ZjVjYzlhYWJiZTEzOWRhYzYyYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7l0cmlEIGf/cYqA32+UocZUa53v
ZEwU9DbdLQ8pVhFsxa5SPBlEDWhzClDLhATpX/VlJEArRH1ui79HTALD3CZqjnHV
gytbeuHHhEIx+ggHNkE1I/VeqSF16esnb7lflUCdKO6p97DJrtDj2ZJkaHbtbGXj
3OWnOlS96sZhylP6W/D7IGzSAgXNc4zQQ5wAEoc8PCjCd03q9uJj2AOJTCz3t/i4
W2tNVQpmd8qSVxFxE6yuLm3clcXn1LFnKksAe1ix6YRikZ80f2lm11ouPdIm31Ll
PO52pwstDbVUBLLWN+N+RfY4OJqFhPD+AzV3jlMLeLsUyvsg4bUVwB4YbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJPrIKD5Z9XKd09cyaq74TnaxiqAMB8GA1UdIwQY
MBaAFISIhypa4v+KO3tytimh2F/+ZeOyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaElpSEtscmlfNG83ZTNLMkthSFlYXzVsNDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xMWI4M2ItNzllYS00N2NlLWJlZmMt
ODhkMWNlNjNkYmViLzEvay1zZ29QbG4xY3AzVDF6SnFydmhPZHJHS29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xMWI4M2ItNzllYS00N2NlLWJlZmMtODhkMWNlNjNkYmVi
LzEvaElpSEtscmlfNG83ZTNLMkthSFlYXzVsNDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRqBAwQA
weNuMA0GCSqGSIb3DQEBCwUAA4IBAQBWX2J7+WpajEd5LSx5zjfpBGxMWcgmbNel
WctwyGc7TVf134W7SwtnHvLlckQqjNyuJ6VRgkGjlRVebvptK1IkTjsVRGhdsKLB
QgE1mQq7fKb+vcROA87vUJYLoAU8MqHtxDHh0y6xIiVXzapNk9K4PlgiV55nlus8
5RX1KQAcve1/pL0Jp34cR1CQeRGc577SDRKevDLZ0WG8YvZbauw9TR4KNSLDGVLb
13Rv6uF4NcqYDhDf5ki85Z9/+s3v7SY2yZDB8ioxLhNbeidZKSfMQ6AI1uFhWye5
QMxyKPlfvda2MsP9dXUCiQmDVUF7KTFN8JSMQB4pcUnQ9I0tlcgD
-----END CERTIFICATE-----