Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/1-vCuLQv8-0dOJxqABaWxM4UUc8I.roa
File:                     1-vCuLQv8-0dOJxqABaWxM4UUc8I.roa (raw, json)
Hash identifier:          E0Bqgi4xo21RkZJec+827sz7pg8AMyWIq6lhPjrYbo8=
Subject key identifier:   FA:F0:AE:2D:0B:FC:FB:47:4E:27:1A:80:05:A5:B1:33:85:14:73:C2
Certificate issuer:       /CN=9f2a686b1c25d44c7dbd4d4a31fe0c7afd02a12e
Certificate serial:       019D0C5E56B7E885137748A8AC9A6DACA7D6
Authority key identifier: 9F:2A:68:6B:1C:25:D4:4C:7D:BD:4D:4A:31:FE:0C:7A:FD:02:A1:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nypoaxwl1Ex9vU1KMf4Mev0CoS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/1-vCuLQv8-0dOJxqABaWxM4UUc8I.roa
Signing time:             Fri 20 Mar 2026 17:50:02 +0000
ROA not before:           Fri 20 Mar 2026 17:50:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60737
IP address blocks:        185.165.144.0/24 maxlen: 24
                          185.165.145.0/24 maxlen: 24
                          185.165.146.0/24 maxlen: 24
                          185.165.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/nypoaxwl1Ex9vU1KMf4Mev0CoS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/nypoaxwl1Ex9vU1KMf4Mev0CoS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nypoaxwl1Ex9vU1KMf4Mev0CoS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0c:5e:56:b7:e8:85:13:77:48:a8:ac:9a:6d:ac:a7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f2a686b1c25d44c7dbd4d4a31fe0c7afd02a12e
        Validity
            Not Before: Mar 20 17:50:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=faf0ae2d0bfcfb474e271a8005a5b133851473c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e0:25:17:bd:0f:7d:d5:43:16:bd:c3:1d:92:
                    63:0a:44:7e:45:cd:f5:a5:5c:ab:27:b7:7a:12:49:
                    1d:2a:cd:71:5d:25:03:91:46:c5:e2:f0:0a:fc:37:
                    b2:16:df:0f:a7:d3:21:33:dc:eb:19:f8:a3:75:b8:
                    c2:52:6d:fd:17:de:7c:e6:62:82:f0:10:3b:73:7e:
                    c4:3a:6c:3c:3e:7d:cd:03:39:a6:29:4d:92:14:07:
                    ca:1e:27:15:f6:6f:01:9a:5c:f6:7a:d8:a1:50:73:
                    77:9d:dc:fc:bc:d3:31:5e:18:95:2a:6a:73:c3:18:
                    ad:33:23:0e:77:92:50:6d:e0:38:68:15:b4:0e:d2:
                    c9:1e:9b:14:8b:88:f9:6a:fd:3f:ca:0a:c3:bf:2e:
                    8f:29:8e:8f:15:b6:be:e3:0d:c7:ae:3c:e9:8e:de:
                    b1:7f:29:1a:b9:df:4a:80:d2:c3:e8:0b:6e:aa:9f:
                    0a:04:72:c0:2f:77:61:64:b9:b9:0e:da:93:bd:c4:
                    9d:7c:f8:89:74:ec:bc:59:a1:f0:c4:14:9e:c2:66:
                    ed:7e:39:eb:81:20:4a:af:be:31:63:1a:10:c0:ed:
                    a5:84:43:af:2c:b8:69:fc:0f:7d:e2:ff:26:9c:97:
                    42:74:9f:63:ff:f9:30:b8:51:33:d2:2d:6c:c0:8c:
                    ad:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F0:AE:2D:0B:FC:FB:47:4E:27:1A:80:05:A5:B1:33:85:14:73:C2
            X509v3 Authority Key Identifier:
                keyid:9F:2A:68:6B:1C:25:D4:4C:7D:BD:4D:4A:31:FE:0C:7A:FD:02:A1:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nypoaxwl1Ex9vU1KMf4Mev0CoS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/1-vCuLQv8-0dOJxqABaWxM4UUc8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/5bf8a9-d434-454b-8885-525d626799ef/1/nypoaxwl1Ex9vU1KMf4Mev0CoS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:25:2a:46:1b:3b:72:67:e5:78:2f:7c:ef:a9:ad:66:73:23:
         f2:bc:ba:05:e0:5b:14:c3:75:73:63:7e:30:2b:2d:6d:37:2e:
         0f:51:ca:aa:e1:c1:25:ae:dd:36:dc:c9:8b:a1:34:5d:6d:90:
         88:a5:94:ff:2d:0b:51:6a:99:20:da:41:6f:f0:d6:d6:1b:77:
         1e:38:71:f9:81:b3:7b:6a:a4:d8:bb:50:68:ed:2d:79:ee:76:
         1f:cc:20:65:5e:b1:a9:63:0d:d8:49:88:0d:41:fa:c7:7d:04:
         37:e2:70:17:11:f7:ab:9a:cc:48:9b:90:5f:9d:5d:e9:03:3c:
         99:2d:0b:58:84:4f:f2:df:3e:f8:9b:81:2e:67:01:e0:89:09:
         5e:33:17:09:b0:bb:74:c8:1e:fa:6b:b2:35:d1:af:74:c8:8e:
         33:bd:f8:d3:88:2f:37:7a:93:df:7d:d8:4d:68:0d:11:f6:fc:
         00:4f:38:3a:a3:ba:de:b9:9d:34:e2:ba:af:60:45:a9:19:9b:
         6a:13:06:90:67:c5:ba:43:85:fb:78:43:4d:3c:0c:2b:31:a8:
         1a:2f:cb:48:ae:1e:f0:62:94:cb:6c:34:b9:b6:6f:79:9a:65:
         93:04:7a:9d:29:cd:1d:8c:b4:7d:75:12:fd:cb:e2:45:41:9d:
         0f:cf:b1:f8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0MXla36IUTd0iorJptrKfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMmE2ODZiMWMyNWQ0NGM3ZGJkNGQ0YTMxZmUwYzdhZmQw
MmExMmUwHhcNMjYwMzIwMTc1MDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWYwYWUyZDBiZmNmYjQ3NGUyNzFhODAwNWE1YjEzMzg1MTQ3M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveAlF70PfdVDFr3DHZJjCkR+Rc31
pVyrJ7d6EkkdKs1xXSUDkUbF4vAK/DeyFt8Pp9MhM9zrGfijdbjCUm39F9585mKC
8BA7c37EOmw8Pn3NAzmmKU2SFAfKHicV9m8Bmlz2etihUHN3ndz8vNMxXhiVKmpz
wxitMyMOd5JQbeA4aBW0DtLJHpsUi4j5av0/ygrDvy6PKY6PFba+4w3Hrjzpjt6x
fykaud9KgNLD6Atuqp8KBHLAL3dhZLm5DtqTvcSdfPiJdOy8WaHwxBSewmbtfjnr
gSBKr74xYxoQwO2lhEOvLLhp/A994v8mnJdCdJ9j//kwuFEz0i1swIytlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrwri0L/PtHTicagAWlsTOFFHPCMB8GA1UdIwQY
MBaAFJ8qaGscJdRMfb1NSjH+DHr9AqEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnlwb2F4d2wxRXg5dlUxS01mNE1ldjBDb1M0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi81YmY4YTktZDQzNC00NTRiLTg4ODUt
NTI1ZDYyNjc5OWVmLzEvMS12Q3VMUXY4LTBkT0p4cUFCYVd4TTRVVWM4SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvNWJmOGE5LWQ0MzQtNDU0Yi04ODg1LTUyNWQ2MjY3OTll
Zi8xL255cG9heHdsMUV4OXZVMUtNZjRNZXYwQ29TNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmlkDAN
BgkqhkiG9w0BAQsFAAOCAQEAdSUqRhs7cmfleC9876mtZnMj8ry6BeBbFMN1c2N+
MCstbTcuD1HKquHBJa7dNtzJi6E0XW2QiKWU/y0LUWqZINpBb/DW1ht3Hjhx+YGz
e2qk2LtQaO0tee52H8wgZV6xqWMN2EmIDUH6x30EN+JwFxH3q5rMSJuQX51d6QM8
mS0LWIRP8t8++JuBLmcB4IkJXjMXCbC7dMge+muyNdGvdMiOM73404gvN3qT333Y
TWgNEfb8AE84OqO63rmdNOK6r2BFqRmbahMGkGfFukOF+3hDTTwMKzGoGi/LSK4e
8GKUy2w0ubZveZplkwR6nSnNHYy0fXUS/cviRUGdD8+x+A==
-----END CERTIFICATE-----