Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/65oUcuHXw_r3DB7F6TU8gQdebHI.roa
File:                     65oUcuHXw_r3DB7F6TU8gQdebHI.roa (raw, json)
Hash identifier:          7QcXa7BeCSi+FJvHLaHoDv7rP/iJDhyydHGldODZE5c=
Subject key identifier:   EB:9A:14:72:E1:D7:C3:FA:F7:0C:1E:C5:E9:35:3C:81:07:5E:6C:72
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CDDC9BEF8E519785B90046C0A72FA7F2F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/65oUcuHXw_r3DB7F6TU8gQdebHI.roa
Signing time:             Wed 11 Mar 2026 16:45:12 +0000
ROA not before:           Wed 11 Mar 2026 16:45:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51722
IP address blocks:        217.60.200.0/22 maxlen: 24
                          217.60.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:c9:be:f8:e5:19:78:5b:90:04:6c:0a:72:fa:7f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 11 16:45:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb9a1472e1d7c3faf70c1ec5e9353c81075e6c72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:29:4d:7b:d6:4d:41:0d:b9:93:8b:18:71:
                    ef:41:52:4e:45:53:b2:fc:18:9f:d2:f0:ce:b4:aa:
                    8b:d8:96:64:8e:25:60:f4:bf:b7:d9:c5:51:c7:70:
                    63:7c:a3:f6:aa:92:7b:2b:a5:83:7d:c8:9e:78:8d:
                    76:a7:ca:4d:12:d5:21:68:2e:d1:2a:a5:73:7f:ee:
                    b3:13:5b:40:f2:a4:81:22:e0:90:4c:7d:08:fa:cd:
                    b8:af:93:90:e9:4a:03:d3:73:47:44:76:3a:bb:92:
                    e8:37:35:2a:45:ac:89:59:db:1e:b6:4c:7d:78:5a:
                    2d:5d:29:ef:94:35:af:94:2b:8f:15:0e:17:87:74:
                    79:24:1e:6b:e2:e7:3f:6e:02:29:9b:91:93:b8:c2:
                    3c:eb:73:07:0a:86:cf:12:15:cc:80:1c:fe:3f:30:
                    ee:21:74:35:a2:2a:32:ea:fe:f8:1d:27:e0:ff:60:
                    2f:11:8e:bc:8e:e2:b6:8d:be:d7:01:9c:46:ae:16:
                    dc:e5:a4:3a:cb:49:36:92:6d:99:9c:1b:fa:a1:2f:
                    cd:61:de:46:61:a8:7f:dc:84:8c:ba:4c:23:06:27:
                    69:2c:58:f1:af:7e:3d:17:05:ac:c7:9a:14:6f:d9:
                    bc:03:74:9c:63:78:c1:e0:10:1c:92:de:5c:65:a7:
                    0d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:9A:14:72:E1:D7:C3:FA:F7:0C:1E:C5:E9:35:3C:81:07:5E:6C:72
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/65oUcuHXw_r3DB7F6TU8gQdebHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:65:c0:86:a4:d3:7c:d6:83:1f:6e:2b:7a:5d:0e:09:3b:1f:
         18:b5:45:94:4e:22:e9:32:5f:72:cf:4d:cb:ea:6b:9b:26:c0:
         05:42:37:63:15:5e:e0:4a:f6:da:ec:35:0d:6a:17:e4:c3:84:
         dd:38:2f:ae:e7:74:e5:29:8a:f1:26:c4:30:89:c7:8b:cb:db:
         a3:7f:53:e0:fe:cc:8f:e6:e9:11:9a:41:80:d2:a7:be:f5:c2:
         3e:ec:eb:a6:c0:a0:e7:a2:a4:6e:a6:4d:19:6a:bf:7e:b7:91:
         dd:a7:38:38:e5:92:4f:5e:ad:a8:4a:c7:1a:2c:64:e9:b3:2b:
         b0:73:c6:ab:e1:61:6d:64:41:7b:f6:39:53:66:d6:d0:6d:1c:
         9f:17:a6:8a:b1:ad:84:be:d4:0b:72:1a:53:c1:c2:5f:e3:b8:
         9e:95:f0:3b:1e:3a:8b:97:fa:39:18:ba:b0:1d:93:71:60:41:
         b5:4f:20:6d:59:f5:be:f2:91:62:01:99:7e:00:cc:a6:cb:e7:
         e3:e0:69:8b:0f:d5:46:9e:61:74:27:e2:62:a3:47:17:78:8d:
         d2:7f:64:3d:e9:08:bb:1b:cd:1c:e8:ee:2f:8c:d4:5e:ac:7b:
         e5:2e:34:12:f6:04:3b:7b:6a:05:f9:22:e3:3e:d2:b2:13:5d:
         16:7c:90:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzdyb745Rl4W5AEbApy+n8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzExMTY0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjlhMTQ3MmUxZDdjM2ZhZjcwYzFlYzVlOTM1M2M4MTA3NWU2YzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2wpTXvWTUENuZOLGHHvQVJORVOy
/Bif0vDOtKqL2JZkjiVg9L+32cVRx3BjfKP2qpJ7K6WDfcieeI12p8pNEtUhaC7R
KqVzf+6zE1tA8qSBIuCQTH0I+s24r5OQ6UoD03NHRHY6u5LoNzUqRayJWdsetkx9
eFotXSnvlDWvlCuPFQ4Xh3R5JB5r4uc/bgIpm5GTuMI863MHCobPEhXMgBz+PzDu
IXQ1oioy6v74HSfg/2AvEY68juK2jb7XAZxGrhbc5aQ6y0k2km2ZnBv6oS/NYd5G
Yah/3ISMukwjBidpLFjxr349FwWsx5oUb9m8A3ScY3jB4BAckt5cZacNaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuaFHLh18P69wwexek1PIEHXmxyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNjVvVWN1SFh3X3IzREI3RjZUVThnUWRlYkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2TzIMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ZcCGpNN81oMfbit6XQ4JOx8YtUWUTiLpMl9yz03L
6mubJsAFQjdjFV7gSvba7DUNahfkw4TdOC+u53TlKYrxJsQwiceLy9ujf1Pg/syP
5ukRmkGA0qe+9cI+7OumwKDnoqRupk0Zar9+t5Hdpzg45ZJPXq2oSscaLGTpsyuw
c8ar4WFtZEF79jlTZtbQbRyfF6aKsa2EvtQLchpTwcJf47ielfA7HjqLl/o5GLqw
HZNxYEG1TyBtWfW+8pFiAZl+AMymy+fj4GmLD9VGnmF0J+Jio0cXeI3Sf2Q96Qi7
G80c6O4vjNRerHvlLjQS9gQ7e2oF+SLjPtKyE10WfJDt
-----END CERTIFICATE-----