Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CYc7prnFx1lhXzfOLubzXU7Xt30.roa
File:                     CYc7prnFx1lhXzfOLubzXU7Xt30.roa (raw, json)
Hash identifier:          naFYPSY6/7l2zS+Ti+qsnLbX9DKQcD514lOalSd6V2M=
Subject key identifier:   09:87:3B:A6:B9:C5:C7:59:61:5F:37:CE:2E:E6:F3:5D:4E:D7:B7:7D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CADB2E53B6AA0ED29178320429EE84ED0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CYc7prnFx1lhXzfOLubzXU7Xt30.roa
Signing time:             Mon 02 Mar 2026 08:38:28 +0000
ROA not before:           Mon 02 Mar 2026 08:38:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210448
IP address blocks:        217.60.13.0/24 maxlen: 24
                          2a14:6e40:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:b2:e5:3b:6a:a0:ed:29:17:83:20:42:9e:e8:4e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  2 08:38:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09873ba6b9c5c759615f37ce2ee6f35d4ed7b77d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4d:e1:2b:77:bb:67:90:00:59:4b:04:f4:aa:
                    31:40:a9:c5:9f:22:ce:76:f2:a4:7c:95:31:16:f1:
                    47:cb:6e:08:fc:32:00:23:a2:ce:cd:6d:b8:fb:1d:
                    23:8b:f7:f6:1e:6e:d3:c6:b8:3d:4e:67:63:4c:57:
                    51:e3:8c:7d:42:6f:59:47:a8:31:0b:51:92:42:5b:
                    ce:be:da:f4:8d:2b:84:a8:b1:23:93:30:bb:64:87:
                    a7:ac:5d:d6:4b:e9:23:ec:76:83:68:48:f7:cb:98:
                    ea:8a:fe:bf:d2:b4:69:3f:56:46:f2:d4:26:08:d4:
                    48:b1:c8:5a:d4:52:b7:8c:b0:24:97:b6:99:d5:98:
                    95:a3:ad:fd:e0:a2:d2:ac:ae:cc:fa:cb:76:13:a7:
                    5e:6f:e4:4f:a0:66:a1:fb:cc:23:d4:6e:c0:3e:6e:
                    12:2e:e5:cb:86:d8:9f:e4:50:b9:05:ad:00:0b:20:
                    2a:6e:5d:3b:22:c5:05:5e:9d:9a:e8:d0:b8:31:57:
                    8e:bc:d0:4d:fa:04:b3:6e:83:a6:e5:63:15:86:9b:
                    0d:80:f3:46:d1:7c:d4:cc:c2:30:62:95:42:09:23:
                    01:15:5a:d0:8e:1f:58:98:f0:e7:c8:f4:3b:b3:da:
                    53:90:f4:19:51:bb:d1:ca:fd:fa:0b:b5:8c:df:a1:
                    9e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:87:3B:A6:B9:C5:C7:59:61:5F:37:CE:2E:E6:F3:5D:4E:D7:B7:7D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CYc7prnFx1lhXzfOLubzXU7Xt30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.13.0/24
                IPv6:
                  2a14:6e40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:d6:6f:3e:9c:5c:e4:5c:b6:ea:68:0f:70:d1:34:ce:dd:b1:
         28:ed:5d:ce:84:45:90:e1:d7:f9:85:82:a8:82:44:f8:d5:69:
         f6:be:c8:0c:34:da:87:10:f4:66:84:b1:28:02:94:af:1d:3b:
         70:32:33:88:be:f7:67:35:23:85:8d:8d:47:e6:1e:4b:93:99:
         64:80:8e:81:e3:d3:2b:89:18:be:53:9d:bd:13:e4:9d:cd:57:
         5f:7a:5f:dd:2b:55:47:f4:29:03:80:e8:bf:14:53:3d:0b:91:
         92:02:e5:2f:bc:eb:ff:5e:2a:42:a8:43:cd:91:63:f3:cb:8a:
         31:79:22:16:8d:e5:b2:c2:ff:28:41:4d:04:b7:e6:1a:e4:eb:
         df:16:81:22:a7:75:a7:59:32:e4:a9:8e:ce:7d:58:07:af:02:
         4a:38:95:2b:f0:44:1f:12:6e:88:37:37:2b:40:ba:3d:ed:42:
         1d:58:30:09:41:df:16:87:4c:0b:3c:28:4d:c8:9e:3d:4c:d3:
         9c:a2:02:c2:54:9f:37:5c:f4:96:47:38:c3:7b:4d:4c:7d:ff:
         8b:90:84:fd:ee:f2:89:b6:6d:e0:4e:37:7d:db:0d:c9:7f:87:
         fd:8e:be:bb:6a:b5:d7:89:dd:7b:bd:d0:92:1b:c9:d2:0b:ca:
         cd:ec:c7:c6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZytsuU7aqDtKReDIEKe6E7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzAyMDgzODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg3M2JhNmI5YzVjNzU5NjE1ZjM3Y2UyZWU2ZjM1ZDRlZDdiNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq03hK3e7Z5AAWUsE9KoxQKnFnyLO
dvKkfJUxFvFHy24I/DIAI6LOzW24+x0ji/f2Hm7Txrg9TmdjTFdR44x9Qm9ZR6gx
C1GSQlvOvtr0jSuEqLEjkzC7ZIenrF3WS+kj7HaDaEj3y5jqiv6/0rRpP1ZG8tQm
CNRIscha1FK3jLAkl7aZ1ZiVo6394KLSrK7M+st2E6deb+RPoGah+8wj1G7APm4S
LuXLhtif5FC5Ba0ACyAqbl07IsUFXp2a6NC4MVeOvNBN+gSzboOm5WMVhpsNgPNG
0XzUzMIwYpVCCSMBFVrQjh9YmPDnyPQ7s9pTkPQZUbvRyv36C7WM36GeSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAmHO6a5xcdZYV83zi7m811O17d9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ1ljN3BybkZ4MWxoWHpmT0x1YnpYVTdYdDMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2TwNMA8E
AgACMAkDBwAqFG5AAAEwDQYJKoZIhvcNAQELBQADggEBAKLWbz6cXORctupoD3DR
NM7dsSjtXc6ERZDh1/mFgqiCRPjVafa+yAw02ocQ9GaEsSgClK8dO3AyM4i+92c1
I4WNjUfmHkuTmWSAjoHj0yuJGL5Tnb0T5J3NV196X90rVUf0KQOA6L8UUz0LkZIC
5S+86/9eKkKoQ82RY/PLijF5IhaN5bLC/yhBTQS35hrk698WgSKndadZMuSpjs59
WAevAko4lSvwRB8Sbog3NytAuj3tQh1YMAlB3xaHTAs8KE3Inj1M05yiAsJUnzdc
9JZHOMN7TUx9/4uQhP3u8om2beBON33bDcl/h/2OvrtqtdeJ3Xu90JIbydILys3s
x8Y=
-----END CERTIFICATE-----