Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/shPOVz_n5bJvQyG6jsdQeca5asE.roa
File:                     shPOVz_n5bJvQyG6jsdQeca5asE.roa (raw, json)
Hash identifier:          ifPfdE9I4jVX2fmQU94qNR59WDwHd6ZnTj/nIcVInf4=
Subject key identifier:   B2:13:CE:57:3F:E7:E5:B2:6F:43:21:BA:8E:C7:50:79:C6:B9:6A:C1
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019C13ACFFFA09A1E15A1AFA6640437AC511
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/shPOVz_n5bJvQyG6jsdQeca5asE.roa
Signing time:             Sat 31 Jan 2026 10:50:30 +0000
ROA not before:           Sat 31 Jan 2026 10:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215285
IP address blocks:        185.124.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:13:ac:ff:fa:09:a1:e1:5a:1a:fa:66:40:43:7a:c5:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan 31 10:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b213ce573fe7e5b26f4321ba8ec75079c6b96ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:28:67:bd:88:b5:b9:34:e3:c0:17:e2:a4:05:
                    ff:ce:18:c3:cf:f9:ac:60:f8:63:c1:31:c5:ca:d7:
                    1f:2f:9b:bc:f4:bb:78:f8:6b:bc:47:e5:64:d0:0a:
                    a0:c5:0a:70:79:bc:b9:df:24:03:2d:b6:8b:4b:dc:
                    01:0b:2f:ff:1a:04:f7:27:e6:eb:6b:f9:a9:c5:a0:
                    9f:d0:e7:f4:43:b8:12:98:e5:23:d0:58:1d:d3:89:
                    66:28:7d:d1:11:50:1c:ad:98:a9:6a:6f:4e:6b:3c:
                    35:56:54:08:e2:74:26:43:6e:0f:db:b4:1f:a1:d0:
                    3b:57:24:57:fe:42:91:a7:7f:62:06:97:bc:77:85:
                    60:e3:bf:ff:1f:92:3d:72:c4:a9:01:92:c2:1b:6b:
                    e4:63:70:7d:51:2a:f6:65:a7:35:d1:79:b4:78:30:
                    8f:38:d6:63:32:95:5c:bc:e6:65:25:25:62:9c:f8:
                    86:e9:ef:fd:ad:2a:2d:63:de:a5:d5:0e:43:c4:9b:
                    8b:7b:d9:45:27:66:db:7f:6f:f3:8c:77:27:ad:3e:
                    45:88:12:cb:55:0a:22:55:de:21:f6:2c:a1:69:83:
                    5d:76:15:5e:22:9f:d9:b2:c9:c8:b5:9e:6d:97:52:
                    83:3e:d1:b9:02:41:27:18:26:04:1c:1f:37:ad:68:
                    77:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:13:CE:57:3F:E7:E5:B2:6F:43:21:BA:8E:C7:50:79:C6:B9:6A:C1
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/shPOVz_n5bJvQyG6jsdQeca5asE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c7:87:5d:03:ff:26:89:e9:ba:61:a7:03:64:e4:6a:be:17:
         9a:13:d0:31:f1:df:f0:e7:39:77:92:8e:c0:fa:af:95:fd:c0:
         0f:1e:db:24:17:a4:08:3c:dd:ad:53:69:e4:1f:bf:c8:56:2c:
         62:73:dc:9f:e8:fc:d5:1f:b9:94:2e:ec:02:04:19:ef:85:ce:
         80:01:d7:f5:51:b9:b8:8e:4d:5f:95:a3:61:6d:9a:41:d6:2b:
         5d:fa:2f:a2:67:52:c5:eb:72:4a:f8:dc:73:a7:24:a6:96:18:
         65:e9:89:1b:25:f7:09:86:f2:2d:86:87:2b:f3:ad:b7:a6:39:
         cf:4a:1b:cd:c2:cd:5c:c5:69:7e:c2:bd:3a:8d:4b:eb:36:78:
         1c:10:52:07:01:67:28:e4:86:b2:36:96:6c:6e:19:69:31:25:
         c5:1e:3f:9a:6b:b9:a0:60:91:e8:a8:bd:e2:1e:1a:e0:50:3d:
         53:2e:6d:8f:d2:f6:9c:b9:bd:d4:01:b1:48:d5:3f:b6:3d:88:
         b8:51:d2:ba:c8:ba:6d:52:b8:4e:d6:fa:22:4f:f3:36:9f:ab:
         af:47:9b:4b:48:cc:4a:23:c0:fd:d2:45:bb:e5:6d:4c:50:ae:
         00:88:5d:ad:68:2e:79:ae:af:1f:26:44:e0:4e:a2:d9:47:35:
         1e:71:b1:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwTrP/6CaHhWhr6ZkBDesURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMTMxMTA1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjEzY2U1NzNmZTdlNWIyNmY0MzIxYmE4ZWM3NTA3OWM2Yjk2YWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnShnvYi1uTTjwBfipAX/zhjDz/ms
YPhjwTHFytcfL5u89Lt4+Gu8R+Vk0AqgxQpweby53yQDLbaLS9wBCy//GgT3J+br
a/mpxaCf0Of0Q7gSmOUj0Fgd04lmKH3REVAcrZipam9Oazw1VlQI4nQmQ24P27Qf
odA7VyRX/kKRp39iBpe8d4Vg47//H5I9csSpAZLCG2vkY3B9USr2Zac10Xm0eDCP
ONZjMpVcvOZlJSVinPiG6e/9rSotY96l1Q5DxJuLe9lFJ2bbf2/zjHcnrT5FiBLL
VQoiVd4h9iyhaYNddhVeIp/ZssnItZ5tl1KDPtG5AkEnGCYEHB83rWh3WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLITzlc/5+Wyb0Mhuo7HUHnGuWrBMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvc2hQT1Z6X241Ykp2UXlHNmpzZFFlY2E1YXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXytMA0G
CSqGSIb3DQEBCwUAA4IBAQACx4ddA/8miem6YacDZORqvheaE9Ax8d/w5zl3ko7A
+q+V/cAPHtskF6QIPN2tU2nkH7/IVixic9yf6PzVH7mULuwCBBnvhc6AAdf1Ubm4
jk1flaNhbZpB1itd+i+iZ1LF63JK+NxzpySmlhhl6YkbJfcJhvIthocr8623pjnP
ShvNws1cxWl+wr06jUvrNngcEFIHAWco5IayNpZsbhlpMSXFHj+aa7mgYJHoqL3i
HhrgUD1TLm2P0vacub3UAbFI1T+2PYi4UdK6yLptUrhO1voiT/M2n6uvR5tLSMxK
I8D90kW75W1MUK4AiF2taC55rq8fJkTgTqLZRzUecbEJ
-----END CERTIFICATE-----