Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/INtC9yXsHGniRHYrKoSjBy9P9Kw.roa
File:                     INtC9yXsHGniRHYrKoSjBy9P9Kw.roa (raw, json)
Hash identifier:          +R9r5OAR/vAcqDxt7siPETBqbjhDp2iQEbEl+e4C/Lo=
Subject key identifier:   20:DB:42:F7:25:EC:1C:69:E2:44:76:2B:2A:84:A3:07:2F:4F:F4:AC
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       019DFC664EEFE9E14EE5685B52E77BF5C0EC
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/INtC9yXsHGniRHYrKoSjBy9P9Kw.roa
Signing time:             Wed 06 May 2026 08:27:36 +0000
ROA not before:           Wed 06 May 2026 08:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39238
IP address blocks:        194.187.120.0/24 maxlen: 24
                          217.171.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:66:4e:ef:e9:e1:4e:e5:68:5b:52:e7:7b:f5:c0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: May  6 08:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20db42f725ec1c69e244762b2a84a3072f4ff4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1b:1c:b4:32:f0:88:d6:c8:8c:f8:14:59:bd:
                    67:53:e3:aa:75:d8:1a:86:60:8f:74:73:d6:e3:f6:
                    49:c6:02:74:3d:63:3e:ae:e4:b2:ec:9f:58:e7:ab:
                    be:37:73:a1:34:c4:ee:8b:a8:d5:43:76:9d:62:f1:
                    c5:ee:7e:6b:56:65:e3:dd:ac:e3:5c:4c:90:d6:5b:
                    e2:ea:c3:8f:26:40:2f:76:c5:79:02:23:15:e3:77:
                    db:b1:9d:0b:28:dc:40:19:04:7f:08:7a:04:0f:7c:
                    e0:92:46:21:07:2a:92:fe:e1:e4:b0:38:26:a8:bb:
                    20:7f:1d:07:aa:bf:9c:7d:70:81:d7:a0:ea:53:b2:
                    4c:3d:4c:8c:f9:89:98:c2:93:aa:7f:66:e6:4b:32:
                    1d:f0:e8:5a:b3:32:c2:b5:e4:1a:75:5d:42:0e:ef:
                    c4:89:8a:77:dc:9e:79:f8:42:7f:83:1a:36:19:c6:
                    1e:c3:7b:98:50:08:79:21:56:5c:f0:50:c9:b2:92:
                    71:3e:4c:b2:fa:4b:fe:10:b4:da:3f:6c:28:e2:4e:
                    fd:5e:08:44:cb:ee:56:3b:a7:de:7d:76:8f:f7:cf:
                    8a:ff:b3:9c:c4:42:0f:7b:d3:a7:33:a4:00:d2:04:
                    25:6c:c9:14:9f:b8:67:99:da:79:89:09:56:27:7a:
                    87:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:DB:42:F7:25:EC:1C:69:E2:44:76:2B:2A:84:A3:07:2F:4F:F4:AC
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/INtC9yXsHGniRHYrKoSjBy9P9Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.120.0/24
                  217.171.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:7d:c0:30:07:b6:46:97:c2:70:68:0d:0f:49:26:7e:7c:5d:
         1b:b1:9a:24:63:f0:fd:40:4b:94:90:44:cb:e7:27:9d:f5:67:
         8e:74:1a:9c:48:9d:d6:8f:57:59:9a:09:60:1d:8f:4e:0d:62:
         df:f0:23:13:bb:42:59:ae:02:02:c9:06:be:97:4b:39:12:39:
         5f:76:5f:6b:31:56:c3:69:9e:a1:0b:68:b8:d5:14:a4:6c:a3:
         cd:a7:1c:6b:b4:57:b5:25:c9:01:b3:98:6a:01:c5:b6:b0:6a:
         cb:00:d8:db:7a:ce:a8:85:86:b0:05:79:2b:3c:f4:d7:9f:a5:
         50:1c:4f:3b:a0:b9:15:16:d8:18:cd:ee:45:0e:ee:96:d4:75:
         11:85:ad:7b:5b:2f:50:e0:05:20:b9:5e:7e:d7:81:41:44:54:
         64:fb:2f:11:bb:7e:ab:40:17:dc:c4:85:05:18:d0:e8:e4:3f:
         66:fc:41:91:93:cc:87:73:8c:c4:95:ea:2f:ab:61:c2:b7:9c:
         76:2e:6f:a5:60:7a:4c:3b:7b:5c:2e:8b:5f:3f:3a:a5:95:8b:
         0c:a9:fe:67:b7:a0:77:53:1a:47:be:14:30:fd:43:6f:22:a6:
         14:ad:da:b7:0b:fc:36:94:d2:a4:7f:56:44:c9:a2:b4:98:95:
         14:52:c9:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ38Zk7v6eFO5WhbUud79cDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjYwNTA2MDgyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRiNDJmNzI1ZWMxYzY5ZTI0NDc2MmIyYTg0YTMwNzJmNGZmNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthsctDLwiNbIjPgUWb1nU+Oqddga
hmCPdHPW4/ZJxgJ0PWM+ruSy7J9Y56u+N3OhNMTui6jVQ3adYvHF7n5rVmXj3azj
XEyQ1lvi6sOPJkAvdsV5AiMV43fbsZ0LKNxAGQR/CHoED3zgkkYhByqS/uHksDgm
qLsgfx0Hqr+cfXCB16DqU7JMPUyM+YmYwpOqf2bmSzId8OhaszLCteQadV1CDu/E
iYp33J55+EJ/gxo2GcYew3uYUAh5IVZc8FDJspJxPkyy+kv+ELTaP2wo4k79XghE
y+5WO6fefXaP98+K/7OcxEIPe9OnM6QA0gQlbMkUn7hnmdp5iQlWJ3qHkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCDbQvcl7Bxp4kR2KyqEowcvT/SsMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvSU50Qzl5WHNIR25pUkhZcktvU2pCeTlQOUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwrt4AwQA
2auTMA0GCSqGSIb3DQEBCwUAA4IBAQBVfcAwB7ZGl8JwaA0PSSZ+fF0bsZokY/D9
QEuUkETL5yed9WeOdBqcSJ3Wj1dZmglgHY9ODWLf8CMTu0JZrgICyQa+l0s5Ejlf
dl9rMVbDaZ6hC2i41RSkbKPNpxxrtFe1JckBs5hqAcW2sGrLANjbes6ohYawBXkr
PPTXn6VQHE87oLkVFtgYze5FDu6W1HURha17Wy9Q4AUguV5+14FBRFRk+y8Ru36r
QBfcxIUFGNDo5D9m/EGRk8yHc4zEleovq2HCt5x2Lm+lYHpMO3tcLotfPzqllYsM
qf5nt6B3UxpHvhQw/UNvIqYUrdq3C/w2lNKkf1ZEyaK0mJUUUsku
-----END CERTIFICATE-----