Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/fTPd9h70qbE4IDomqVhRl5Z6tXY.roa
File:                     fTPd9h70qbE4IDomqVhRl5Z6tXY.roa (raw, json)
Hash identifier:          kJtRZt0jq1rkxlKv4aSYJNr1yYR0AREk7KSe3ox5v1s=
Subject key identifier:   7D:33:DD:F6:1E:F4:A9:B1:38:20:3A:26:A9:58:51:97:96:7A:B5:76
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       019CE68C2682781E6C95F251233B2E825630
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/fTPd9h70qbE4IDomqVhRl5Z6tXY.roa
Signing time:             Fri 13 Mar 2026 09:34:30 +0000
ROA not before:           Fri 13 Mar 2026 09:34:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26548
IP address blocks:        94.154.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:8c:26:82:78:1e:6c:95:f2:51:23:3b:2e:82:56:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Mar 13 09:34:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d33ddf61ef4a9b138203a26a9585197967ab576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:52:9f:49:50:4b:35:12:7e:ca:8a:5c:81:b8:
                    79:66:05:1d:00:76:38:ff:39:5a:22:b6:cf:86:f5:
                    eb:84:fb:d9:a3:72:4f:34:99:f7:e4:c9:79:41:3e:
                    eb:59:3c:64:3e:df:48:68:04:c3:1b:72:6d:49:fd:
                    3c:ee:60:e4:ca:ce:32:f8:57:3b:aa:e2:8f:48:ca:
                    50:71:bf:7a:fa:11:0e:0f:3e:63:10:16:f3:7b:dd:
                    e6:ec:12:c2:37:57:dc:49:4f:0a:45:9c:fc:f7:c9:
                    24:33:54:13:e0:99:4e:39:8e:7e:68:3f:d0:b0:b3:
                    69:47:2e:7b:ab:a9:99:fd:d5:d5:4d:cc:eb:35:e7:
                    d0:27:44:69:2c:35:63:1d:d7:f4:c8:4b:8e:e4:75:
                    d9:41:14:c6:7e:92:05:35:0d:bf:16:47:d2:16:67:
                    95:82:ea:30:ba:e2:f3:40:d0:2b:3b:c0:2d:22:93:
                    b8:92:84:2d:a9:d9:58:e6:92:2a:0d:7a:ef:30:13:
                    3e:59:74:cd:83:7c:18:cc:58:a8:6e:78:aa:2e:f3:
                    22:e0:9d:59:56:10:9b:80:1f:2f:cf:30:68:24:6d:
                    b1:1f:f2:c7:7f:ab:bb:92:a8:4b:24:47:87:f5:06:
                    9a:73:aa:a4:c2:67:08:dd:a1:61:7d:a3:e0:19:0c:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:33:DD:F6:1E:F4:A9:B1:38:20:3A:26:A9:58:51:97:96:7A:B5:76
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/fTPd9h70qbE4IDomqVhRl5Z6tXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:06:7d:ec:2c:6e:9f:af:46:7e:b9:30:5e:86:72:79:b1:c0:
         ef:30:6c:2c:26:2f:2c:7b:04:73:05:86:70:8a:d2:5a:c6:b9:
         d8:b3:9b:e8:97:a0:4d:ef:48:10:77:e4:10:8a:e5:5d:d9:bb:
         e4:30:f4:bd:10:6b:69:03:7f:25:a1:94:94:1a:8a:5c:00:60:
         3c:40:09:76:6d:ac:d0:72:0b:11:f1:a6:78:7b:07:91:8b:b9:
         c1:b1:ae:54:5c:38:21:d1:3e:e2:3d:a2:84:ae:b2:9c:8f:48:
         89:7a:20:a8:e3:d6:7d:58:0a:ca:94:58:9e:60:ab:fd:67:d8:
         ab:a5:ed:49:36:38:7c:0c:be:2c:a4:5a:7d:4a:56:59:1c:8c:
         d8:be:60:ef:79:29:7a:54:e7:06:9b:61:5f:02:c2:75:16:9d:
         60:2f:66:39:4a:26:71:ce:87:ab:35:ab:de:eb:d3:9c:e8:fc:
         47:42:9c:99:a3:d6:9c:9d:25:08:7e:8b:7e:c2:b7:76:04:6f:
         16:f2:7a:43:8c:55:fa:ab:99:a7:6a:ba:c0:10:14:93:bd:3a:
         e1:5d:99:57:a2:66:bf:d5:ad:6c:ba:2b:00:cb:94:44:9c:c9:
         47:0b:a6:80:21:9c:ea:79:b6:b1:cc:fb:06:57:1d:cb:5f:f9:
         f1:19:31:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmjCaCeB5slfJRIzsuglYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjYwMzEzMDkzNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDMzZGRmNjFlZjRhOWIxMzgyMDNhMjZhOTU4NTE5Nzk2N2FiNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVKfSVBLNRJ+yopcgbh5ZgUdAHY4
/zlaIrbPhvXrhPvZo3JPNJn35Ml5QT7rWTxkPt9IaATDG3JtSf087mDkys4y+Fc7
quKPSMpQcb96+hEODz5jEBbze93m7BLCN1fcSU8KRZz898kkM1QT4JlOOY5+aD/Q
sLNpRy57q6mZ/dXVTczrNefQJ0RpLDVjHdf0yEuO5HXZQRTGfpIFNQ2/FkfSFmeV
guowuuLzQNArO8AtIpO4koQtqdlY5pIqDXrvMBM+WXTNg3wYzFiobniqLvMi4J1Z
VhCbgB8vzzBoJG2xH/LHf6u7kqhLJEeH9Qaac6qkwmcI3aFhfaPgGQzG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0z3fYe9KmxOCA6JqlYUZeWerV2MB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvZlRQZDloNzBxYkU0SURvbXFWaFJsNVo2dFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp/MA0G
CSqGSIb3DQEBCwUAA4IBAQATBn3sLG6fr0Z+uTBehnJ5scDvMGwsJi8sewRzBYZw
itJaxrnYs5vol6BN70gQd+QQiuVd2bvkMPS9EGtpA38loZSUGopcAGA8QAl2bazQ
cgsR8aZ4eweRi7nBsa5UXDgh0T7iPaKErrKcj0iJeiCo49Z9WArKlFieYKv9Z9ir
pe1JNjh8DL4spFp9SlZZHIzYvmDveSl6VOcGm2FfAsJ1Fp1gL2Y5SiZxzoerNave
69Oc6PxHQpyZo9acnSUIfot+wrd2BG8W8npDjFX6q5mnarrAEBSTvTrhXZlXoma/
1a1suisAy5REnMlHC6aAIZzqebaxzPsGVx3LX/nxGTH0
-----END CERTIFICATE-----