Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/eFI0tBDLnesndLqlj1NoxqsPUjg.roa
File:                     eFI0tBDLnesndLqlj1NoxqsPUjg.roa (raw, json)
Hash identifier:          hjKjXxMem27vbAFHspC4BJNh7EJxRAQg9zId7c2baKg=
Subject key identifier:   78:52:34:B4:10:CB:9D:EB:27:74:BA:A5:8F:53:68:C6:AB:0F:52:38
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       019DF1DD8CF5B9B99263395E9A4EC6C75019
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/eFI0tBDLnesndLqlj1NoxqsPUjg.roa
Signing time:             Mon 04 May 2026 07:22:01 +0000
ROA not before:           Mon 04 May 2026 07:22:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205800
IP address blocks:        185.239.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:dd:8c:f5:b9:b9:92:63:39:5e:9a:4e:c6:c7:50:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: May  4 07:22:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=785234b410cb9deb2774baa58f5368c6ab0f5238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3b:72:51:59:7b:1d:73:c5:d6:c9:22:fd:37:
                    31:f5:43:e0:7d:3e:19:bf:fd:4d:df:2f:20:17:ec:
                    65:20:9c:63:11:99:03:89:58:20:21:24:3d:3a:dc:
                    81:05:00:2f:a0:2b:83:79:4f:b3:90:c0:77:2b:c3:
                    3a:9c:9e:46:63:55:cd:10:f5:fd:b6:1a:a5:ba:ea:
                    30:55:f7:1b:8c:98:2c:9b:5e:7f:99:69:f4:8d:b9:
                    cb:58:dd:85:1a:13:9b:ad:2d:a9:00:7e:06:fe:94:
                    26:5d:e2:f3:a4:20:39:78:00:df:03:03:ad:63:e8:
                    e3:3e:b3:bd:8b:b7:fb:b4:b8:67:6d:49:2c:0b:a5:
                    a9:17:d4:6f:35:af:a5:be:41:fc:49:8f:f0:91:84:
                    f8:7d:e0:ee:a9:70:6c:58:7c:07:04:3f:9e:6f:f4:
                    96:84:86:10:53:9b:13:a6:51:1b:a8:18:98:88:48:
                    b0:43:51:a9:3b:fd:66:32:66:8c:a8:40:b8:cd:b1:
                    2e:1f:94:a8:05:7d:f6:d3:df:95:56:a6:3b:85:11:
                    f6:cb:cf:f5:e5:de:be:bd:fc:25:60:70:80:a3:20:
                    a3:de:e6:b7:8c:27:f3:2e:fe:ec:79:cf:ab:67:d6:
                    bc:33:67:2f:ed:b1:a8:2e:c2:d6:f7:63:83:c9:7b:
                    2e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:52:34:B4:10:CB:9D:EB:27:74:BA:A5:8F:53:68:C6:AB:0F:52:38
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/eFI0tBDLnesndLqlj1NoxqsPUjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:0e:56:47:66:25:ac:53:ac:42:c8:be:77:af:60:bb:e4:79:
         3d:3f:99:c1:fd:aa:f8:56:7e:38:1b:0b:e8:e8:fb:66:a2:a4:
         4e:94:9d:92:38:1e:4a:f8:0f:01:ea:02:9f:d2:dc:be:d5:e6:
         b2:f9:b5:5e:6d:72:ac:ba:ee:cb:5e:06:f3:8f:07:d9:09:fc:
         1b:73:2b:27:22:b9:75:4f:9e:54:db:b2:f4:0c:4e:c0:8e:df:
         66:18:4e:61:e5:4e:c0:30:a3:03:72:a0:1a:69:8d:8f:46:23:
         9f:6e:ae:83:ce:42:48:73:4d:c7:72:7d:41:9b:af:a6:e3:9c:
         7b:5e:80:27:7a:5a:1b:3e:92:58:45:93:a0:b6:aa:67:40:74:
         39:8f:8d:29:d1:16:4d:5b:35:cb:f2:be:b3:b2:e1:7b:98:69:
         a9:77:a6:ac:fd:43:3c:b2:4d:c2:a1:32:45:f5:3c:37:69:15:
         4b:7e:da:86:dd:9e:f2:aa:91:b2:69:12:94:ca:16:24:5c:93:
         6f:fb:c9:9b:bd:29:70:57:54:2b:bb:81:1f:48:68:98:77:7c:
         37:cc:b9:43:68:51:25:71:fb:7c:74:cf:5f:4c:7d:5e:bd:39:
         b9:81:18:a8:cf:de:10:9e:54:73:1d:25:5c:76:19:ae:30:60:
         df:3f:46:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3x3Yz1ubmSYzlemk7Gx1AZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjYwNTA0MDcyMjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODUyMzRiNDEwY2I5ZGViMjc3NGJhYTU4ZjUzNjhjNmFiMGY1MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDtyUVl7HXPF1ski/Tcx9UPgfT4Z
v/1N3y8gF+xlIJxjEZkDiVggISQ9OtyBBQAvoCuDeU+zkMB3K8M6nJ5GY1XNEPX9
thqluuowVfcbjJgsm15/mWn0jbnLWN2FGhObrS2pAH4G/pQmXeLzpCA5eADfAwOt
Y+jjPrO9i7f7tLhnbUksC6WpF9RvNa+lvkH8SY/wkYT4feDuqXBsWHwHBD+eb/SW
hIYQU5sTplEbqBiYiEiwQ1GpO/1mMmaMqEC4zbEuH5SoBX3209+VVqY7hRH2y8/1
5d6+vfwlYHCAoyCj3ua3jCfzLv7sec+rZ9a8M2cv7bGoLsLW92ODyXsukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhSNLQQy53rJ3S6pY9TaMarD1I4MB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvZUZJMHRCRExuZXNuZExxbGoxTm94cXNQVWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+zMA0G
CSqGSIb3DQEBCwUAA4IBAQCgDlZHZiWsU6xCyL53r2C75Hk9P5nB/ar4Vn44Gwvo
6PtmoqROlJ2SOB5K+A8B6gKf0ty+1eay+bVebXKsuu7LXgbzjwfZCfwbcysnIrl1
T55U27L0DE7Ajt9mGE5h5U7AMKMDcqAaaY2PRiOfbq6DzkJIc03Hcn1Bm6+m45x7
XoAnelobPpJYRZOgtqpnQHQ5j40p0RZNWzXL8r6zsuF7mGmpd6as/UM8sk3CoTJF
9Tw3aRVLftqG3Z7yqpGyaRKUyhYkXJNv+8mbvSlwV1Qru4EfSGiYd3w3zLlDaFEl
cft8dM9fTH1evTm5gRioz94QnlRzHSVcdhmuMGDfP0aF
-----END CERTIFICATE-----