Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hitEbIx3QHgLDA0SFmdJO655wRk.roa
File:                     hitEbIx3QHgLDA0SFmdJO655wRk.roa (raw, json)
Hash identifier:          XH2gw7V46PtDEZkxMpXOiXnwxoLCx2Bsx6+D3IRPEM0=
Subject key identifier:   86:2B:44:6C:8C:77:40:78:0B:0C:0D:12:16:67:49:3B:AE:79:C1:19
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019D2AE7595EA341696544518B6A8AA2447A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hitEbIx3QHgLDA0SFmdJO655wRk.roa
Signing time:             Thu 26 Mar 2026 16:08:17 +0000
ROA not before:           Thu 26 Mar 2026 16:08:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50977
IP address blocks:        109.107.96.0/19 maxlen: 24
                          185.96.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:e7:59:5e:a3:41:69:65:44:51:8b:6a:8a:a2:44:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Mar 26 16:08:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=862b446c8c7740780b0c0d121667493bae79c119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:00:5b:98:6a:7a:e8:10:e9:cd:d8:ce:6d:b1:
                    53:f7:aa:09:cb:f8:c2:ff:23:0a:03:c5:df:35:0c:
                    d2:ba:41:f2:19:42:bc:c5:a6:7b:82:21:26:57:bb:
                    44:0a:5a:f2:7d:aa:f0:24:ef:91:0d:31:94:d8:f8:
                    6f:9f:8d:27:26:b4:f4:58:46:ea:a5:28:8b:5a:de:
                    b8:aa:73:82:88:89:c2:19:bf:b1:f6:e8:3c:71:f4:
                    13:60:1f:82:63:7d:6d:86:4e:82:cc:9f:a0:61:9e:
                    42:0f:fb:cd:e4:d3:ca:88:c3:a0:63:81:31:a0:54:
                    3f:7f:d4:4c:4c:92:af:f2:d0:84:5d:2e:41:58:3a:
                    99:8c:e6:81:d3:57:1a:88:71:ce:67:82:78:af:c1:
                    65:91:69:95:a2:9b:39:77:12:f3:4d:b2:04:6b:87:
                    0c:74:eb:b8:2d:c1:1f:47:fb:d7:c8:99:55:35:5c:
                    95:5f:bb:30:50:2a:ba:8b:52:56:ba:1b:45:81:b1:
                    cb:a9:93:2f:9c:08:ee:60:a4:92:d7:33:de:aa:df:
                    28:b0:30:03:89:af:1c:05:05:ca:58:e5:0a:00:29:
                    30:ac:f2:9c:d7:65:6a:b5:d5:ab:55:99:f6:04:e5:
                    20:7a:d2:9f:63:07:74:c8:4e:b3:13:b5:5a:4b:41:
                    b3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2B:44:6C:8C:77:40:78:0B:0C:0D:12:16:67:49:3B:AE:79:C1:19
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hitEbIx3QHgLDA0SFmdJO655wRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.96.0/19
                  185.96.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:43:6f:97:a0:c3:3e:d8:d9:e6:62:52:88:57:cf:4d:3f:a2:
         58:30:0b:ca:74:b3:2b:84:81:70:6c:5a:7d:f5:fe:c6:63:46:
         9e:3c:72:bc:bd:a1:70:38:e0:93:a9:41:07:4f:23:ac:89:f6:
         1c:f5:62:e5:6d:87:c6:26:83:0f:1d:d3:2a:cc:6d:af:5b:c9:
         e3:cc:e4:23:cf:4a:6f:86:03:df:e2:7c:77:c5:9c:02:3d:02:
         23:97:94:40:62:2f:72:b2:36:30:65:46:c4:57:fd:95:17:c5:
         40:6d:73:fb:2f:2b:ad:c1:cb:f2:1c:fb:70:25:f6:f9:2f:bc:
         ce:4a:a1:2f:ee:27:ca:8d:72:06:50:9e:71:b4:10:33:fb:4f:
         a9:f8:f3:56:77:60:64:4c:5e:4d:bd:7e:e0:6d:a1:76:f2:fa:
         ae:68:4c:03:d7:54:c5:39:d3:6d:44:de:f8:53:e4:82:62:52:
         bd:56:5f:23:83:05:a4:8c:7f:bc:77:ad:2e:95:ee:eb:3f:48:
         1a:f7:0c:32:cd:6d:10:85:31:70:4d:57:4f:10:2d:2c:fd:9b:
         23:7c:b1:a5:45:a0:89:a0:c2:f9:fb:89:da:b7:a1:9f:18:aa:
         01:28:82:c3:15:a9:f1:7a:55:f6:ad:d1:cb:14:6d:d7:e9:49:
         6a:b9:e1:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0q51leo0FpZURRi2qKokR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMzI2MTYwODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJiNDQ2YzhjNzc0MDc4MGIwYzBkMTIxNjY3NDkzYmFlNzljMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwBbmGp66BDpzdjObbFT96oJy/jC
/yMKA8XfNQzSukHyGUK8xaZ7giEmV7tEClryfarwJO+RDTGU2Phvn40nJrT0WEbq
pSiLWt64qnOCiInCGb+x9ug8cfQTYB+CY31thk6CzJ+gYZ5CD/vN5NPKiMOgY4Ex
oFQ/f9RMTJKv8tCEXS5BWDqZjOaB01caiHHOZ4J4r8FlkWmVops5dxLzTbIEa4cM
dOu4LcEfR/vXyJlVNVyVX7swUCq6i1JWuhtFgbHLqZMvnAjuYKSS1zPeqt8osDAD
ia8cBQXKWOUKACkwrPKc12VqtdWrVZn2BOUgetKfYwd0yE6zE7VaS0GzLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIYrRGyMd0B4CwwNEhZnSTuuecEZMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvaGl0RWJJeDNRSGdMREEwU0ZtZEpPNjU1d1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbWtgAwQC
uWAYMA0GCSqGSIb3DQEBCwUAA4IBAQCmQ2+XoMM+2NnmYlKIV89NP6JYMAvKdLMr
hIFwbFp99f7GY0aePHK8vaFwOOCTqUEHTyOsifYc9WLlbYfGJoMPHdMqzG2vW8nj
zOQjz0pvhgPf4nx3xZwCPQIjl5RAYi9ysjYwZUbEV/2VF8VAbXP7LyutwcvyHPtw
Jfb5L7zOSqEv7ifKjXIGUJ5xtBAz+0+p+PNWd2BkTF5NvX7gbaF28vquaEwD11TF
OdNtRN74U+SCYlK9Vl8jgwWkjH+8d60ule7rP0ga9wwyzW0QhTFwTVdPEC0s/Zsj
fLGlRaCJoML5+4nat6GfGKoBKILDFanxelX2rdHLFG3X6UlqueHO
-----END CERTIFICATE-----