Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/rEkqT37Wg7xGvK0E26UkaDlqt8Y.roa
File:                     rEkqT37Wg7xGvK0E26UkaDlqt8Y.roa (raw, json)
Hash identifier:          jEmdv5SOTNmccDOtPtrJe7gyTYnVYMRBlL3PHng6MFc=
Subject key identifier:   AC:49:2A:4F:7E:D6:83:BC:46:BC:AD:04:DB:A5:24:68:39:6A:B7:C6
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DB4BAFE2E92DC820F256ED77EF92CF333
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/rEkqT37Wg7xGvK0E26UkaDlqt8Y.roa
Signing time:             Wed 22 Apr 2026 10:27:26 +0000
ROA not before:           Wed 22 Apr 2026 10:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14293
IP address blocks:        216.195.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:ba:fe:2e:92:dc:82:0f:25:6e:d7:7e:f9:2c:f3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 22 10:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac492a4f7ed683bc46bcad04dba52468396ab7c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c2:f4:c4:fa:bd:ef:f7:5e:62:14:86:e3:51:
                    4f:39:66:36:80:a4:77:6c:30:a0:aa:5c:f0:91:04:
                    9d:57:36:91:01:1b:2a:4b:59:95:11:79:f1:5c:9a:
                    0c:c5:f7:55:90:7e:8d:60:26:68:11:25:bd:1f:d0:
                    d8:dc:13:c1:c4:47:77:96:39:fa:d7:68:23:66:cb:
                    26:cd:75:8f:72:fe:ff:71:78:d0:d7:dc:df:e7:fd:
                    24:e3:6e:f7:c9:58:cc:43:f4:74:46:2d:a1:40:5e:
                    88:82:7a:5d:1f:d8:39:82:76:44:d5:a5:5e:1b:c1:
                    bb:fc:6e:52:1e:c2:a1:90:90:8b:99:c0:c7:70:27:
                    b2:80:2c:10:5f:80:53:1c:02:f3:dc:66:94:76:50:
                    28:d1:25:4c:c1:f1:1c:15:0e:1e:3f:b0:cb:62:e6:
                    59:08:86:ac:7c:7b:ae:5c:b5:94:aa:7b:1c:c7:34:
                    df:91:fd:86:82:01:dc:10:6c:69:d7:ef:de:e9:a1:
                    6f:c1:9f:37:ee:59:5d:0c:5a:d0:18:cc:26:ee:02:
                    a5:b4:98:6b:14:ad:ca:af:bf:cb:90:84:f6:5d:0e:
                    1d:4f:02:d5:9c:54:c6:88:41:3f:d7:7b:6a:60:87:
                    92:b1:88:29:ef:2e:f9:19:07:3e:9d:26:68:51:0e:
                    63:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:49:2A:4F:7E:D6:83:BC:46:BC:AD:04:DB:A5:24:68:39:6A:B7:C6
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/rEkqT37Wg7xGvK0E26UkaDlqt8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:0f:c8:23:d4:42:70:7a:de:f5:b0:6a:59:c8:41:26:e3:0a:
         35:a8:b0:e8:8d:eb:99:3a:07:68:3f:6b:30:c5:28:2a:2e:19:
         b6:59:e8:75:44:0c:a7:3a:ba:4b:e3:8b:b5:89:67:a1:7b:84:
         e7:ae:33:d0:1f:67:51:88:ce:64:61:c8:28:20:db:38:8a:65:
         1e:91:40:8a:97:c8:c9:84:3e:55:e4:45:a7:73:70:98:4d:cd:
         bd:93:51:c2:3f:b5:f0:7f:3e:a3:c0:4b:36:cb:41:9c:53:70:
         33:b6:36:f3:12:d4:d2:e1:77:13:73:97:94:4e:35:e3:f8:80:
         c8:bb:b8:95:ec:98:15:cd:e2:34:89:63:68:51:ae:ab:66:10:
         b0:f3:ca:61:df:1d:16:24:7a:19:f0:73:9a:a0:1b:3b:6a:6e:
         83:00:30:d6:d6:9c:25:d7:31:ce:ba:b7:f7:60:58:69:51:aa:
         02:48:ef:81:c7:a2:25:ad:e0:96:35:91:ff:43:2d:d9:9c:86:
         8b:49:cd:e1:96:4f:16:3d:8c:4d:66:d0:a5:2e:26:99:6d:67:
         3a:ea:f0:7c:ed:04:69:b9:4f:44:d6:2d:a5:d1:f0:ab:c7:ad:
         98:40:80:70:19:20:06:dc:66:9a:ad:c7:7b:7b:4f:d6:18:05:
         1f:dd:7c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20uv4uktyCDyVu1375LPMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIyMTAyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ5MmE0ZjdlZDY4M2JjNDZiY2FkMDRkYmE1MjQ2ODM5NmFiN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8L0xPq97/deYhSG41FPOWY2gKR3
bDCgqlzwkQSdVzaRARsqS1mVEXnxXJoMxfdVkH6NYCZoESW9H9DY3BPBxEd3ljn6
12gjZssmzXWPcv7/cXjQ19zf5/0k4273yVjMQ/R0Ri2hQF6IgnpdH9g5gnZE1aVe
G8G7/G5SHsKhkJCLmcDHcCeygCwQX4BTHALz3GaUdlAo0SVMwfEcFQ4eP7DLYuZZ
CIasfHuuXLWUqnscxzTfkf2GggHcEGxp1+/e6aFvwZ837lldDFrQGMwm7gKltJhr
FK3Kr7/LkIT2XQ4dTwLVnFTGiEE/13tqYIeSsYgp7y75GQc+nSZoUQ5jRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxJKk9+1oO8RrytBNulJGg5arfGMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvckVrcVQzN1dnN3hHdkswRTI2VWthRGxxdDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2MPHMA0G
CSqGSIb3DQEBCwUAA4IBAQC0D8gj1EJwet71sGpZyEEm4wo1qLDojeuZOgdoP2sw
xSgqLhm2Weh1RAynOrpL44u1iWehe4TnrjPQH2dRiM5kYcgoINs4imUekUCKl8jJ
hD5V5EWnc3CYTc29k1HCP7Xwfz6jwEs2y0GcU3AztjbzEtTS4XcTc5eUTjXj+IDI
u7iV7JgVzeI0iWNoUa6rZhCw88ph3x0WJHoZ8HOaoBs7am6DADDW1pwl1zHOurf3
YFhpUaoCSO+Bx6IlreCWNZH/Qy3ZnIaLSc3hlk8WPYxNZtClLiaZbWc66vB87QRp
uU9E1i2l0fCrx62YQIBwGSAG3Gaarcd7e0/WGAUf3XzQ
-----END CERTIFICATE-----