Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kBL0dvnZh0Wm_DrpvhiXOqKLu9Q.roa
File:                     kBL0dvnZh0Wm_DrpvhiXOqKLu9Q.roa (raw, json)
Hash identifier:          i7bgqNqTrrWyd6ImtcYzOl6TQh43Or0j+UiKeGWDlqs=
Subject key identifier:   90:12:F4:76:F9:D9:87:45:A6:FC:3A:E9:BE:18:97:3A:A2:8B:BB:D4
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019E1E637CD23812CEDA12547C55720DB54F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kBL0dvnZh0Wm_DrpvhiXOqKLu9Q.roa
Signing time:             Tue 12 May 2026 22:51:36 +0000
ROA not before:           Tue 12 May 2026 22:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     835
IP address blocks:        92.42.200.0/24 maxlen: 24
                          153.76.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1e:63:7c:d2:38:12:ce:da:12:54:7c:55:72:0d:b5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: May 12 22:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9012f476f9d98745a6fc3ae9be18973aa28bbbd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d4:e8:fc:be:c2:13:26:16:1d:70:8b:a6:28:
                    8e:91:93:66:d3:d1:ba:d2:4c:50:18:99:ed:2e:cd:
                    d1:a4:22:65:04:60:a1:18:b9:76:a7:95:2b:a9:c7:
                    bd:c5:5d:a7:0f:9b:cc:01:9b:7e:db:75:58:a0:4d:
                    b8:99:53:ca:87:0a:8c:4b:94:02:74:43:fd:c7:9c:
                    91:97:5a:6a:5a:68:0d:e7:4c:f0:ab:77:cd:b3:4b:
                    36:91:43:39:09:4e:71:1e:05:36:26:86:e9:5d:72:
                    72:e3:32:91:2c:3b:fd:72:fa:13:b4:70:59:34:c0:
                    51:1e:d9:ed:b5:d4:59:9b:e8:00:40:c8:c4:6b:93:
                    22:b5:01:c3:87:d3:af:5c:97:18:27:8a:ce:d3:f9:
                    dc:50:1f:5f:b3:15:44:de:fc:e7:ad:ff:e9:eb:34:
                    de:69:bb:14:f7:76:80:93:d7:d8:80:c7:5c:b1:0b:
                    e0:e3:51:42:1e:0e:36:48:f4:98:c4:6c:ce:00:54:
                    5a:75:66:09:d9:57:38:d4:2a:7d:4d:bd:a9:f8:94:
                    e0:0f:5e:2c:c9:ed:41:92:88:f6:29:81:08:fc:cc:
                    f1:25:a7:89:19:3b:0e:58:f2:3b:67:39:c5:b5:a0:
                    2f:85:7d:cf:63:37:2b:f3:9b:a9:f5:7a:3c:2b:8d:
                    eb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:12:F4:76:F9:D9:87:45:A6:FC:3A:E9:BE:18:97:3A:A2:8B:BB:D4
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kBL0dvnZh0Wm_DrpvhiXOqKLu9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.200.0/24
                  153.76.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:03:a3:e4:dd:a8:68:b8:cc:ca:d1:76:a0:97:1a:54:f5:9e:
         51:75:fa:2a:58:68:34:26:24:96:9e:61:81:ba:db:ff:8e:e2:
         43:ab:bb:49:32:bb:17:b0:f8:51:a1:cb:51:cb:f2:21:5c:25:
         8d:55:4b:91:4b:a3:84:a3:0a:89:91:45:f6:0a:97:c8:96:54:
         2e:dc:d0:39:a8:20:8b:41:18:d3:03:8c:af:33:0f:4d:e5:b6:
         ee:f5:fa:37:49:59:d5:e2:e6:7c:59:29:13:32:9a:25:97:11:
         50:54:9d:38:b3:88:4d:56:86:c4:73:6b:d3:66:44:be:c4:c7:
         d3:f9:01:e6:2b:f7:7b:25:b2:51:da:ed:45:df:16:e8:05:f6:
         81:f9:91:fa:b2:5e:5d:03:57:f6:5f:11:2a:7d:eb:6c:5a:e3:
         79:0a:2b:2c:df:0b:1c:45:b2:da:f9:1a:4b:25:b8:3c:26:c7:
         58:8b:d5:17:23:98:97:a5:32:19:20:30:d0:2e:e3:fd:0d:72:
         32:e5:c1:2f:bc:31:bf:6a:e8:55:cf:ea:8b:31:3f:55:72:4d:
         fa:d0:58:b0:54:27:70:60:30:75:86:65:ba:c0:51:53:c7:76:
         ff:db:06:56:5a:b2:69:4e:78:aa:ad:17:57:4c:b1:50:3f:d4:
         5d:34:bb:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4eY3zSOBLO2hJUfFVyDbVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwNTEyMjI1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDEyZjQ3NmY5ZDk4NzQ1YTZmYzNhZTliZTE4OTczYWEyOGJiYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NTo/L7CEyYWHXCLpiiOkZNm09G6
0kxQGJntLs3RpCJlBGChGLl2p5Urqce9xV2nD5vMAZt+23VYoE24mVPKhwqMS5QC
dEP9x5yRl1pqWmgN50zwq3fNs0s2kUM5CU5xHgU2JobpXXJy4zKRLDv9cvoTtHBZ
NMBRHtnttdRZm+gAQMjEa5MitQHDh9OvXJcYJ4rO0/ncUB9fsxVE3vznrf/p6zTe
absU93aAk9fYgMdcsQvg41FCHg42SPSYxGzOAFRadWYJ2Vc41Cp9Tb2p+JTgD14s
ye1Bkoj2KYEI/MzxJaeJGTsOWPI7ZznFtaAvhX3PYzcr85up9Xo8K43rLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJAS9Hb52YdFpvw66b4Ylzqii7vUMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEva0JMMGR2blpoMFdtX0RycHZoaVhPcUtMdTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXCrIAwQA
mUwAMA0GCSqGSIb3DQEBCwUAA4IBAQAbA6Pk3ahouMzK0XaglxpU9Z5RdfoqWGg0
JiSWnmGButv/juJDq7tJMrsXsPhRoctRy/IhXCWNVUuRS6OEowqJkUX2CpfIllQu
3NA5qCCLQRjTA4yvMw9N5bbu9fo3SVnV4uZ8WSkTMpollxFQVJ04s4hNVobEc2vT
ZkS+xMfT+QHmK/d7JbJR2u1F3xboBfaB+ZH6sl5dA1f2XxEqfetsWuN5Ciss3wsc
RbLa+RpLJbg8JsdYi9UXI5iXpTIZIDDQLuP9DXIy5cEvvDG/auhVz+qLMT9Vck36
0FiwVCdwYDB1hmW6wFFTx3b/2wZWWrJpTniqrRdXTLFQP9RdNLvX
-----END CERTIFICATE-----