Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/g9DlwoPcP__m6NZqUMdk9BeZ8_s.roa
File:                     g9DlwoPcP__m6NZqUMdk9BeZ8_s.roa (raw, json)
Hash identifier:          kBEZ3OB5J/nHjPA7g4sqM3oE29ycmGA4VRa1os8i/Po=
Subject key identifier:   83:D0:E5:C2:83:DC:3F:FF:E6:E8:D6:6A:50:C7:64:F4:17:99:F3:FB
Certificate issuer:       /CN=d947b281348abdac24c2bd16da06775ca755f410
Certificate serial:       019D0002B0FE7453048126ADFA5A119042CA
Authority key identifier: D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/g9DlwoPcP__m6NZqUMdk9BeZ8_s.roa
Signing time:             Wed 18 Mar 2026 08:14:29 +0000
ROA not before:           Wed 18 Mar 2026 08:14:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        185.161.160.0/24 maxlen: 24
                          185.161.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:02:b0:fe:74:53:04:81:26:ad:fa:5a:11:90:42:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d947b281348abdac24c2bd16da06775ca755f410
        Validity
            Not Before: Mar 18 08:14:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83d0e5c283dc3fffe6e8d66a50c764f41799f3fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:42:b2:9a:0e:a8:a6:d6:1d:7f:66:72:94:2a:
                    ed:09:a6:8e:91:40:20:74:84:20:68:5c:9a:c9:0f:
                    de:33:38:b1:2b:6d:ec:c9:71:64:e5:46:86:5b:42:
                    06:8a:2e:b0:8f:33:83:a7:68:d7:11:89:65:4e:fa:
                    f1:bd:9e:6f:36:d4:64:98:4f:18:0b:78:49:e8:d0:
                    66:04:ff:3a:fe:62:df:b8:87:e9:ff:14:73:a9:ab:
                    f9:29:39:cc:b7:b7:1f:73:2f:49:be:22:e9:80:d8:
                    45:ce:f3:24:82:9f:66:a6:13:53:43:f3:d9:3f:82:
                    26:cd:e4:a8:6a:5a:bd:fb:58:72:ef:da:39:c4:ea:
                    65:03:71:10:5b:f4:1b:47:25:6b:5b:cc:20:09:1a:
                    20:9a:4e:f2:f4:c5:76:f3:ab:17:69:65:d1:d9:23:
                    40:98:80:38:49:fc:82:a3:dc:34:08:16:b5:a4:49:
                    fa:50:72:bc:56:ac:d9:6c:f5:02:e7:8e:34:f4:9a:
                    50:bf:14:26:a0:02:55:98:83:22:91:ff:c5:2f:6b:
                    7d:35:db:be:66:e8:49:56:df:98:3f:24:83:16:c2:
                    af:d1:6b:97:0c:52:6f:11:57:67:67:91:7d:4f:8b:
                    84:6e:0d:bb:c6:03:d1:10:9a:a8:2c:16:75:94:a5:
                    c2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D0:E5:C2:83:DC:3F:FF:E6:E8:D6:6A:50:C7:64:F4:17:99:F3:FB
            X509v3 Authority Key Identifier:
                keyid:D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/g9DlwoPcP__m6NZqUMdk9BeZ8_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:7b:5e:8f:96:c0:b5:60:e3:16:b6:70:30:02:a7:37:6f:61:
         c5:01:a3:ba:63:eb:67:5e:45:e6:92:81:06:65:41:fd:90:67:
         7f:d1:b3:93:a1:2b:2e:ab:a0:75:5f:78:aa:21:bd:1e:62:97:
         b6:1b:a2:a1:16:25:b9:7f:2b:d7:21:f6:20:e4:dd:c0:80:90:
         c6:cb:d8:3e:53:d5:34:72:c3:c3:ab:31:c3:ae:35:41:fa:bc:
         e6:77:e5:74:80:49:59:2c:4d:68:e5:6a:14:5d:1c:80:84:24:
         d7:44:f0:01:fc:b6:bf:d8:e1:5f:3d:7e:08:2d:a5:51:1c:2c:
         b9:31:28:96:6a:3b:35:3f:b8:95:69:9b:a5:d5:ce:c9:28:04:
         97:2c:0f:73:07:3b:b2:78:9c:09:41:db:7a:c0:0a:ba:2f:8c:
         95:a7:8e:02:1d:a5:86:54:10:e5:e6:0c:46:d6:4c:3d:95:c1:
         67:2e:1b:1a:bc:8b:04:4e:13:50:b7:3d:78:23:57:eb:86:4e:
         48:15:49:fe:be:fd:21:70:b9:d9:40:4d:dc:78:94:ce:c6:12:
         e3:4d:3e:d7:c6:d4:56:6b:b1:8c:3f:a1:83:80:ab:a0:d3:c0:
         9a:0c:36:dc:93:38:18:9c:3d:01:99:42:66:1e:da:c3:95:65:
         dc:ae:7c:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AArD+dFMEgSat+loRkELKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDdiMjgxMzQ4YWJkYWMyNGMyYmQxNmRhMDY3NzVjYTc1
NWY0MTAwHhcNMjYwMzE4MDgxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2QwZTVjMjgzZGMzZmZmZTZlOGQ2NmE1MGM3NjRmNDE3OTlmM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUKymg6optYdf2ZylCrtCaaOkUAg
dIQgaFyayQ/eMzixK23syXFk5UaGW0IGii6wjzODp2jXEYllTvrxvZ5vNtRkmE8Y
C3hJ6NBmBP86/mLfuIfp/xRzqav5KTnMt7cfcy9JviLpgNhFzvMkgp9mphNTQ/PZ
P4ImzeSoalq9+1hy79o5xOplA3EQW/QbRyVrW8wgCRogmk7y9MV286sXaWXR2SNA
mIA4SfyCo9w0CBa1pEn6UHK8VqzZbPUC54409JpQvxQmoAJVmIMikf/FL2t9Ndu+
ZuhJVt+YPySDFsKv0WuXDFJvEVdnZ5F9T4uEbg27xgPREJqoLBZ1lKXCrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPQ5cKD3D//5ujWalDHZPQXmfP7MB8GA1UdIwQY
MBaAFNlHsoE0ir2sJMK9FtoGd1ynVfQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYt
NjZhYzBkYmE1YmYyLzEvZzlEbHdvUGNQX19tNk5acVVNZGs5QmVaOF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYtNjZhYzBkYmE1YmYy
LzEvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaGgMA0G
CSqGSIb3DQEBCwUAA4IBAQCPe16PlsC1YOMWtnAwAqc3b2HFAaO6Y+tnXkXmkoEG
ZUH9kGd/0bOToSsuq6B1X3iqIb0eYpe2G6KhFiW5fyvXIfYg5N3AgJDGy9g+U9U0
csPDqzHDrjVB+rzmd+V0gElZLE1o5WoUXRyAhCTXRPAB/La/2OFfPX4ILaVRHCy5
MSiWajs1P7iVaZul1c7JKASXLA9zBzuyeJwJQdt6wAq6L4yVp44CHaWGVBDl5gxG
1kw9lcFnLhsavIsEThNQtz14I1frhk5IFUn+vv0hcLnZQE3ceJTOxhLjTT7XxtRW
a7GMP6GDgKug08CaDDbckzgYnD0BmUJmHtrDlWXcrnx6
-----END CERTIFICATE-----