Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/ieAH2GAdM25ypMYzPHz7HAjF8k8.roa
File:                     ieAH2GAdM25ypMYzPHz7HAjF8k8.roa (raw, json)
Hash identifier:          qDhC0OHMg4VVe7cqbWIjTimnpwIwAeQISg7rF/taRDE=
Subject key identifier:   89:E0:07:D8:60:1D:33:6E:72:A4:C6:33:3C:7C:FB:1C:08:C5:F2:4F
Certificate issuer:       /CN=c53f4388aadf0ae4ff5ee7bd37263c9f1e8467c7
Certificate serial:       019DFC3DF54B2CF112F9F1BF88F89821335D
Authority key identifier: C5:3F:43:88:AA:DF:0A:E4:FF:5E:E7:BD:37:26:3C:9F:1E:84:67:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/ieAH2GAdM25ypMYzPHz7HAjF8k8.roa
Signing time:             Wed 06 May 2026 07:43:31 +0000
ROA not before:           Wed 06 May 2026 07:43:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20845
IP address blocks:        176.226.0.0/18 maxlen: 24
                          176.226.64.0/18 maxlen: 24
                          2a0a:f641::/33 maxlen: 48
                          2a0a:f641:8000::/33 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:3d:f5:4b:2c:f1:12:f9:f1:bf:88:f8:98:21:33:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53f4388aadf0ae4ff5ee7bd37263c9f1e8467c7
        Validity
            Not Before: May  6 07:43:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89e007d8601d336e72a4c6333c7cfb1c08c5f24f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:71:43:d7:1c:54:e3:d5:d3:77:61:6a:88:30:
                    be:37:ef:73:24:50:12:b0:1a:14:7f:5d:0f:d4:a5:
                    1a:65:87:01:35:e8:61:70:2d:3c:7a:3e:e1:b3:de:
                    cc:58:85:c5:b4:4b:ac:7a:ec:e8:8a:35:8b:9f:d8:
                    95:3a:32:ec:60:cb:98:50:90:aa:5d:30:a2:b7:22:
                    35:2a:ec:d8:9b:c5:54:bc:6e:f0:6f:50:68:45:08:
                    66:64:c2:35:64:bc:42:01:fc:0c:88:ec:b6:3c:8d:
                    b0:ea:01:f5:79:1a:70:e3:fa:18:01:43:79:03:5c:
                    e4:63:d3:ae:46:b8:80:47:4a:c2:cf:3c:95:12:51:
                    95:95:d6:b6:2c:b1:3e:05:7a:1d:14:a6:45:63:da:
                    9c:40:90:1e:a6:5b:a9:9a:9f:4e:c1:76:1f:18:aa:
                    16:9d:51:95:5a:a6:a1:1e:22:ec:ca:ad:cb:28:5d:
                    15:00:5b:73:13:81:51:fa:f9:bc:09:00:0e:c9:7e:
                    c2:ff:d0:85:cb:05:9c:fc:1b:3d:9b:ab:1f:bf:76:
                    37:8e:5e:b9:8a:b2:f3:7c:56:99:81:c7:45:6d:af:
                    7e:2a:f9:17:4a:1d:a1:5d:c9:61:fd:45:58:05:3e:
                    c8:ec:93:af:e8:e5:85:53:fe:d1:aa:60:a7:26:08:
                    df:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E0:07:D8:60:1D:33:6E:72:A4:C6:33:3C:7C:FB:1C:08:C5:F2:4F
            X509v3 Authority Key Identifier:
                keyid:C5:3F:43:88:AA:DF:0A:E4:FF:5E:E7:BD:37:26:3C:9F:1E:84:67:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/ieAH2GAdM25ypMYzPHz7HAjF8k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ab55ce-75ff-439b-bcb5-dda350b11f02/1/xT9DiKrfCuT_Xue9NyY8nx6EZ8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.226.0.0/17
                IPv6:
                  2a0a:f641::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:44:11:63:da:4b:bf:4e:09:d4:57:e8:83:0d:14:b0:ca:0a:
         25:f1:20:40:38:e7:90:25:f2:5d:2e:ca:69:b3:c3:81:a9:ca:
         44:5c:7a:92:4f:e1:b0:0a:52:60:46:57:7e:1f:a6:93:7f:5a:
         88:50:0e:3e:83:3b:55:ab:97:c4:35:29:c7:a1:55:ca:79:a9:
         27:59:93:c7:b4:a4:a7:2b:09:da:e0:cc:d2:2c:9d:a2:3d:e5:
         cf:4e:40:3e:5d:8a:85:52:a0:b6:b7:87:71:af:41:d3:0d:1c:
         11:09:ac:a1:45:d3:18:6a:eb:bd:4a:d9:47:16:ee:59:e0:0c:
         2b:2a:79:43:0d:76:f8:8f:14:b4:8d:f9:d1:86:13:60:53:7c:
         22:94:f2:54:77:f7:d9:0a:ac:97:44:33:c2:e9:a1:8f:a7:44:
         b9:75:d3:bf:63:7a:81:3d:0e:9e:3b:b2:7b:b4:5a:b3:7b:54:
         de:0d:44:34:4e:b4:be:b4:86:9f:45:f1:bd:93:f1:be:a2:56:
         fd:e7:9d:b0:2b:be:3b:bd:39:19:bb:6e:ab:18:97:a1:e0:cf:
         d3:29:71:1b:cb:a7:bf:f7:50:1d:6f:1c:d6:5d:5a:74:be:0b:
         fe:e7:24:1f:06:12:ca:be:67:6a:8e:89:79:42:05:48:10:3f:
         b5:68:80:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ38PfVLLPES+fG/iPiYITNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2Y0Mzg4YWFkZjBhZTRmZjVlZTdiZDM3MjYzYzlmMWU4
NDY3YzcwHhcNMjYwNTA2MDc0MzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWUwMDdkODYwMWQzMzZlNzJhNGM2MzMzYzdjZmIxYzA4YzVmMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXFD1xxU49XTd2FqiDC+N+9zJFAS
sBoUf10P1KUaZYcBNehhcC08ej7hs97MWIXFtEuseuzoijWLn9iVOjLsYMuYUJCq
XTCityI1KuzYm8VUvG7wb1BoRQhmZMI1ZLxCAfwMiOy2PI2w6gH1eRpw4/oYAUN5
A1zkY9OuRriAR0rCzzyVElGVlda2LLE+BXodFKZFY9qcQJAeplupmp9OwXYfGKoW
nVGVWqahHiLsyq3LKF0VAFtzE4FR+vm8CQAOyX7C/9CFywWc/Bs9m6sfv3Y3jl65
irLzfFaZgcdFba9+KvkXSh2hXclh/UVYBT7I7JOv6OWFU/7RqmCnJgjfPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIngB9hgHTNucqTGMzx8+xwIxfJPMB8GA1UdIwQY
MBaAFMU/Q4iq3wrk/17nvTcmPJ8ehGfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFQ5RGlLcmZDdVRfWHVlOU55WThueDZFWjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hYjU1Y2UtNzVmZi00MzliLWJjYjUt
ZGRhMzUwYjExZjAyLzEvaWVBSDJHQWRNMjV5cE1ZelBIejdIQWpGOGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hYjU1Y2UtNzVmZi00MzliLWJjYjUtZGRhMzUwYjExZjAy
LzEveFQ5RGlLcmZDdVRfWHVlOU55WThueDZFWjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHsOIAMA0E
AgACMAcDBQAqCvZBMA0GCSqGSIb3DQEBCwUAA4IBAQBmRBFj2ku/TgnUV+iDDRSw
ygol8SBAOOeQJfJdLspps8OBqcpEXHqST+GwClJgRld+H6aTf1qIUA4+gztVq5fE
NSnHoVXKeaknWZPHtKSnKwna4MzSLJ2iPeXPTkA+XYqFUqC2t4dxr0HTDRwRCayh
RdMYauu9StlHFu5Z4AwrKnlDDXb4jxS0jfnRhhNgU3wilPJUd/fZCqyXRDPC6aGP
p0S5ddO/Y3qBPQ6eO7J7tFqze1TeDUQ0TrS+tIafRfG9k/G+olb9552wK747vTkZ
u26rGJeh4M/TKXEby6e/91AdbxzWXVp0vgv+5yQfBhLKvmdqjol5QgVIED+1aIDw
-----END CERTIFICATE-----