Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/7bBHOcNwDnwZJ6YaYv_6xdsyouM.roa
File:                     7bBHOcNwDnwZJ6YaYv_6xdsyouM.roa (raw, json)
Hash identifier:          7SGEZ6qx5LLpqwvHPETEDB5uw6VETAaUc9wbHEWyh9g=
Subject key identifier:   ED:B0:47:39:C3:70:0E:7C:19:27:A6:1A:62:FF:FA:C5:DB:32:A2:E3
Certificate issuer:       /CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
Certificate serial:       019D2A55C67B3940944B317A83A330387373
Authority key identifier: A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/7bBHOcNwDnwZJ6YaYv_6xdsyouM.roa
Signing time:             Thu 26 Mar 2026 13:29:17 +0000
ROA not before:           Thu 26 Mar 2026 13:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44275
IP address blocks:        185.25.252.0/22 maxlen: 22
                          185.169.188.0/23 maxlen: 24
                          185.169.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:55:c6:7b:39:40:94:4b:31:7a:83:a3:30:38:73:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
        Validity
            Not Before: Mar 26 13:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edb04739c3700e7c1927a61a62fffac5db32a2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b7:25:ae:61:be:e2:52:03:89:96:c5:4f:8e:
                    85:ca:8a:f4:a8:a1:26:ee:fd:2c:31:e4:b2:bf:a1:
                    ab:7e:e6:e6:be:8d:91:ab:72:59:98:33:e9:c1:12:
                    ae:00:e2:8d:5c:2a:3e:44:b6:ed:5a:1c:37:e8:62:
                    d7:d9:e0:4a:84:5c:e6:56:b0:5d:b6:37:a1:dd:2d:
                    fa:4b:f8:b5:7e:82:d3:30:b4:fb:e7:c3:b2:f5:f5:
                    df:3e:35:c1:45:1e:46:13:6b:96:99:29:b4:39:8c:
                    cb:e4:de:11:09:21:c5:91:c0:9b:e0:7e:50:0d:54:
                    56:1a:3e:93:bf:14:81:5f:fd:09:01:98:9d:17:2b:
                    c5:ac:0c:c4:ca:66:84:7c:2c:52:86:a8:11:43:fa:
                    49:00:55:48:a7:34:f2:5f:88:00:0f:31:a0:94:d9:
                    6f:1a:33:88:27:54:fd:b5:04:f9:fc:31:05:ac:7a:
                    da:39:23:92:7b:cb:78:de:83:07:6d:f5:c8:21:f1:
                    e6:5e:61:7d:6c:60:7e:10:e3:cc:52:9f:45:f4:bd:
                    f8:2f:5f:5a:3c:64:eb:1c:5a:bb:1d:fe:ab:a2:82:
                    36:ac:a0:3f:81:a8:cf:bb:14:be:f5:16:5c:ee:85:
                    89:9e:82:21:65:99:e3:55:f4:21:12:09:b8:44:cc:
                    ab:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B0:47:39:C3:70:0E:7C:19:27:A6:1A:62:FF:FA:C5:DB:32:A2:E3
            X509v3 Authority Key Identifier:
                keyid:A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/7bBHOcNwDnwZJ6YaYv_6xdsyouM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.252.0/22
                  185.169.188.0-185.169.190.255

    Signature Algorithm: sha256WithRSAEncryption
         31:67:e7:3f:b4:82:04:2c:e3:a4:ed:88:7f:54:d5:a1:8d:69:
         56:0a:b3:e8:a2:a2:ba:87:1b:60:ff:b5:86:6e:e2:bf:fe:aa:
         38:9d:0b:54:03:44:3b:30:ac:59:49:f6:57:3c:65:f7:dd:23:
         22:40:dc:43:82:34:9d:4d:15:47:28:0b:45:7a:24:87:0c:13:
         70:ce:33:4a:87:54:35:76:ad:d7:c8:8d:e7:18:ab:b1:66:fb:
         b0:65:16:e5:f7:7a:af:7e:b1:36:80:9b:78:a7:2b:9d:6a:11:
         01:e5:be:11:23:71:2a:77:5b:62:af:73:61:67:c2:f3:a2:e9:
         68:ae:fe:48:63:5e:02:62:bf:2b:17:57:88:c1:bc:73:a7:55:
         ce:1b:5d:78:62:38:79:51:4a:f8:89:46:59:a9:e5:77:23:42:
         cb:1c:d2:71:1d:08:4b:42:15:5a:cf:36:bc:0c:b4:fb:b2:9d:
         42:50:83:4c:13:25:52:12:d9:8d:a6:9c:dc:cb:c3:a1:ef:34:
         70:01:02:f8:60:f0:6c:42:17:de:c6:1f:9e:14:11:a2:69:65:
         a0:9b:cd:ad:94:61:4b:f8:9d:6d:5d:df:4f:89:6d:2c:88:57:
         a1:d5:06:aa:28:a9:18:c3:32:76:28:64:63:a6:eb:67:ad:01:
         b8:1e:ff:98
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0qVcZ7OUCUSzF6g6MwOHNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY2NmNiMGU1NDk2MTE2ZWI3YWU2NzE0ZDkwNTUzMDli
YTY5YWMwHhcNMjYwMzI2MTMyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIwNDczOWMzNzAwZTdjMTkyN2E2MWE2MmZmZmFjNWRiMzJhMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LclrmG+4lIDiZbFT46Fyor0qKEm
7v0sMeSyv6Grfubmvo2Rq3JZmDPpwRKuAOKNXCo+RLbtWhw36GLX2eBKhFzmVrBd
tjeh3S36S/i1foLTMLT758Oy9fXfPjXBRR5GE2uWmSm0OYzL5N4RCSHFkcCb4H5Q
DVRWGj6TvxSBX/0JAZidFyvFrAzEymaEfCxShqgRQ/pJAFVIpzTyX4gADzGglNlv
GjOIJ1T9tQT5/DEFrHraOSOSe8t43oMHbfXIIfHmXmF9bGB+EOPMUp9F9L34L19a
PGTrHFq7Hf6rooI2rKA/gajPuxS+9RZc7oWJnoIhZZnjVfQhEgm4RMyrPQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFO2wRznDcA58GSemGmL/+sXbMqLjMB8GA1UdIwQY
MBaAFKS2ZssOVJYRbreuZxTZBVMJummsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEt
YjUzNjgzMzBiYWYyLzEvN2JCSE9jTndEbndaSjZZYVl2XzZ4ZHN5b3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEtYjUzNjgzMzBiYWYy
LzEvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuRn8MAwD
BAK5qbwDBAC5qb4wDQYJKoZIhvcNAQELBQADggEBADFn5z+0ggQs46TtiH9U1aGN
aVYKs+iiorqHG2D/tYZu4r/+qjidC1QDRDswrFlJ9lc8ZffdIyJA3EOCNJ1NFUco
C0V6JIcME3DOM0qHVDV2rdfIjecYq7Fm+7BlFuX3eq9+sTaAm3inK51qEQHlvhEj
cSp3W2Kvc2FnwvOi6Wiu/khjXgJivysXV4jBvHOnVc4bXXhiOHlRSviJRlmp5Xcj
Qssc0nEdCEtCFVrPNrwMtPuynUJQg0wTJVIS2Y2mnNzLw6HvNHABAvhg8GxCF97G
H54UEaJpZaCbza2UYUv4nW1d30+JbSyIV6HVBqooqRjDMnYoZGOm62etAbge/5g=
-----END CERTIFICATE-----