Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/RXuM8IAV9dKlB2EmQJTkf2N4B2Y.roa
File:                     RXuM8IAV9dKlB2EmQJTkf2N4B2Y.roa (raw, json)
Hash identifier:          WD8pAbNOanv690TfIXURotgNnDP3a1P1ohNJm3tKlWc=
Subject key identifier:   45:7B:8C:F0:80:15:F5:D2:A5:07:61:26:40:94:E4:7F:63:78:07:66
Certificate issuer:       /CN=e96efdd112da8d975cb593aad1fe8840d6f08ae3
Certificate serial:       019B77C6E17C9EC81A57C9E03CA87960E6F4
Authority key identifier: E9:6E:FD:D1:12:DA:8D:97:5C:B5:93:AA:D1:FE:88:40:D6:F0:8A:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W790RLajZdctZOq0f6IQNbwiuM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/RXuM8IAV9dKlB2EmQJTkf2N4B2Y.roa
Signing time:             Thu 01 Jan 2026 04:18:01 +0000
ROA not before:           Thu 01 Jan 2026 04:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50720
IP address blocks:        193.105.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/6W790RLajZdctZOq0f6IQNbwiuM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/6W790RLajZdctZOq0f6IQNbwiuM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W790RLajZdctZOq0f6IQNbwiuM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 04:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e1:7c:9e:c8:1a:57:c9:e0:3c:a8:79:60:e6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96efdd112da8d975cb593aad1fe8840d6f08ae3
        Validity
            Not Before: Jan  1 04:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=457b8cf08015f5d2a50761264094e47f63780766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:e7:b8:31:dd:47:ca:56:20:2d:e1:3b:d8:
                    c5:77:33:28:3a:48:f1:d5:2e:3b:72:d1:71:81:b8:
                    89:69:6c:8a:67:9b:1e:32:2b:a3:6c:01:5f:02:4d:
                    32:1e:6d:94:4f:55:2d:75:32:d2:90:d2:03:19:d9:
                    e8:4a:7c:f6:b3:fb:7f:7e:6f:a3:78:2e:ed:0c:9e:
                    dd:76:75:8b:e6:82:75:2c:36:0a:33:45:2d:9f:4c:
                    82:80:08:9d:6e:80:ab:40:cf:aa:98:bc:65:e7:fb:
                    f1:21:81:f7:dc:69:63:38:e2:96:67:ae:25:e1:15:
                    36:03:a4:59:49:1a:bc:e3:3f:06:89:a9:a2:d4:47:
                    33:6e:48:78:c8:b5:bb:ec:98:a8:3e:ec:f5:f8:b8:
                    14:52:b9:d5:86:e6:ab:46:da:4d:75:a3:a6:ae:0d:
                    3c:01:a0:1c:c0:d0:78:18:0b:6d:75:a6:23:ed:82:
                    cb:5c:78:fa:2a:39:dd:9a:e7:50:04:87:63:99:81:
                    b5:b1:06:82:4c:9c:78:65:e0:ff:24:81:ff:f3:9a:
                    82:d3:2f:7b:02:86:57:2a:5e:04:05:04:61:8f:60:
                    6a:99:ae:6f:b2:22:21:09:aa:69:ef:15:b7:c9:26:
                    69:c3:4a:13:c6:69:d6:90:7e:ff:8a:50:de:13:53:
                    97:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7B:8C:F0:80:15:F5:D2:A5:07:61:26:40:94:E4:7F:63:78:07:66
            X509v3 Authority Key Identifier:
                keyid:E9:6E:FD:D1:12:DA:8D:97:5C:B5:93:AA:D1:FE:88:40:D6:F0:8A:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W790RLajZdctZOq0f6IQNbwiuM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/RXuM8IAV9dKlB2EmQJTkf2N4B2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0aa9b7-0073-4685-aa7b-70771b55c2ab/1/6W790RLajZdctZOq0f6IQNbwiuM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:a5:f9:83:a1:e0:89:80:1f:d7:7a:ba:78:17:f9:76:c6:bf:
         22:6b:69:4b:c4:31:76:c2:99:2d:0f:00:ea:4b:43:e7:b6:79:
         0e:4b:41:e0:23:92:49:69:48:5e:6c:c0:a1:0c:35:09:66:ab:
         1f:49:9c:bf:4e:d2:e8:62:30:23:98:6c:57:da:67:81:56:df:
         0e:2f:5a:fc:0c:ec:98:5a:94:c4:fa:23:32:cb:04:5d:24:e1:
         5b:22:48:77:f0:f0:58:1c:b2:d1:36:97:d1:c4:4b:77:26:d8:
         9b:d5:66:9f:05:40:dc:53:64:49:a2:1b:96:fc:4d:4d:ab:e8:
         68:55:13:8a:b1:03:97:97:9e:97:ed:f2:3b:e0:e1:33:28:8c:
         67:c1:c1:41:1e:c7:09:a2:40:8c:23:fc:a8:57:dc:87:04:2f:
         77:78:55:5d:32:6b:60:53:a0:45:f9:08:f2:41:6c:d3:96:db:
         18:8e:c0:a5:b2:eb:4c:bd:49:ba:63:83:41:9f:e1:86:f7:d8:
         0d:ae:4b:c8:86:e8:a0:a8:7b:19:b7:4d:4c:95:0f:bf:16:e9:
         52:ea:1e:5e:68:31:a7:b8:b7:ff:85:27:5b:28:35:8a:d0:ad:
         18:94:9c:17:41:bb:fd:b2:50:e2:fe:f6:b6:89:1d:be:aa:b6:
         c5:ac:46:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xuF8nsgaV8ngPKh5YOb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NmVmZGQxMTJkYThkOTc1Y2I1OTNhYWQxZmU4ODQwZDZm
MDhhZTMwHhcNMjYwMTAxMDQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTdiOGNmMDgwMTVmNWQyYTUwNzYxMjY0MDk0ZTQ3ZjYzNzgwNzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf/nuDHdR8pWIC3hO9jFdzMoOkjx
1S47ctFxgbiJaWyKZ5seMiujbAFfAk0yHm2UT1UtdTLSkNIDGdnoSnz2s/t/fm+j
eC7tDJ7ddnWL5oJ1LDYKM0Utn0yCgAidboCrQM+qmLxl5/vxIYH33GljOOKWZ64l
4RU2A6RZSRq84z8Giami1Eczbkh4yLW77JioPuz1+LgUUrnVhuarRtpNdaOmrg08
AaAcwNB4GAttdaYj7YLLXHj6KjndmudQBIdjmYG1sQaCTJx4ZeD/JIH/85qC0y97
AoZXKl4EBQRhj2Bqma5vsiIhCapp7xW3ySZpw0oTxmnWkH7/ilDeE1OX1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEV7jPCAFfXSpQdhJkCU5H9jeAdmMB8GA1UdIwQY
MBaAFOlu/dES2o2XXLWTqtH+iEDW8IrjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlc3OTBSTGFqWmRjdFpPcTBmNklRTmJ3aXVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wYWE5YjctMDA3My00Njg1LWFhN2It
NzA3NzFiNTVjMmFiLzEvUlh1TThJQVY5ZEtsQjJFbVFKVGtmMk40QjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wYWE5YjctMDA3My00Njg1LWFhN2ItNzA3NzFiNTVjMmFi
LzEvNlc3OTBSTGFqWmRjdFpPcTBmNklRTmJ3aXVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWnNMA0G
CSqGSIb3DQEBCwUAA4IBAQCJpfmDoeCJgB/Xerp4F/l2xr8ia2lLxDF2wpktDwDq
S0PntnkOS0HgI5JJaUhebMChDDUJZqsfSZy/TtLoYjAjmGxX2meBVt8OL1r8DOyY
WpTE+iMyywRdJOFbIkh38PBYHLLRNpfRxEt3Jtib1WafBUDcU2RJohuW/E1Nq+ho
VROKsQOXl56X7fI74OEzKIxnwcFBHscJokCMI/yoV9yHBC93eFVdMmtgU6BF+Qjy
QWzTltsYjsClsutMvUm6Y4NBn+GG99gNrkvIhuigqHsZt01MlQ+/FulS6h5eaDGn
uLf/hSdbKDWK0K0YlJwXQbv9slDi/va2iR2+qrbFrEba
-----END CERTIFICATE-----