Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/Cw_CJ5OIoHGbk_LBH69lh1CZovM.roa
File:                     Cw_CJ5OIoHGbk_LBH69lh1CZovM.roa (raw, json)
Hash identifier:          yuy/Yr+PAF0sScRAiUSYVsMjWEF5R7acxEyN+jKmOa4=
Subject key identifier:   0B:0F:C2:27:93:88:A0:71:9B:93:F2:C1:1F:AF:65:87:50:99:A2:F3
Certificate issuer:       /CN=c5ee963f82a0fb0866d42553b3378597d9f3ef68
Certificate serial:       019CD9B1723752FC52811D61C897BCA2F085
Authority key identifier: C5:EE:96:3F:82:A0:FB:08:66:D4:25:53:B3:37:85:97:D9:F3:EF:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xe6WP4Kg-whm1CVTszeFl9nz72g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/Cw_CJ5OIoHGbk_LBH69lh1CZovM.roa
Signing time:             Tue 10 Mar 2026 21:40:10 +0000
ROA not before:           Tue 10 Mar 2026 21:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211814
IP address blocks:        188.125.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/xe6WP4Kg-whm1CVTszeFl9nz72g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/xe6WP4Kg-whm1CVTszeFl9nz72g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xe6WP4Kg-whm1CVTszeFl9nz72g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d9:b1:72:37:52:fc:52:81:1d:61:c8:97:bc:a2:f0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5ee963f82a0fb0866d42553b3378597d9f3ef68
        Validity
            Not Before: Mar 10 21:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b0fc2279388a0719b93f2c11faf65875099a2f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7a:2a:95:19:5d:cd:33:49:71:58:db:1d:23:
                    48:63:2f:7d:fe:13:65:bf:9a:58:ba:87:4c:46:25:
                    d1:c0:6f:e8:8b:87:14:3f:c4:54:de:77:3b:d2:7b:
                    68:27:88:f9:4a:30:26:ba:f8:ff:7a:2d:76:29:ff:
                    92:83:02:5a:e1:a9:41:bd:60:2e:da:a3:bc:43:ec:
                    0a:ba:c5:52:05:36:bb:04:36:ca:ad:1e:b5:83:bc:
                    8f:00:a8:76:45:e2:c7:c5:f0:f6:d8:de:c3:31:1b:
                    19:1d:84:f8:fa:f0:4a:78:38:c3:a5:12:d8:ac:73:
                    48:52:4f:55:a0:c6:32:ae:b9:a7:cf:c9:80:8b:db:
                    71:36:3e:8a:04:2a:96:df:6b:00:c2:92:2e:1f:ac:
                    f9:4f:27:88:1d:79:b3:55:6f:31:4f:bb:86:e5:54:
                    c3:06:43:48:ce:76:68:de:84:ed:c2:d3:c5:30:05:
                    de:6f:0e:2d:a9:62:30:af:f3:3e:c6:60:82:8f:c5:
                    c8:6c:5c:63:c0:f7:ae:f6:12:f9:7d:75:6c:01:fd:
                    f0:73:45:7a:e9:62:7e:1c:2c:5e:e6:b3:67:5a:ca:
                    59:17:7e:b9:6d:95:8b:c4:5f:4d:dc:77:8e:17:28:
                    e9:d0:29:91:4e:87:b2:d7:6d:0f:ed:e8:8f:45:18:
                    14:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0F:C2:27:93:88:A0:71:9B:93:F2:C1:1F:AF:65:87:50:99:A2:F3
            X509v3 Authority Key Identifier:
                keyid:C5:EE:96:3F:82:A0:FB:08:66:D4:25:53:B3:37:85:97:D9:F3:EF:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xe6WP4Kg-whm1CVTszeFl9nz72g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/Cw_CJ5OIoHGbk_LBH69lh1CZovM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/83d246-740d-4b01-9020-db5aa577c3af/1/xe6WP4Kg-whm1CVTszeFl9nz72g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:06:c4:d1:67:40:d4:3b:6f:4d:8f:00:03:5f:3e:01:6c:00:
         12:4d:c1:20:1a:6f:e1:1e:4d:57:08:4d:9b:3d:d9:f2:ef:fd:
         d6:97:06:bd:95:53:70:9f:4f:52:4c:51:49:a9:fa:08:2a:fd:
         89:75:66:6c:18:c3:81:cf:ee:29:5d:0a:af:e8:f5:58:01:5d:
         af:f5:b6:14:c6:2a:f4:5c:d4:a4:4f:4e:1f:87:3e:93:f7:db:
         df:37:61:0e:89:9f:55:65:de:07:bf:81:af:1c:47:af:c9:cc:
         05:a9:35:5a:60:3b:89:e8:95:4a:e1:55:bb:51:2f:29:9a:71:
         61:8a:49:dc:89:59:d7:73:01:17:c5:20:ed:17:d3:43:05:a4:
         aa:53:8d:ae:d5:97:48:a8:50:9b:9b:f3:51:c1:2e:ab:a7:82:
         0a:d5:f7:1e:88:2f:e8:93:99:ff:b5:56:58:fe:02:5a:7e:f7:
         b2:40:60:ef:9b:f8:2c:9d:f3:d4:84:5c:e1:ef:51:3d:63:cd:
         1e:be:d4:19:06:f9:41:2d:1d:e8:de:e9:16:d8:6a:c9:23:a2:
         9f:1e:4f:b0:78:e0:10:cf:7a:a4:26:84:55:36:05:bf:ae:ae:
         8d:80:7f:8e:59:9c:af:34:1c:23:a9:5a:85:4f:ad:59:28:4b:
         37:cf:67:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzZsXI3UvxSgR1hyJe8ovCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZWU5NjNmODJhMGZiMDg2NmQ0MjU1M2IzMzc4NTk3ZDlm
M2VmNjgwHhcNMjYwMzEwMjE0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjBmYzIyNzkzODhhMDcxOWI5M2YyYzExZmFmNjU4NzUwOTlhMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3oqlRldzTNJcVjbHSNIYy99/hNl
v5pYuodMRiXRwG/oi4cUP8RU3nc70ntoJ4j5SjAmuvj/ei12Kf+SgwJa4alBvWAu
2qO8Q+wKusVSBTa7BDbKrR61g7yPAKh2ReLHxfD22N7DMRsZHYT4+vBKeDjDpRLY
rHNIUk9VoMYyrrmnz8mAi9txNj6KBCqW32sAwpIuH6z5TyeIHXmzVW8xT7uG5VTD
BkNIznZo3oTtwtPFMAXebw4tqWIwr/M+xmCCj8XIbFxjwPeu9hL5fXVsAf3wc0V6
6WJ+HCxe5rNnWspZF365bZWLxF9N3HeOFyjp0CmRToey120P7eiPRRgU7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsPwieTiKBxm5PywR+vZYdQmaLzMB8GA1UdIwQY
MBaAFMXulj+CoPsIZtQlU7M3hZfZ8+9oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGU2V1A0S2ctd2htMUNWVHN6ZUZsOW56NzJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84M2QyNDYtNzQwZC00YjAxLTkwMjAt
ZGI1YWE1NzdjM2FmLzEvQ3dfQ0o1T0lvSEdia19MQkg2OWxoMUNab3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84M2QyNDYtNzQwZC00YjAxLTkwMjAtZGI1YWE1NzdjM2Fm
LzEveGU2V1A0S2ctd2htMUNWVHN6ZUZsOW56NzJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2qMA0G
CSqGSIb3DQEBCwUAA4IBAQATBsTRZ0DUO29NjwADXz4BbAASTcEgGm/hHk1XCE2b
Pdny7/3Wlwa9lVNwn09STFFJqfoIKv2JdWZsGMOBz+4pXQqv6PVYAV2v9bYUxir0
XNSkT04fhz6T99vfN2EOiZ9VZd4Hv4GvHEevycwFqTVaYDuJ6JVK4VW7US8pmnFh
iknciVnXcwEXxSDtF9NDBaSqU42u1ZdIqFCbm/NRwS6rp4IK1fceiC/ok5n/tVZY
/gJafveyQGDvm/gsnfPUhFzh71E9Y80evtQZBvlBLR3o3ukW2GrJI6KfHk+weOAQ
z3qkJoRVNgW/rq6NgH+OWZyvNBwjqVqFT61ZKEs3z2cO
-----END CERTIFICATE-----