Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/wPgKp0DInXEGWf_KqblgFa6hMEk.roa
File:                     wPgKp0DInXEGWf_KqblgFa6hMEk.roa (raw, json)
Hash identifier:          0rfdyCDjQOsaTQYwQErDbHcj+/13aKWJvVISeShUA3Y=
Subject key identifier:   C0:F8:0A:A7:40:C8:9D:71:06:59:FF:CA:A9:B9:60:15:AE:A1:30:49
Certificate issuer:       /CN=084b8fd5c0e9dd7cc731151fec90f917d51eb966
Certificate serial:       019DB4BA12F56968EC6F8B11DBF0ADAD8C1C
Authority key identifier: 08:4B:8F:D5:C0:E9:DD:7C:C7:31:15:1F:EC:90:F9:17:D5:1E:B9:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEuP1cDp3XzHMRUf7JD5F9UeuWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/wPgKp0DInXEGWf_KqblgFa6hMEk.roa
Signing time:             Wed 22 Apr 2026 10:26:26 +0000
ROA not before:           Wed 22 Apr 2026 10:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199442
IP address blocks:        185.201.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/CEuP1cDp3XzHMRUf7JD5F9UeuWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/CEuP1cDp3XzHMRUf7JD5F9UeuWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEuP1cDp3XzHMRUf7JD5F9UeuWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:ba:12:f5:69:68:ec:6f:8b:11:db:f0:ad:ad:8c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084b8fd5c0e9dd7cc731151fec90f917d51eb966
        Validity
            Not Before: Apr 22 10:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0f80aa740c89d710659ffcaa9b96015aea13049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d5:b0:80:52:0d:79:f4:a2:26:d0:ce:f3:cc:
                    13:96:3a:7a:b3:ee:dc:75:b2:70:37:7d:4f:83:9e:
                    c1:a6:6c:b8:f6:ed:7c:9d:20:35:83:c7:f2:0f:2c:
                    e5:a8:51:7b:4e:63:cd:38:cf:a6:77:59:5a:9c:39:
                    d5:f2:68:7d:fd:e4:71:88:49:80:f0:f8:91:81:28:
                    a7:94:fe:ef:b0:ec:59:78:b4:1b:37:cc:6d:c6:aa:
                    d4:59:49:5b:8e:73:39:0a:51:a8:27:3e:d4:b1:2a:
                    a8:c1:12:14:fb:20:ce:19:f4:3a:62:bc:e1:66:c7:
                    45:ec:60:d2:63:dc:f7:37:76:96:2f:27:33:0b:3e:
                    7a:20:68:3d:43:0d:56:f1:1c:1a:02:61:c3:d1:63:
                    13:02:2b:f3:6d:1c:c1:27:6d:52:03:2f:ac:9b:b4:
                    15:a9:d1:1a:d3:f5:7e:bc:07:d4:e7:40:21:2e:58:
                    3f:e1:4d:2b:be:a3:52:38:d5:5c:1a:c7:8d:9c:c3:
                    0d:d9:ad:5d:c0:82:6a:2e:32:90:21:77:ba:b9:4b:
                    c5:07:ca:46:aa:08:64:8f:f9:55:77:45:43:e0:f4:
                    72:56:17:74:35:bb:c8:ff:ea:4f:cf:46:fe:32:96:
                    ec:7d:49:87:b6:6b:a4:e0:96:2e:e8:49:78:7c:c1:
                    37:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:F8:0A:A7:40:C8:9D:71:06:59:FF:CA:A9:B9:60:15:AE:A1:30:49
            X509v3 Authority Key Identifier:
                keyid:08:4B:8F:D5:C0:E9:DD:7C:C7:31:15:1F:EC:90:F9:17:D5:1E:B9:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEuP1cDp3XzHMRUf7JD5F9UeuWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/wPgKp0DInXEGWf_KqblgFa6hMEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cbe9bd-da2b-429f-909a-64abf1228f38/1/CEuP1cDp3XzHMRUf7JD5F9UeuWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:e2:57:af:a0:c7:f7:43:b3:2e:49:aa:b9:73:46:1f:a8:a6:
         82:85:7f:e3:37:db:b9:ad:5e:f6:ec:be:30:3f:a0:d1:e1:4d:
         b3:d0:ee:34:cb:c9:d5:cc:06:ec:72:91:6b:b1:22:c7:3f:5a:
         46:74:6a:e5:64:d3:4f:29:61:13:85:15:60:73:7a:ff:dc:bd:
         28:78:7e:90:d0:0b:de:5e:29:7a:c3:d6:85:80:ee:c6:f5:3a:
         f2:24:ec:66:72:93:26:3b:c0:85:32:cf:5f:9e:c3:ab:82:07:
         75:d7:90:fa:ca:3b:bc:2a:76:80:c1:c5:b2:36:93:08:60:4b:
         3a:0e:67:c0:53:e0:99:92:f7:1d:34:c8:06:ee:ed:df:ca:cc:
         9f:ba:ba:4e:93:09:d6:15:5d:2a:06:27:4d:60:97:42:5d:52:
         11:02:3e:9b:b8:15:ac:9e:53:0b:90:03:be:45:a7:61:ca:c4:
         83:77:c8:d7:c0:98:5b:34:31:b3:44:bd:93:c6:89:60:23:a9:
         11:60:69:f2:26:13:7d:57:6d:6e:d4:ad:a0:62:0d:97:7b:21:
         e2:23:4b:02:ca:41:42:76:cd:5d:f5:ed:d9:f9:2e:f6:c4:f4:
         3f:24:5a:d1:82:73:74:d8:90:1a:0a:67:c9:f9:86:b6:13:7d:
         e7:cd:e8:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20uhL1aWjsb4sR2/CtrYwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NGI4ZmQ1YzBlOWRkN2NjNzMxMTUxZmVjOTBmOTE3ZDUx
ZWI5NjYwHhcNMjYwNDIyMTAyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGY4MGFhNzQwYzg5ZDcxMDY1OWZmY2FhOWI5NjAxNWFlYTEzMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNWwgFINefSiJtDO88wTljp6s+7c
dbJwN31Pg57Bpmy49u18nSA1g8fyDyzlqFF7TmPNOM+md1lanDnV8mh9/eRxiEmA
8PiRgSinlP7vsOxZeLQbN8xtxqrUWUlbjnM5ClGoJz7UsSqowRIU+yDOGfQ6Yrzh
ZsdF7GDSY9z3N3aWLyczCz56IGg9Qw1W8RwaAmHD0WMTAivzbRzBJ21SAy+sm7QV
qdEa0/V+vAfU50AhLlg/4U0rvqNSONVcGseNnMMN2a1dwIJqLjKQIXe6uUvFB8pG
qghkj/lVd0VD4PRyVhd0NbvI/+pPz0b+MpbsfUmHtmuk4JYu6El4fME3GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMD4CqdAyJ1xBln/yqm5YBWuoTBJMB8GA1UdIwQY
MBaAFAhLj9XA6d18xzEVH+yQ+RfVHrlmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0V1UDFjRHAzWHpITVJVZjdKRDVGOVVldVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYmU5YmQtZGEyYi00MjlmLTkwOWEt
NjRhYmYxMjI4ZjM4LzEvd1BnS3AwREluWEVHV2ZfS3FibGdGYTZoTUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYmU5YmQtZGEyYi00MjlmLTkwOWEtNjRhYmYxMjI4ZjM4
LzEvQ0V1UDFjRHAzWHpITVJVZjdKRDVGOVVldVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuclRMA0G
CSqGSIb3DQEBCwUAA4IBAQAh4levoMf3Q7MuSaq5c0YfqKaChX/jN9u5rV727L4w
P6DR4U2z0O40y8nVzAbscpFrsSLHP1pGdGrlZNNPKWEThRVgc3r/3L0oeH6Q0Ave
Xil6w9aFgO7G9TryJOxmcpMmO8CFMs9fnsOrggd115D6yju8KnaAwcWyNpMIYEs6
DmfAU+CZkvcdNMgG7u3fysyfurpOkwnWFV0qBidNYJdCXVIRAj6buBWsnlMLkAO+
RadhysSDd8jXwJhbNDGzRL2TxolgI6kRYGnyJhN9V21u1K2gYg2XeyHiI0sCykFC
ds1d9e3Z+S72xPQ/JFrRgnN02JAaCmfJ+Ya2E33nzein
-----END CERTIFICATE-----