Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/P9YT4wpleippbcH7ySs9yJhewoc.roa
File:                     P9YT4wpleippbcH7ySs9yJhewoc.roa (raw, json)
Hash identifier:          cSxqBMShQEu5xdePejl0TQuouUbtuQWYRC9Of5i3nxw=
Subject key identifier:   3F:D6:13:E3:0A:65:7A:2A:69:6D:C1:FB:C9:2B:3D:C8:98:5E:C2:87
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F23684E08A93C5CD5AA9A9A74C2ABACA2
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/P9YT4wpleippbcH7ySs9yJhewoc.roa
Signing time:             Thu 02 Jul 2026 15:17:45 +0000
ROA not before:           Thu 02 Jul 2026 15:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        86.110.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:4e:08:a9:3c:5c:d5:aa:9a:9a:74:c2:ab:ac:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fd613e30a657a2a696dc1fbc92b3dc8985ec287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ed:7d:cf:91:e0:fc:06:08:50:74:c2:72:98:
                    e6:a3:e0:f0:a7:02:43:04:42:f0:bc:e4:04:56:dd:
                    8c:f0:0c:d3:47:29:45:ec:c5:ad:04:72:6e:af:23:
                    77:3b:fd:56:02:6c:d9:1e:4d:1d:90:e5:7f:0d:8b:
                    d2:9c:04:4c:5b:22:b7:f8:12:51:0b:f1:ab:17:a3:
                    bb:76:de:4c:11:22:dd:a3:de:50:39:64:1e:3d:e5:
                    77:52:d7:46:cf:f3:97:b8:36:ce:fd:82:24:59:c9:
                    fa:aa:e1:25:c6:83:20:bd:88:7a:db:93:92:9c:48:
                    ba:b2:e3:00:11:7c:48:71:ba:92:c4:07:1b:55:85:
                    a4:b9:2b:16:97:b8:c2:ae:6c:62:e2:bd:90:e9:23:
                    42:60:eb:03:77:e3:cf:1e:17:a9:e1:ed:42:fb:8d:
                    d2:1c:e0:ee:fa:56:8f:0e:d1:da:90:f2:75:13:3b:
                    46:70:d3:e5:af:3d:d9:a8:4b:52:f8:a6:71:8a:06:
                    12:93:03:7d:66:34:87:8d:07:46:50:b9:58:57:9c:
                    73:8f:a9:ef:78:e8:e2:9e:be:ec:6b:26:df:f5:1f:
                    62:1a:46:e8:3f:5a:3e:ff:36:d9:cc:a2:bd:0f:4a:
                    5d:26:48:09:f2:00:5f:8c:bf:22:bb:49:ba:9b:82:
                    81:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D6:13:E3:0A:65:7A:2A:69:6D:C1:FB:C9:2B:3D:C8:98:5E:C2:87
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/P9YT4wpleippbcH7ySs9yJhewoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:65:b8:47:84:ea:ff:15:16:2f:7c:ec:cf:9b:9b:b5:a8:ab:
         34:c2:ae:b2:5a:4c:64:1c:a3:3a:4a:bd:48:4a:cb:af:c5:aa:
         da:aa:2d:ac:b6:a7:75:99:31:8b:cd:8d:36:7c:6c:3f:18:30:
         95:ae:13:de:c3:58:2a:d9:a3:f8:20:e7:9e:7d:10:64:f2:71:
         c0:34:f2:2d:bc:da:4b:50:a9:71:4f:02:7a:19:6c:74:89:f9:
         86:22:f3:0e:2b:79:37:73:0c:27:6f:f8:91:c5:e5:15:a0:98:
         6a:30:80:76:f2:5a:80:cd:e3:3e:b9:d4:f2:a6:9b:ba:1b:a6:
         22:79:0d:da:fb:4f:69:6c:d9:fd:9d:c6:bd:72:ed:81:e7:a4:
         4d:90:c9:f7:de:bb:81:ec:25:f0:68:f2:21:00:f2:f0:e9:b3:
         d0:49:57:c4:21:38:73:0a:27:a6:9b:ca:6f:2c:23:0d:83:b7:
         a4:14:c1:16:ce:b0:4d:83:38:da:1b:1c:0f:40:59:5e:35:f3:
         5a:35:2e:90:39:8a:f3:ad:44:cb:6e:5a:aa:e9:63:8f:20:c6:
         c6:88:2f:7f:0a:c6:ba:61:94:2d:89:e0:6a:76:4f:e2:d2:ff:
         d2:6e:ba:e8:1a:fd:14:a1:fd:04:0b:48:63:fa:28:c6:c5:d7:
         f9:d2:ae:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaE4IqTxc1aqamnTCq6yiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ2MTNlMzBhNjU3YTJhNjk2ZGMxZmJjOTJiM2RjODk4NWVjMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu19z5Hg/AYIUHTCcpjmo+DwpwJD
BELwvOQEVt2M8AzTRylF7MWtBHJuryN3O/1WAmzZHk0dkOV/DYvSnARMWyK3+BJR
C/GrF6O7dt5MESLdo95QOWQePeV3UtdGz/OXuDbO/YIkWcn6quElxoMgvYh625OS
nEi6suMAEXxIcbqSxAcbVYWkuSsWl7jCrmxi4r2Q6SNCYOsDd+PPHhep4e1C+43S
HODu+laPDtHakPJ1EztGcNPlrz3ZqEtS+KZxigYSkwN9ZjSHjQdGULlYV5xzj6nv
eOjinr7saybf9R9iGkboP1o+/zbZzKK9D0pdJkgJ8gBfjL8iu0m6m4KBgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/WE+MKZXoqaW3B+8krPciYXsKHMB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvUDlZVDR3cGxlaXBwYmNIN3lTczl5Smhld29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm45MA0G
CSqGSIb3DQEBCwUAA4IBAQA4ZbhHhOr/FRYvfOzPm5u1qKs0wq6yWkxkHKM6Sr1I
Ssuvxaraqi2stqd1mTGLzY02fGw/GDCVrhPew1gq2aP4IOeefRBk8nHANPItvNpL
UKlxTwJ6GWx0ifmGIvMOK3k3cwwnb/iRxeUVoJhqMIB28lqAzeM+udTyppu6G6Yi
eQ3a+09pbNn9nca9cu2B56RNkMn33ruB7CXwaPIhAPLw6bPQSVfEIThzCiemm8pv
LCMNg7ekFMEWzrBNgzjaGxwPQFleNfNaNS6QOYrzrUTLblqq6WOPIMbGiC9/Csa6
YZQtieBqdk/i0v/SbrroGv0Uof0EC0hj+ijGxdf50q7o
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:18:46 2026 by rpki-client