Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dB9y9NXHRGDihToFWJj3kOF520g.roa
File:                     dB9y9NXHRGDihToFWJj3kOF520g.roa (raw, json)
Hash identifier:          +QeVC90ylkQXUnfyPacjU+rAtfxswm1fJWGwysKuF1Q=
Subject key identifier:   74:1F:72:F4:D5:C7:44:60:E2:85:3A:05:58:98:F7:90:E1:79:DB:48
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019EDAFC01B1D8075BFCA1A20646A3A202D7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dB9y9NXHRGDihToFWJj3kOF520g.roa
Signing time:             Thu 18 Jun 2026 13:46:48 +0000
ROA not before:           Thu 18 Jun 2026 13:46:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        192.124.177.0/24 maxlen: 24
                          193.124.89.0/24 maxlen: 24
                          193.124.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 07:46:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:fc:01:b1:d8:07:5b:fc:a1:a2:06:46:a3:a2:02:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 18 13:46:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=741f72f4d5c74460e2853a055898f790e179db48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:70:41:bf:bf:47:48:8b:6b:82:21:71:a1:
                    6f:43:37:1b:37:3f:4a:2c:c6:ee:bc:73:fe:e1:da:
                    f5:00:2f:1e:dc:5a:d4:8e:03:cf:ae:b1:01:0d:50:
                    55:3c:e0:2d:70:f8:05:6b:6f:d0:57:30:28:fd:cd:
                    59:77:69:6b:b1:0d:db:14:ea:e8:33:7d:de:76:e1:
                    46:5f:3a:be:2f:e7:b2:c8:59:b1:ee:b2:a8:90:73:
                    df:49:41:d8:75:a5:8d:9e:c9:9d:4c:c5:5c:4e:dd:
                    89:5d:62:39:b4:9e:51:25:8d:51:c8:ba:fd:ae:c4:
                    1f:9b:30:0b:0a:fc:5e:4b:14:f4:29:1c:bb:42:95:
                    f7:b1:70:a4:55:fa:e0:ea:f3:cc:54:77:82:3f:7e:
                    f3:d5:a8:73:e0:f9:ef:5c:7e:ee:98:63:2b:b0:43:
                    dd:88:0d:29:d5:a2:10:2e:c8:e1:6e:72:3f:57:9e:
                    d5:96:ab:77:3c:7a:e7:6a:5a:f7:c2:8d:3c:32:7a:
                    24:3e:bb:cb:3f:bf:43:83:7a:c1:4b:1e:dc:ac:53:
                    35:e2:4f:3e:89:f5:ef:8a:bb:6e:dc:c6:aa:58:63:
                    d2:80:44:1c:3b:5b:e0:af:de:04:95:73:9d:e3:76:
                    66:6a:3c:23:d9:08:fa:69:4d:a0:9e:e7:fb:fa:1d:
                    75:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1F:72:F4:D5:C7:44:60:E2:85:3A:05:58:98:F7:90:E1:79:DB:48
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dB9y9NXHRGDihToFWJj3kOF520g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.177.0/24
                  193.124.89.0/24
                  193.124.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:2c:fc:10:4a:da:cf:bf:01:26:3b:2d:ac:25:24:43:13:08:
         12:8e:a6:64:74:93:19:f6:04:f4:a4:91:57:a7:6b:f7:5a:b2:
         dc:b2:1b:f3:7a:6a:96:c5:ec:0f:58:e8:c1:18:e1:9d:b8:cc:
         29:bd:57:1f:bf:d6:ca:72:cd:26:29:2a:36:dc:c4:d8:0c:bd:
         4e:03:4f:43:62:e8:b3:5f:4e:a9:ef:fd:6f:82:23:3b:50:99:
         f0:d4:d5:dd:00:cc:c3:08:a2:17:d0:c7:91:d9:c4:1b:ee:9d:
         ad:a8:a3:23:fa:db:26:99:1c:72:72:49:e0:55:cd:e9:ca:44:
         8e:e9:72:3f:6a:6a:11:d1:99:31:a6:96:92:74:16:a8:d8:d1:
         91:9d:92:7b:3a:ab:8f:05:a1:66:b7:67:04:ec:de:6f:19:59:
         12:f0:38:61:fb:33:b2:ce:2b:b5:1f:69:97:01:98:7f:6d:09:
         46:c0:ea:c2:79:c5:49:60:93:83:98:c6:4b:18:a1:df:6a:ff:
         54:9a:38:6e:1f:b3:f4:88:73:4f:1a:06:bd:b6:ed:b2:8f:31:
         fe:ef:a9:f1:f5:a6:00:d5:85:3b:a3:79:58:14:2f:62:60:7f:
         e5:5c:94:a7:b8:79:6d:10:35:fb:2a:ae:bc:c4:0b:70:a9:4b:
         d4:a6:1c:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7a/AGx2Adb/KGiBkajogLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjE4MTM0NjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFmNzJmNGQ1Yzc0NDYwZTI4NTNhMDU1ODk4Zjc5MGUxNzlkYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzlwQb+/R0iLa4IhcaFvQzcbNz9K
LMbuvHP+4dr1AC8e3FrUjgPPrrEBDVBVPOAtcPgFa2/QVzAo/c1Zd2lrsQ3bFOro
M33eduFGXzq+L+eyyFmx7rKokHPfSUHYdaWNnsmdTMVcTt2JXWI5tJ5RJY1RyLr9
rsQfmzALCvxeSxT0KRy7QpX3sXCkVfrg6vPMVHeCP37z1ahz4PnvXH7umGMrsEPd
iA0p1aIQLsjhbnI/V57Vlqt3PHrnalr3wo08MnokPrvLP79Dg3rBSx7crFM14k8+
ifXvirtu3MaqWGPSgEQcO1vgr94ElXOd43Zmajwj2Qj6aU2gnuf7+h11eQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHQfcvTVx0Rg4oU6BViY95DhedtIMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZEI5eTlOWEhSR0RpaFRvRldKajNrT0Y1MjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwHyxAwQA
wXxZAwQAwXziMA0GCSqGSIb3DQEBCwUAA4IBAQBRLPwQStrPvwEmOy2sJSRDEwgS
jqZkdJMZ9gT0pJFXp2v3WrLcshvzemqWxewPWOjBGOGduMwpvVcfv9bKcs0mKSo2
3MTYDL1OA09DYuizX06p7/1vgiM7UJnw1NXdAMzDCKIX0MeR2cQb7p2tqKMj+tsm
mRxyckngVc3pykSO6XI/amoR0ZkxppaSdBao2NGRnZJ7OquPBaFmt2cE7N5vGVkS
8Dhh+zOyziu1H2mXAZh/bQlGwOrCecVJYJODmMZLGKHfav9UmjhuH7P0iHNPGga9
tu2yjzH+76nx9aYA1YU7o3lYFC9iYH/lXJSnuHltEDX7Kq68xAtwqUvUphxl
-----END CERTIFICATE-----