Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/CliA-0RCmBP5jjI5h8D48sPOGV0.roa
File:                     CliA-0RCmBP5jjI5h8D48sPOGV0.roa (raw, json)
Hash identifier:          hBPxznJHy10l61DTuSBXzJlYWq1lSf/i2dX6tg2v1PI=
Subject key identifier:   0A:58:80:FB:44:42:98:13:F9:8E:32:39:87:C0:F8:F2:C3:CE:19:5D
Certificate issuer:       /CN=375619200ec963d194a8018d4163d778a5cb526a
Certificate serial:       019DC4172D8AF166B2BDDB6DC4E7512086BA
Authority key identifier: 37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/CliA-0RCmBP5jjI5h8D48sPOGV0.roa
Signing time:             Sat 25 Apr 2026 10:02:26 +0000
ROA not before:           Sat 25 Apr 2026 10:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199738
IP address blocks:        213.173.12.0/24 maxlen: 24
                          2a13:8040::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 14:27:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c4:17:2d:8a:f1:66:b2:bd:db:6d:c4:e7:51:20:86:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375619200ec963d194a8018d4163d778a5cb526a
        Validity
            Not Before: Apr 25 10:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a5880fb44429813f98e323987c0f8f2c3ce195d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:64:eb:ad:bf:97:16:ba:36:51:54:b2:54:f2:
                    d3:85:1b:c5:6e:48:4c:36:1e:35:f5:25:9c:d7:e6:
                    f6:8f:04:89:f0:91:06:de:ea:6c:1d:bb:77:69:d9:
                    2e:cf:71:d4:2e:85:2c:bd:e4:82:db:2e:06:98:c7:
                    98:be:ca:4b:84:ee:be:86:4e:c5:32:21:38:54:97:
                    b1:01:25:45:fb:f0:fe:97:d9:b8:f2:0b:c2:81:49:
                    40:96:12:17:92:d2:fd:ac:38:ad:f8:b4:1f:7f:40:
                    86:ff:67:27:91:ed:d2:03:24:9e:42:a8:e9:d2:3e:
                    f8:db:e5:28:6b:ef:ae:30:4b:0d:43:f5:21:8d:aa:
                    5b:ca:c1:cb:49:2e:11:ce:7a:73:ac:eb:c6:6c:0b:
                    33:a1:93:23:1b:f4:4c:8d:d0:04:b0:00:30:40:48:
                    b3:cc:4d:af:8d:44:6c:d3:b1:98:03:bf:14:bd:d2:
                    ec:43:6a:6a:b8:59:36:cf:0d:b0:79:5f:58:11:f7:
                    aa:e9:58:c1:6b:a9:8a:3d:41:87:42:5f:26:26:ad:
                    cd:c7:4e:b5:ad:52:d7:7a:6a:51:76:22:4b:b6:91:
                    1c:41:26:fe:6b:e2:60:d4:49:04:bb:a2:8c:bd:b2:
                    98:32:21:51:01:1b:32:24:0b:26:ee:a9:08:fe:1a:
                    39:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:58:80:FB:44:42:98:13:F9:8E:32:39:87:C0:F8:F2:C3:CE:19:5D
            X509v3 Authority Key Identifier:
                keyid:37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/CliA-0RCmBP5jjI5h8D48sPOGV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.12.0/24
                IPv6:
                  2a13:8040::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:67:b6:25:7e:f5:ff:3e:95:7b:bb:8c:e9:92:c7:a3:53:08:
         26:99:05:d6:74:bc:e5:da:6d:42:89:30:27:f0:0c:f0:3c:67:
         d3:4c:bc:b0:0e:f1:52:ba:96:30:56:19:a4:96:4d:fa:a3:de:
         48:46:87:ab:59:28:83:47:77:6d:73:d5:ba:6d:e5:70:fc:a3:
         cf:41:62:fd:65:cb:be:b8:56:04:81:bc:3e:58:5b:01:0b:76:
         31:b3:f9:f8:c6:8c:eb:30:d3:75:cc:5a:04:c3:ea:90:68:e3:
         33:ed:bf:ad:98:d2:6d:48:e2:b6:67:f3:a1:b2:c6:46:0c:c0:
         8a:59:09:71:d1:84:8e:07:9e:30:cf:4f:74:76:60:d4:ed:1d:
         9f:10:b5:3e:08:69:b0:a1:96:dd:40:07:23:9d:b0:db:83:0f:
         77:aa:92:6b:07:bf:cd:e6:df:de:67:de:ed:eb:90:09:71:a8:
         ff:0c:8d:0a:82:dc:79:56:fb:2d:30:77:3d:a1:9e:0c:69:2d:
         14:b4:e7:8d:15:d3:b7:da:c5:ba:1d:c9:33:3a:6d:22:a6:d6:
         6d:90:f9:ed:d6:9e:60:72:09:e8:22:f5:24:f9:67:d7:cc:6c:
         3a:17:30:e7:f8:92:23:a6:d4:b5:f0:38:2b:22:e3:64:f9:0b:
         21:a1:d2:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3EFy2K8WayvdttxOdRIIa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTYxOTIwMGVjOTYzZDE5NGE4MDE4ZDQxNjNkNzc4YTVj
YjUyNmEwHhcNMjYwNDI1MTAwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU4ODBmYjQ0NDI5ODEzZjk4ZTMyMzk4N2MwZjhmMmMzY2UxOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2Trrb+XFro2UVSyVPLThRvFbkhM
Nh419SWc1+b2jwSJ8JEG3upsHbt3adkuz3HULoUsveSC2y4GmMeYvspLhO6+hk7F
MiE4VJexASVF+/D+l9m48gvCgUlAlhIXktL9rDit+LQff0CG/2cnke3SAySeQqjp
0j742+Uoa++uMEsNQ/UhjapbysHLSS4RznpzrOvGbAszoZMjG/RMjdAEsAAwQEiz
zE2vjURs07GYA78UvdLsQ2pquFk2zw2weV9YEfeq6VjBa6mKPUGHQl8mJq3Nx061
rVLXempRdiJLtpEcQSb+a+Jg1EkEu6KMvbKYMiFRARsyJAsm7qkI/ho5pwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFApYgPtEQpgT+Y4yOYfA+PLDzhldMB8GA1UdIwQY
MBaAFDdWGSAOyWPRlKgBjUFj13ily1JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgt
MmVkZDIxNzgzNzAzLzEvQ2xpQS0wUkNtQlA1ampJNWg4RDQ4c1BPR1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgtMmVkZDIxNzgzNzAz
LzEvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1a0MMA0E
AgACMAcDBQAqE4BAMA0GCSqGSIb3DQEBCwUAA4IBAQCAZ7YlfvX/PpV7u4zpksej
UwgmmQXWdLzl2m1CiTAn8AzwPGfTTLywDvFSupYwVhmklk36o95IRoerWSiDR3dt
c9W6beVw/KPPQWL9Zcu+uFYEgbw+WFsBC3Yxs/n4xozrMNN1zFoEw+qQaOMz7b+t
mNJtSOK2Z/OhssZGDMCKWQlx0YSOB54wz090dmDU7R2fELU+CGmwoZbdQAcjnbDb
gw93qpJrB7/N5t/eZ97t65AJcaj/DI0Kgtx5VvstMHc9oZ4MaS0UtOeNFdO32sW6
HckzOm0iptZtkPnt1p5gcgnoIvUk+WfXzGw6FzDn+JIjptS18DgrIuNk+QshodKe
-----END CERTIFICATE-----