Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2UtsQxOOLHCSQn3rhbOXJoX-Fsk.roa
File:                     2UtsQxOOLHCSQn3rhbOXJoX-Fsk.roa (raw, json)
Hash identifier:          MZzoZ/+fIBaKDfWi+BrrgbHh/EhFhaAhIAvCgV9Qweo=
Subject key identifier:   D9:4B:6C:43:13:8E:2C:70:92:42:7D:EB:85:B3:97:26:85:FE:16:C9
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019D2B2CEEBE9CC5CE8961B0CB3E169437BC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2UtsQxOOLHCSQn3rhbOXJoX-Fsk.roa
Signing time:             Thu 26 Mar 2026 17:24:18 +0000
ROA not before:           Thu 26 Mar 2026 17:24:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203963
IP address blocks:        195.211.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:2c:ee:be:9c:c5:ce:89:61:b0:cb:3e:16:94:37:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 26 17:24:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d94b6c43138e2c7092427deb85b3972685fe16c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:05:80:20:dc:c1:d8:a9:ba:24:76:c6:c2:74:
                    b0:23:bb:0e:2e:e3:d5:08:c4:93:96:04:5b:eb:b2:
                    87:16:0b:88:9a:0d:6c:44:83:d7:df:a0:e4:5b:7b:
                    7a:02:3e:a6:c9:0f:a0:13:fb:d8:e1:59:af:af:f6:
                    14:c1:f7:dd:d8:a3:76:76:8d:7b:1a:e8:e4:fb:09:
                    65:08:73:73:cb:dc:a3:c8:42:95:ad:42:13:8c:0a:
                    99:d4:8f:70:96:43:0c:6f:a8:8d:11:f8:fb:1e:dc:
                    cd:fe:76:41:3d:f8:d2:46:71:0e:ed:e4:13:b0:7c:
                    a8:c6:60:f1:db:7e:fb:03:4e:45:11:01:85:10:5d:
                    2f:f2:da:d7:21:88:9a:77:5d:94:2c:53:49:3f:de:
                    48:71:18:34:34:23:0c:bd:0e:9f:13:f2:51:77:3c:
                    5a:10:7a:47:81:15:f8:41:e2:a9:ac:6d:c6:97:78:
                    5c:b9:ee:23:7c:6d:37:4b:2f:07:fb:f4:e4:c1:d9:
                    b0:3a:be:2e:09:01:47:aa:1d:8e:f7:fa:0b:76:b7:
                    ce:10:5e:19:e8:d5:06:1e:dd:77:dd:be:62:2f:d7:
                    7d:1f:8c:a4:3c:7d:0e:0e:e6:8a:84:30:da:9a:40:
                    41:f9:97:a0:a6:58:59:d2:96:d3:b1:39:36:fd:f4:
                    70:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4B:6C:43:13:8E:2C:70:92:42:7D:EB:85:B3:97:26:85:FE:16:C9
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2UtsQxOOLHCSQn3rhbOXJoX-Fsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e6:4e:a9:59:81:ca:99:e2:72:37:93:aa:60:e0:13:ae:2d:
         c8:ec:43:88:95:b7:92:6f:5a:dd:df:58:e7:61:63:c6:d7:81:
         49:eb:af:fb:2e:0d:8e:79:67:bf:bf:4c:38:6e:56:8c:b5:07:
         1e:44:10:99:84:43:c5:95:9c:e8:bf:d5:f3:1c:7b:04:a3:f6:
         08:f6:04:d0:10:2d:ca:16:8f:7a:31:5d:78:5b:3b:8b:6c:a6:
         b2:c9:2d:cf:9f:82:d0:c5:54:e6:6e:f3:86:66:0b:8b:f0:1f:
         24:d5:82:2d:02:2a:1a:68:4b:f9:4b:97:86:8a:c1:f1:63:9a:
         b2:ba:ae:63:49:2a:b2:4d:cb:50:44:7f:5d:92:23:b5:a7:31:
         28:de:a1:e0:f2:cc:82:be:77:1e:c8:f4:ad:2e:b5:25:c9:a4:
         3c:0b:6e:87:29:21:d9:af:27:5a:17:51:7b:96:ea:ef:22:1c:
         49:e3:e4:50:b1:cf:a1:3f:d2:25:ab:5c:62:bb:93:41:d0:26:
         c2:f3:8e:96:99:28:95:c9:9f:fd:f7:2c:1f:6b:20:78:63:dc:
         c6:6b:d4:d1:6b:71:74:9c:b4:e4:52:6b:3a:f1:cb:1e:60:fd:
         2f:44:d4:7a:d8:ea:78:b8:57:8c:8a:d1:cf:4b:94:0b:35:57:
         84:cd:25:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0rLO6+nMXOiWGwyz4WlDe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMzI2MTcyNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRiNmM0MzEzOGUyYzcwOTI0MjdkZWI4NWIzOTcyNjg1ZmUxNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgWAINzB2Km6JHbGwnSwI7sOLuPV
CMSTlgRb67KHFguImg1sRIPX36DkW3t6Aj6myQ+gE/vY4Vmvr/YUwffd2KN2do17
Gujk+wllCHNzy9yjyEKVrUITjAqZ1I9wlkMMb6iNEfj7HtzN/nZBPfjSRnEO7eQT
sHyoxmDx2377A05FEQGFEF0v8trXIYiad12ULFNJP95IcRg0NCMMvQ6fE/JRdzxa
EHpHgRX4QeKprG3Gl3hcue4jfG03Sy8H+/TkwdmwOr4uCQFHqh2O9/oLdrfOEF4Z
6NUGHt133b5iL9d9H4ykPH0ODuaKhDDamkBB+ZegplhZ0pbTsTk2/fRwUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlLbEMTjixwkkJ964WzlyaF/hbJMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMlV0c1F4T09MSENTUW4zcmhiT1hKb1gtRnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9O8MA0G
CSqGSIb3DQEBCwUAA4IBAQA45k6pWYHKmeJyN5OqYOATri3I7EOIlbeSb1rd31jn
YWPG14FJ66/7Lg2OeWe/v0w4blaMtQceRBCZhEPFlZzov9XzHHsEo/YI9gTQEC3K
Fo96MV14WzuLbKayyS3Pn4LQxVTmbvOGZguL8B8k1YItAioaaEv5S5eGisHxY5qy
uq5jSSqyTctQRH9dkiO1pzEo3qHg8syCvnceyPStLrUlyaQ8C26HKSHZrydaF1F7
lurvIhxJ4+RQsc+hP9Ilq1xiu5NB0CbC846WmSiVyZ/99ywfayB4Y9zGa9TRa3F0
nLTkUms68cseYP0vRNR62Op4uFeMitHPS5QLNVeEzSX0
-----END CERTIFICATE-----