Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9JrqjDnRNtdMeigOg3aKIdy9xW4.roa
File:                     9JrqjDnRNtdMeigOg3aKIdy9xW4.roa (raw, json)
Hash identifier:          thh8iC8OyMIAzEG0DJvrrRXn/R7viIFoIJQg/hsRIbE=
Subject key identifier:   F4:9A:EA:8C:39:D1:36:D7:4C:7A:28:0E:83:76:8A:21:DC:BD:C5:6E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019C9557391E55C2B601B85C3ECE828B2DAD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9JrqjDnRNtdMeigOg3aKIdy9xW4.roa
Signing time:             Wed 25 Feb 2026 15:07:27 +0000
ROA not before:           Wed 25 Feb 2026 15:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        45.151.1.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Feb 2026 15:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:57:39:1e:55:c2:b6:01:b8:5c:3e:ce:82:8b:2d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Feb 25 15:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f49aea8c39d136d74c7a280e83768a21dcbdc56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a6:67:bc:79:3d:24:0d:96:76:b7:21:3a:d4:
                    80:2c:e3:0a:2c:2a:d0:c1:82:23:9d:2e:bf:72:22:
                    58:e2:e7:aa:b5:6a:21:3a:56:4b:eb:56:46:2b:17:
                    4d:b2:d0:70:7e:2e:db:85:b1:0a:49:c2:92:5c:72:
                    14:da:df:14:40:69:c7:38:52:fe:9b:33:f4:75:e5:
                    8a:d4:ff:eb:e0:fe:f0:5a:e6:6a:0a:c3:d4:b0:6e:
                    1d:65:04:f0:7c:08:2e:24:30:d7:19:aa:1a:59:4c:
                    aa:e5:21:ac:f1:b1:a1:10:20:7c:d1:74:d2:dd:4e:
                    4b:7f:60:1a:06:60:2a:4f:e3:7f:67:ef:54:7f:42:
                    c3:1f:de:31:98:47:f5:be:89:87:f8:b0:7c:75:e0:
                    46:81:99:db:5b:a6:89:9c:84:00:ca:28:c8:89:37:
                    b2:f2:05:cd:0a:59:c0:4e:be:da:ad:f3:f2:d7:a7:
                    7a:f8:03:0b:25:fe:2e:bd:83:79:45:92:bf:e1:a9:
                    07:be:27:b4:d7:75:95:d8:86:0a:51:16:54:d4:7e:
                    0e:bb:32:a2:c5:72:22:71:91:e1:77:48:55:1f:7c:
                    29:e4:1a:60:97:4e:51:17:77:b6:ef:65:52:9b:5b:
                    9d:8c:54:01:7d:86:0c:e1:df:d7:49:22:03:b8:91:
                    a5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:9A:EA:8C:39:D1:36:D7:4C:7A:28:0E:83:76:8A:21:DC:BD:C5:6E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9JrqjDnRNtdMeigOg3aKIdy9xW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.1.0/24
                  195.177.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:58:66:96:b7:64:de:82:0e:10:f8:5c:43:e2:a6:af:ae:2a:
         58:30:fa:07:58:54:fe:46:3d:7c:a6:f0:c4:41:a2:5a:bc:6b:
         1d:a5:5a:d1:4b:81:77:7f:b9:51:27:66:3f:7a:11:93:cb:20:
         5f:9d:24:13:93:0b:9c:47:34:0c:45:32:16:7d:e4:ca:65:52:
         44:b3:10:0c:82:8c:26:54:15:25:b0:60:a6:d2:95:02:e0:93:
         0c:18:21:92:d9:21:31:f8:c4:c3:e3:31:e9:56:46:29:ec:04:
         d7:fc:e1:01:00:17:aa:e7:31:c8:78:08:06:e2:44:88:c2:6c:
         d2:53:d6:30:e9:59:01:d0:ca:19:fc:cd:9a:f1:90:e7:76:04:
         0d:72:f2:2a:5b:1f:45:9f:f7:d7:82:4d:df:68:19:4f:25:4c:
         e8:b8:73:49:52:23:a2:b0:ae:19:f1:2d:d8:bc:f0:e8:24:66:
         70:64:29:9e:68:69:33:11:43:d6:0a:99:8d:a3:e1:74:bf:ca:
         22:e9:b7:3a:50:69:27:38:12:a1:ba:6d:cb:77:8b:f1:05:62:
         46:10:93:52:22:2c:0b:9b:c2:80:b6:62:9f:b5:62:4d:35:c7:
         f1:67:e3:6e:d3:d1:b7:d3:92:2b:bc:4a:07:cd:51:c9:30:62:
         35:67:95:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyVVzkeVcK2AbhcPs6Ciy2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMjI1MTUwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDlhZWE4YzM5ZDEzNmQ3NGM3YTI4MGU4Mzc2OGEyMWRjYmRjNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6ZnvHk9JA2WdrchOtSALOMKLCrQ
wYIjnS6/ciJY4ueqtWohOlZL61ZGKxdNstBwfi7bhbEKScKSXHIU2t8UQGnHOFL+
mzP0deWK1P/r4P7wWuZqCsPUsG4dZQTwfAguJDDXGaoaWUyq5SGs8bGhECB80XTS
3U5Lf2AaBmAqT+N/Z+9Uf0LDH94xmEf1vomH+LB8deBGgZnbW6aJnIQAyijIiTey
8gXNClnATr7arfPy16d6+AMLJf4uvYN5RZK/4akHvie013WV2IYKURZU1H4OuzKi
xXIicZHhd0hVH3wp5Bpgl05RF3e272VSm1udjFQBfYYM4d/XSSIDuJGlRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPSa6ow50TbXTHooDoN2iiHcvcVuMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOUpycWpEblJOdGRNZWlnT2czYUtJZHk5eFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZcBAwQA
w7FdMA0GCSqGSIb3DQEBCwUAA4IBAQAFWGaWt2Tegg4Q+FxD4qavripYMPoHWFT+
Rj18pvDEQaJavGsdpVrRS4F3f7lRJ2Y/ehGTyyBfnSQTkwucRzQMRTIWfeTKZVJE
sxAMgowmVBUlsGCm0pUC4JMMGCGS2SEx+MTD4zHpVkYp7ATX/OEBABeq5zHIeAgG
4kSIwmzSU9Yw6VkB0MoZ/M2a8ZDndgQNcvIqWx9Fn/fXgk3faBlPJUzouHNJUiOi
sK4Z8S3YvPDoJGZwZCmeaGkzEUPWCpmNo+F0v8oi6bc6UGknOBKhum3Ld4vxBWJG
EJNSIiwLm8KAtmKftWJNNcfxZ+Nu09G305IrvEoHzVHJMGI1Z5X3
-----END CERTIFICATE-----