Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/iRgr7X1SNvsth1aRrCDBL64ZH5s.roa
File:                     iRgr7X1SNvsth1aRrCDBL64ZH5s.roa (raw, json)
Hash identifier:          WGlOgax3raOS8Gd35SURjjtaM33bu/0SNLIELz8luFI=
Subject key identifier:   89:18:2B:ED:7D:52:36:FB:2D:87:56:91:AC:20:C1:2F:AE:19:1F:9B
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019CB320A563B65457B9907B9727AD7AE4A0
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/iRgr7X1SNvsth1aRrCDBL64ZH5s.roa
Signing time:             Tue 03 Mar 2026 09:56:27 +0000
ROA not before:           Tue 03 Mar 2026 09:56:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        5.178.106.0/24 maxlen: 24
                          5.178.110.0/24 maxlen: 24
                          185.5.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 04:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:20:a5:63:b6:54:57:b9:90:7b:97:27:ad:7a:e4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar  3 09:56:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89182bed7d5236fb2d875691ac20c12fae191f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:17:75:5d:7f:28:79:71:1b:54:bf:36:b9:b3:
                    4d:5b:e9:2d:bb:6e:d1:a4:94:8a:69:3f:bb:4e:2c:
                    0a:79:bc:b8:60:71:13:e6:ff:30:7d:76:c4:fb:f8:
                    01:c9:03:c5:ee:4a:45:c0:93:73:e2:b4:6b:95:8b:
                    90:ed:e3:79:a9:47:86:34:0c:60:70:26:0a:8d:b9:
                    c2:9c:c4:5a:5a:10:3a:7f:34:6b:50:3a:0e:0f:e5:
                    3f:ba:49:6d:70:83:14:81:52:0c:2b:a0:5b:33:0d:
                    42:07:55:5d:65:2c:54:b5:83:b0:be:de:85:dd:cc:
                    d7:93:de:0b:6e:c8:46:e8:a5:bb:59:a9:e3:2e:f6:
                    7e:3e:4b:33:0a:6d:f7:ce:a1:74:04:7c:87:f2:82:
                    67:06:a9:c2:99:7d:02:b3:f6:2a:7c:3e:30:45:04:
                    12:28:47:8c:9c:c3:e9:34:15:b3:cf:f6:0f:51:4f:
                    8c:c2:2d:bf:9e:63:70:92:81:44:d4:42:bb:5b:57:
                    57:c3:25:3e:a9:54:d5:14:92:11:96:a7:f2:86:0c:
                    51:18:76:ab:c5:ff:70:fc:57:46:0a:ba:0d:00:06:
                    6d:65:db:11:a6:4b:31:40:c2:fc:e0:0c:24:ec:93:
                    7b:ba:c1:21:b4:3e:0c:cf:e4:bd:e1:c6:23:68:e1:
                    ea:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:18:2B:ED:7D:52:36:FB:2D:87:56:91:AC:20:C1:2F:AE:19:1F:9B
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/iRgr7X1SNvsth1aRrCDBL64ZH5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.106.0/24
                  5.178.110.0/24
                  185.5.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:53:65:9a:7b:87:78:26:d5:2b:8a:31:95:66:2d:2d:1a:60:
         f9:c6:a4:95:22:e4:2b:f9:72:7a:b4:8f:fe:11:41:6d:77:cc:
         12:19:29:2d:20:17:8c:fe:f6:a9:8e:b5:07:9d:bb:30:4a:23:
         d7:96:07:80:06:8a:19:8d:27:f6:5d:b8:b2:07:f2:fe:a4:a1:
         85:36:e2:7b:96:35:31:b3:d0:ae:85:3f:15:5e:e9:02:84:81:
         ae:81:c2:96:50:29:75:e0:2f:b9:c7:76:d4:70:39:95:32:48:
         9a:ab:8e:29:c7:f0:94:cc:e1:d9:37:6a:8f:d0:9c:d2:cd:75:
         82:38:3a:aa:0c:bf:b2:69:03:38:65:41:8f:67:d3:27:97:af:
         ca:75:bb:51:f6:04:3a:d2:f7:70:bc:cc:70:70:54:95:f8:b7:
         b4:cc:bb:e2:f6:3d:a3:fc:66:11:a3:73:f1:73:44:cd:66:b6:
         1b:97:fd:98:9b:e4:30:67:d9:2e:65:8d:71:fa:69:23:cf:18:
         1f:1b:82:b8:75:7a:1d:5e:8d:54:d3:e2:e8:22:90:c4:1c:de:
         3d:54:98:b5:2a:a5:d2:fb:bc:b1:50:bb:96:04:68:2f:d1:a3:
         1e:1e:f7:76:8b:6e:9d:32:5a:72:26:92:2f:51:26:74:ef:e0:
         2b:01:de:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyzIKVjtlRXuZB7lyeteuSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMzAzMDk1NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTE4MmJlZDdkNTIzNmZiMmQ4NzU2OTFhYzIwYzEyZmFlMTkxZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihd1XX8oeXEbVL82ubNNW+ktu27R
pJSKaT+7TiwKeby4YHET5v8wfXbE+/gByQPF7kpFwJNz4rRrlYuQ7eN5qUeGNAxg
cCYKjbnCnMRaWhA6fzRrUDoOD+U/ukltcIMUgVIMK6BbMw1CB1VdZSxUtYOwvt6F
3czXk94LbshG6KW7WanjLvZ+PkszCm33zqF0BHyH8oJnBqnCmX0Cs/YqfD4wRQQS
KEeMnMPpNBWzz/YPUU+Mwi2/nmNwkoFE1EK7W1dXwyU+qVTVFJIRlqfyhgxRGHar
xf9w/FdGCroNAAZtZdsRpksxQML84Awk7JN7usEhtD4Mz+S94cYjaOHqnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIkYK+19Ujb7LYdWkawgwS+uGR+bMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvaVJncjdYMVNOdnN0aDFhUnJDREJMNjRaSDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbJqAwQA
BbJuAwQAuQUnMA0GCSqGSIb3DQEBCwUAA4IBAQBEU2Wae4d4JtUrijGVZi0tGmD5
xqSVIuQr+XJ6tI/+EUFtd8wSGSktIBeM/vapjrUHnbswSiPXlgeABooZjSf2Xbiy
B/L+pKGFNuJ7ljUxs9CuhT8VXukChIGugcKWUCl14C+5x3bUcDmVMkiaq44px/CU
zOHZN2qP0JzSzXWCODqqDL+yaQM4ZUGPZ9Mnl6/KdbtR9gQ60vdwvMxwcFSV+Le0
zLvi9j2j/GYRo3Pxc0TNZrYbl/2Ym+QwZ9kuZY1x+mkjzxgfG4K4dXodXo1U0+Lo
IpDEHN49VJi1KqXS+7yxULuWBGgv0aMeHvd2i26dMlpyJpIvUSZ07+ArAd6f
-----END CERTIFICATE-----