Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/CG9ohWuinT5B93Rnr5fGvMKn1vY.roa
File:                     CG9ohWuinT5B93Rnr5fGvMKn1vY.roa (raw, json)
Hash identifier:          PUMGIgV3wIfMf5d0ulCrvrKBPvAL6Ata0pqTX8puweA=
Subject key identifier:   08:6F:68:85:6B:A2:9D:3E:41:F7:74:67:AF:97:C6:BC:C2:A7:D6:F6
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019E3C42E1E2CB854DAF0145FE41979A1C0E
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/CG9ohWuinT5B93Rnr5fGvMKn1vY.roa
Signing time:             Mon 18 May 2026 18:04:36 +0000
ROA not before:           Mon 18 May 2026 18:04:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197607
IP address blocks:        94.137.70.0/23 maxlen: 23
                          94.137.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:42:e1:e2:cb:85:4d:af:01:45:fe:41:97:9a:1c:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: May 18 18:04:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=086f68856ba29d3e41f77467af97c6bcc2a7d6f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c0:2c:35:6d:24:c6:49:d5:78:ee:57:2f:db:
                    3f:7b:9a:7d:f1:fe:2b:69:02:d0:a5:bc:ab:3d:7d:
                    6f:c4:de:ae:94:bf:3f:66:a8:47:a4:8f:f5:38:26:
                    11:04:5f:34:d6:53:99:db:17:f2:c5:c5:43:14:49:
                    70:a9:49:cd:f5:a8:5c:c7:42:08:a4:7b:2c:b2:24:
                    51:61:be:70:d1:89:10:21:15:ff:ab:f6:90:00:b4:
                    55:86:86:e7:61:9d:53:20:4f:83:59:cd:c5:d6:dd:
                    aa:97:6a:fd:3d:48:f6:ab:7e:1f:ef:ff:3a:0c:43:
                    31:7e:28:34:2d:56:85:22:0e:97:cb:a5:84:32:d4:
                    7f:e1:72:1a:29:26:0f:a5:62:57:e0:ad:b6:ea:86:
                    1d:76:aa:5b:93:09:3f:ee:23:65:b4:1c:61:95:0f:
                    4f:d9:00:34:d3:b6:51:78:62:e2:96:12:a3:4a:01:
                    63:5a:0e:5a:e8:8d:2c:96:5a:a1:43:a2:00:63:2b:
                    c8:47:a9:e6:26:f5:6b:42:17:be:35:9b:bc:3f:05:
                    3c:f9:91:cb:1f:97:40:66:be:f2:16:ef:2d:d8:54:
                    b2:24:b2:f0:b9:2c:9a:85:59:7f:1d:77:59:62:5c:
                    3d:06:51:31:56:4d:e1:3e:c0:1a:7e:ec:b8:72:06:
                    0b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6F:68:85:6B:A2:9D:3E:41:F7:74:67:AF:97:C6:BC:C2:A7:D6:F6
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/CG9ohWuinT5B93Rnr5fGvMKn1vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.70.0/23
                  94.137.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:07:80:0f:ec:56:cc:48:d0:fa:0d:23:66:b1:d4:f0:67:eb:
         d6:d3:88:73:f1:0e:0c:45:38:ad:92:0c:cf:a6:6b:97:81:6b:
         00:df:d7:e9:48:ba:59:ae:6b:e1:e4:fb:cf:22:af:4c:ce:32:
         51:a8:b4:74:b3:7e:90:2e:6f:b2:95:f7:d4:9f:ba:bc:e2:38:
         e9:52:d7:7d:56:69:83:d3:2b:4c:e9:00:58:7d:0a:b9:71:50:
         bc:c2:aa:2c:de:3a:e9:ad:54:71:49:13:62:20:19:b1:39:c1:
         c3:01:bc:31:ab:0e:39:41:d7:21:4e:6f:4a:89:65:4d:0a:fa:
         f0:7f:39:68:17:1b:87:ae:2c:36:a2:1a:60:bf:21:1b:a5:31:
         f9:4f:cf:5c:ed:03:3c:e1:9d:36:45:0d:8d:f3:bf:f7:31:4d:
         68:6d:62:82:fb:4b:aa:2a:d4:1d:a4:9f:7c:c7:6d:81:81:90:
         d4:7f:53:5e:66:94:0c:46:c9:5f:9b:b3:a5:c3:d3:a2:6f:72:
         a3:2c:21:21:ee:24:c7:7a:36:74:e4:2b:24:e7:b5:af:7c:2e:
         c9:23:ec:38:49:90:e6:c1:00:b1:97:e7:10:03:c5:09:4e:7b:
         5e:df:dd:88:19:2c:99:61:75:65:97:92:0f:22:e5:df:ec:b0:
         9e:b4:b6:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ48QuHiy4VNrwFF/kGXmhwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjYwNTE4MTgwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZmNjg4NTZiYTI5ZDNlNDFmNzc0NjdhZjk3YzZiY2MyYTdkNmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMAsNW0kxknVeO5XL9s/e5p98f4r
aQLQpbyrPX1vxN6ulL8/ZqhHpI/1OCYRBF801lOZ2xfyxcVDFElwqUnN9ahcx0II
pHsssiRRYb5w0YkQIRX/q/aQALRVhobnYZ1TIE+DWc3F1t2ql2r9PUj2q34f7/86
DEMxfig0LVaFIg6Xy6WEMtR/4XIaKSYPpWJX4K226oYddqpbkwk/7iNltBxhlQ9P
2QA007ZReGLilhKjSgFjWg5a6I0sllqhQ6IAYyvIR6nmJvVrQhe+NZu8PwU8+ZHL
H5dAZr7yFu8t2FSyJLLwuSyahVl/HXdZYlw9BlExVk3hPsAafuy4cgYLeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAhvaIVrop0+Qfd0Z6+XxrzCp9b2MB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvQ0c5b2hXdWluVDVCOTNSbnI1Zkd2TUtuMXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXolGAwQA
XolcMA0GCSqGSIb3DQEBCwUAA4IBAQA8B4AP7FbMSND6DSNmsdTwZ+vW04hz8Q4M
RTitkgzPpmuXgWsA39fpSLpZrmvh5PvPIq9MzjJRqLR0s36QLm+ylffUn7q84jjp
Utd9VmmD0ytM6QBYfQq5cVC8wqos3jrprVRxSRNiIBmxOcHDAbwxqw45QdchTm9K
iWVNCvrwfzloFxuHriw2ohpgvyEbpTH5T89c7QM84Z02RQ2N87/3MU1obWKC+0uq
KtQdpJ98x22BgZDUf1NeZpQMRslfm7Olw9Oib3KjLCEh7iTHejZ05Csk57WvfC7J
I+w4SZDmwQCxl+cQA8UJTnte392IGSyZYXVll5IPIuXf7LCetLYO
-----END CERTIFICATE-----