Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/9d9b7ngCfBXn0BZvHGUbIYai3SU.roa
File:                     9d9b7ngCfBXn0BZvHGUbIYai3SU.roa (raw, json)
Hash identifier:          S8rO+x/b1TlI/ds8zRuEobXNGIIkOXMHVIgQZ5JbD+g=
Subject key identifier:   F5:DF:5B:EE:78:02:7C:15:E7:D0:16:6F:1C:65:1B:21:86:A2:DD:25
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       019F23AFAEBC5E223D0A96926E371BAADEFB
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/9d9b7ngCfBXn0BZvHGUbIYai3SU.roa
Signing time:             Thu 02 Jul 2026 16:35:43 +0000
ROA not before:           Thu 02 Jul 2026 16:35:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215540
IP address blocks:        5.44.42.0/24 maxlen: 24
                          45.129.185.0/24 maxlen: 24
                          157.22.240.0/24 maxlen: 24
                          2a05:541:102::/48 maxlen: 48
                          2a05:541:103::/48 maxlen: 48
                          2a05:541:104::/48 maxlen: 48
                          2a05:541:105::/48 maxlen: 48
                          2a05:541:106::/48 maxlen: 48
                          2a05:541:107::/48 maxlen: 48
                          2a05:541:108::/48 maxlen: 48
                          2a05:541:109::/48 maxlen: 48
                          2a05:541:110::/48 maxlen: 48
                          2a05:541:111::/48 maxlen: 48
                          2a05:541:112::/48 maxlen: 48
                          2a05:541:113::/48 maxlen: 48
                          2a05:541:114::/48 maxlen: 48
                          2a05:541:115::/48 maxlen: 48
                          2a05:541:116::/48 maxlen: 48
                          2a05:541:117::/48 maxlen: 48
                          2a05:541:118::/48 maxlen: 48
                          2a05:541:119::/48 maxlen: 48
                          2a05:541:121::/48 maxlen: 48
                          2a05:541:122::/48 maxlen: 48
                          2a05:541:123::/48 maxlen: 48
                          2a05:541:124::/48 maxlen: 48
                          2a05:541:125::/48 maxlen: 48
                          2a05:541:126::/48 maxlen: 48
                          2a05:541:127::/48 maxlen: 48
                          2a05:541:131::/48 maxlen: 48
                          2a05:541:133::/48 maxlen: 48
                          2a05:541:134::/48 maxlen: 48
                          2a05:541:135::/48 maxlen: 48
                          2a05:541:136::/48 maxlen: 48
                          2a05:541:137::/48 maxlen: 48
                          2a05:541:138::/48 maxlen: 48
                          2a05:541:139::/48 maxlen: 48
                          2a05:541:141::/48 maxlen: 48
                          2a05:541:152::/48 maxlen: 48
                          2a05:541:153::/48 maxlen: 48
                          2a05:541:156::/48 maxlen: 48
                          2a05:541:157::/48 maxlen: 48
                          2a05:541:158::/48 maxlen: 48
                          2a05:541:159::/48 maxlen: 48
                          2a05:541:170::/48 maxlen: 48
                          2a05:541:171::/48 maxlen: 48
                          2a05:541:172::/48 maxlen: 48
                          2a05:541:173::/48 maxlen: 48
                          2a05:541:174::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 10:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:af:ae:bc:5e:22:3d:0a:96:92:6e:37:1b:aa:de:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jul  2 16:35:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5df5bee78027c15e7d0166f1c651b2186a2dd25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5c:28:73:cb:a3:24:b3:69:77:ae:25:d9:17:
                    d1:4d:94:2d:45:80:ff:7d:12:b2:98:a5:a4:31:60:
                    d2:84:66:6d:5c:b1:bb:90:ea:b3:dd:36:95:e2:79:
                    58:c1:5d:b5:78:40:80:5f:d1:cc:5c:d4:07:f2:98:
                    f8:68:c6:08:ec:fc:86:51:01:1c:17:2a:15:ab:a4:
                    fc:cc:c9:f4:fd:b3:41:7f:45:70:8b:4c:35:79:c3:
                    70:20:0b:29:ea:58:1f:b2:38:74:de:81:9e:8c:90:
                    bf:44:8b:52:95:c6:26:75:37:d3:d9:d3:38:e7:ac:
                    6d:a6:b1:ad:55:14:1d:df:3c:94:da:45:b5:0d:05:
                    0f:40:43:ac:7d:14:e7:c7:ea:a1:79:51:2c:16:b2:
                    bf:30:25:17:be:e3:bf:4d:11:31:0b:8d:6c:7e:c0:
                    75:8e:a6:66:3d:52:8a:8c:99:f8:e4:a9:5f:7f:0f:
                    45:c3:51:e0:04:f6:6a:52:1d:7a:fc:9e:24:58:e1:
                    99:51:6e:f5:42:80:1c:f4:7f:da:03:84:8e:a2:0b:
                    69:06:b2:d5:0e:e9:bb:98:1d:d6:e9:02:38:d3:5f:
                    34:73:29:c8:6c:f7:43:73:93:7b:fe:ee:0e:78:23:
                    10:a4:72:84:b0:85:a3:53:67:44:29:83:84:a2:11:
                    f1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:DF:5B:EE:78:02:7C:15:E7:D0:16:6F:1C:65:1B:21:86:A2:DD:25
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/9d9b7ngCfBXn0BZvHGUbIYai3SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.42.0/24
                  45.129.185.0/24
                  157.22.240.0/24
                IPv6:
                  2a05:541:102::-2a05:541:109:ffff:ffff:ffff:ffff:ffff
                  2a05:541:110::-2a05:541:119:ffff:ffff:ffff:ffff:ffff
                  2a05:541:121::-2a05:541:127:ffff:ffff:ffff:ffff:ffff
                  2a05:541:131::/48
                  2a05:541:133::-2a05:541:139:ffff:ffff:ffff:ffff:ffff
                  2a05:541:141::/48
                  2a05:541:152::/47
                  2a05:541:156::-2a05:541:159:ffff:ffff:ffff:ffff:ffff
                  2a05:541:170::-2a05:541:174:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         59:23:ac:d4:f9:8e:a7:fa:18:91:f9:23:87:52:ac:e6:db:00:
         80:71:0c:71:67:8b:8e:cd:9d:f2:fe:08:71:d6:1f:27:21:63:
         06:17:66:dd:18:5d:f1:84:46:be:a7:16:1c:3e:82:a7:9e:86:
         24:29:25:3d:50:37:fc:8d:56:5c:67:4a:f2:aa:8d:0b:93:d6:
         a5:93:f4:d5:be:5c:74:95:0b:ca:29:19:f5:68:ba:b5:f6:86:
         92:be:69:14:09:f0:9e:44:5f:8c:7e:f2:84:49:8a:55:32:7a:
         a1:8b:59:0c:06:82:c5:1f:d5:5f:b8:b9:b0:e1:ca:46:5a:f0:
         9a:2a:1e:41:3c:3c:3d:cd:c1:40:6e:45:fc:6a:bd:88:f8:92:
         26:f4:d4:3f:f0:92:d8:31:52:be:66:88:62:6f:83:8f:64:fd:
         01:47:e0:4a:c4:05:35:ab:02:d3:29:9b:bd:42:18:9a:a3:e2:
         50:64:26:53:2c:85:26:0b:ef:0d:a0:a8:0c:a1:72:cd:ee:81:
         d1:37:11:30:09:1c:38:be:b7:6f:6b:45:bd:bc:30:b4:d9:f8:
         e2:f9:79:ad:81:e0:82:19:f3:3c:92:fb:6f:b0:05:cb:f0:d0:
         9d:52:bc:2d:a5:f3:18:a1:8f:71:8e:58:14:21:36:34:c4:08:
         9b:30:e8:00
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZ8jr668XiI9CpaSbjcbqt77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjYwNzAyMTYzNTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWRmNWJlZTc4MDI3YzE1ZTdkMDE2NmYxYzY1MWIyMTg2YTJkZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1woc8ujJLNpd64l2RfRTZQtRYD/
fRKymKWkMWDShGZtXLG7kOqz3TaV4nlYwV21eECAX9HMXNQH8pj4aMYI7PyGUQEc
FyoVq6T8zMn0/bNBf0Vwi0w1ecNwIAsp6lgfsjh03oGejJC/RItSlcYmdTfT2dM4
56xtprGtVRQd3zyU2kW1DQUPQEOsfRTnx+qheVEsFrK/MCUXvuO/TRExC41sfsB1
jqZmPVKKjJn45Klffw9Fw1HgBPZqUh16/J4kWOGZUW71QoAc9H/aA4SOogtpBrLV
Dum7mB3W6QI40180cynIbPdDc5N7/u4OeCMQpHKEsIWjU2dEKYOEohHx8wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFPXfW+54AnwV59AWbxxlGyGGot0lMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvOWQ5YjduZ0NmQlhuMEJadkhHVWJJWWFpM1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHKBggrBgEFBQcBBwEB/wSBujCBtzAYBAIAATASAwQABSwq
AwQALYG5AwQAnRbwMIGaBAIAAjCBkzASAwcBKgUFQQECAwcBKgUFQQEIMBIDBwQq
BQVBARADBwEqBQVBARgwEgMHACoFBUEBIQMHAyoFBUEBIAMHACoFBUEBMTASAwcA
KgUFQQEzAwcBKgUFQQE4AwcAKgUFQQFBAwcBKgUFQQFSMBIDBwEqBQVBAVYDBwEq
BQVBAVgwEgMHBCoFBUEBcAMHACoFBUEBdDANBgkqhkiG9w0BAQsFAAOCAQEAWSOs
1PmOp/oYkfkjh1Ks5tsAgHEMcWeLjs2d8v4IcdYfJyFjBhdm3Rhd8YRGvqcWHD6C
p56GJCklPVA3/I1WXGdK8qqNC5PWpZP01b5cdJULyikZ9Wi6tfaGkr5pFAnwnkRf
jH7yhEmKVTJ6oYtZDAaCxR/VX7i5sOHKRlrwmioeQTw8Pc3BQG5F/Gq9iPiSJvTU
P/CS2DFSvmaIYm+Dj2T9AUfgSsQFNasC0ymbvUIYmqPiUGQmUyyFJgvvDaCoDKFy
ze6B0TcRMAkcOL63b2tFvbwwtNn44vl5rYHgghnzPJL7b7AFy/DQnVK8LaXzGKGP
cY5YFCE2NMQImzDoAA==
-----END CERTIFICATE-----
Generated at Fri Jul 3 16:51:49 2026 by rpki-client