Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/m2oEtGkrjXxg-zxkEDTaw7NxWko.roa
File:                     m2oEtGkrjXxg-zxkEDTaw7NxWko.roa (raw, json)
Hash identifier:          0BJb+474aCIXXkVl61UZ5Jx7U9cbG3UPlYzYlvXaVzs=
Subject key identifier:   9B:6A:04:B4:69:2B:8D:7C:60:FB:3C:64:10:34:DA:C3:B3:71:5A:4A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019CBEF0A29674002C1DA08D4C3BF1445DC2
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/m2oEtGkrjXxg-zxkEDTaw7NxWko.roa
Signing time:             Thu 05 Mar 2026 16:59:27 +0000
ROA not before:           Thu 05 Mar 2026 16:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     262191
IP address blocks:        181.41.156.0/23 maxlen: 23
                          181.41.156.0/24 maxlen: 24
                          181.41.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:f0:a2:96:74:00:2c:1d:a0:8d:4c:3b:f1:44:5d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar  5 16:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b6a04b4692b8d7c60fb3c641034dac3b3715a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0f:53:b8:16:06:94:3b:2e:f0:fb:1a:13:ed:
                    35:43:ec:f1:2a:d2:bf:56:b8:d7:98:06:23:6f:eb:
                    e3:4f:2d:77:fc:66:79:d8:fa:3b:c0:4c:a7:12:82:
                    86:69:c5:20:59:5d:bb:f7:d0:24:dd:9b:ee:6d:05:
                    19:f1:b1:f4:ce:a7:ca:8d:1e:fb:3a:a4:f7:e0:06:
                    38:e9:4e:c7:5b:21:cf:58:24:1c:07:79:dd:29:5f:
                    9c:53:e0:02:70:d2:e4:e1:d9:a4:54:ff:c8:3f:7a:
                    ff:6a:23:52:6e:02:fd:ce:88:87:01:38:7b:dc:1f:
                    25:4b:b2:2a:7b:3a:a3:f5:45:b6:7b:41:b0:82:7f:
                    7f:86:30:cf:6b:1a:be:d9:69:a4:af:3a:ff:ce:37:
                    c6:c5:bc:c3:e1:9b:e8:fa:38:00:4d:9f:62:65:fb:
                    60:77:2f:05:c0:a6:4e:09:09:c4:8e:c5:0d:4c:17:
                    73:56:07:c4:08:33:e4:7a:bb:6c:f6:8a:f8:b6:c4:
                    a5:c2:6b:d6:05:7b:75:33:d5:df:2f:1b:1d:fe:e1:
                    60:17:d1:c2:f6:fb:3a:70:c2:7c:d4:5f:db:e3:a6:
                    ad:db:d3:34:b4:cc:63:d6:ff:4d:57:ca:f0:d3:16:
                    af:74:23:11:a6:eb:40:47:a4:e2:94:29:d8:39:58:
                    40:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:6A:04:B4:69:2B:8D:7C:60:FB:3C:64:10:34:DA:C3:B3:71:5A:4A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/m2oEtGkrjXxg-zxkEDTaw7NxWko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:ca:83:f5:b0:f4:19:72:51:0d:12:5c:4c:a4:f8:3b:34:66:
         a0:e2:ba:63:2c:f9:97:d3:9e:09:62:13:31:28:58:90:ed:68:
         10:60:33:94:e2:a5:a5:ad:b0:32:df:9c:47:27:72:5f:61:3c:
         29:2d:08:06:95:d6:c8:75:b5:3d:85:ee:e0:24:80:e6:fa:2f:
         7c:10:d0:9f:23:87:b2:aa:d0:36:05:ba:4a:11:af:aa:37:18:
         a8:c7:c5:c4:79:f5:45:46:54:a3:66:89:30:f6:b2:64:62:4c:
         d7:97:fd:91:d1:50:ef:fd:3f:db:32:d0:33:4a:33:64:90:aa:
         e1:ff:6b:a7:a1:27:19:31:89:04:37:fe:8a:5c:08:ff:8b:35:
         6a:7f:11:45:e7:91:8e:83:d2:21:63:01:2f:91:20:a7:6f:30:
         78:9c:ee:a7:50:f2:57:8d:b9:56:67:15:f4:45:23:ad:fd:e3:
         6c:8e:f7:b8:f6:40:b5:01:65:f7:2b:02:0a:0d:03:07:f1:07:
         52:a4:8a:4c:bf:1f:5b:93:81:2f:af:60:46:f1:b7:0b:19:3e:
         69:55:1f:0b:5c:61:ed:25:b0:a0:89:e0:7e:fd:f5:fd:82:30:
         97:13:55:62:78:2f:16:1a:7f:56:eb:49:dd:d7:c0:c2:99:de:
         77:52:cf:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+8KKWdAAsHaCNTDvxRF3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzA1MTY1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjZhMDRiNDY5MmI4ZDdjNjBmYjNjNjQxMDM0ZGFjM2IzNzE1YTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Q9TuBYGlDsu8PsaE+01Q+zxKtK/
VrjXmAYjb+vjTy13/GZ52Po7wEynEoKGacUgWV2799Ak3ZvubQUZ8bH0zqfKjR77
OqT34AY46U7HWyHPWCQcB3ndKV+cU+ACcNLk4dmkVP/IP3r/aiNSbgL9zoiHATh7
3B8lS7Iqezqj9UW2e0Gwgn9/hjDPaxq+2Wmkrzr/zjfGxbzD4Zvo+jgATZ9iZftg
dy8FwKZOCQnEjsUNTBdzVgfECDPkerts9or4tsSlwmvWBXt1M9XfLxsd/uFgF9HC
9vs6cMJ81F/b46at29M0tMxj1v9NV8rw0xavdCMRputAR6TilCnYOVhASQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtqBLRpK418YPs8ZBA02sOzcVpKMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbTJvRXRHa3JqWHhnLXp4a0VEVGF3N054V2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBtSmcMA0G
CSqGSIb3DQEBCwUAA4IBAQApyoP1sPQZclENElxMpPg7NGag4rpjLPmX054JYhMx
KFiQ7WgQYDOU4qWlrbAy35xHJ3JfYTwpLQgGldbIdbU9he7gJIDm+i98ENCfI4ey
qtA2BbpKEa+qNxiox8XEefVFRlSjZokw9rJkYkzXl/2R0VDv/T/bMtAzSjNkkKrh
/2unoScZMYkEN/6KXAj/izVqfxFF55GOg9IhYwEvkSCnbzB4nO6nUPJXjblWZxX0
RSOt/eNsjve49kC1AWX3KwIKDQMH8QdSpIpMvx9bk4Evr2BG8bcLGT5pVR8LXGHt
JbCgieB+/fX9gjCXE1VieC8WGn9W60nd18DCmd53Us9y
-----END CERTIFICATE-----