Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/kepdZXENoY0lFOiOd2VYC5Jt8PU.roa
File:                     kepdZXENoY0lFOiOd2VYC5Jt8PU.roa (raw, json)
Hash identifier:          bBmIVbb4z4z4JQQlPc3j4zkDZyWk/Dmtse596NYk1Vs=
Subject key identifier:   91:EA:5D:65:71:0D:A1:8D:25:14:E8:8E:77:65:58:0B:92:6D:F0:F5
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019CB32D762C81C82B1A512FBA8705AEFBF4
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/kepdZXENoY0lFOiOd2VYC5Jt8PU.roa
Signing time:             Tue 03 Mar 2026 10:10:26 +0000
ROA not before:           Tue 03 Mar 2026 10:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204102
IP address blocks:        185.120.58.0/24 maxlen: 24
                          212.22.67.0/24 maxlen: 24
                          212.22.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:2d:76:2c:81:c8:2b:1a:51:2f:ba:87:05:ae:fb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Mar  3 10:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91ea5d65710da18d2514e88e7765580b926df0f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:00:6c:8d:1e:e1:84:76:a7:47:8f:b6:0d:ff:
                    d6:20:58:fd:54:83:cd:d9:04:82:ce:2a:b2:a5:0c:
                    fa:a4:5d:64:f1:42:23:e6:31:5d:b0:36:7a:4e:2e:
                    1d:c0:95:28:c3:37:99:19:57:d1:3b:99:1f:8a:4d:
                    4e:b0:d3:44:f7:60:3d:da:be:9a:3f:2b:6a:19:62:
                    0c:57:74:4f:02:86:ab:c7:1e:97:49:ff:f2:dd:38:
                    30:69:9c:55:23:8a:48:4c:6b:2d:ad:5b:22:85:03:
                    f2:f7:ad:2b:a2:59:73:97:80:64:36:44:ac:f9:fd:
                    b7:36:35:e4:3c:1b:6c:ea:f9:45:88:17:44:f4:d1:
                    e5:90:35:0a:3d:5e:5e:02:f8:43:6c:f5:90:ba:d6:
                    7b:20:2b:77:65:22:2c:da:2d:f2:10:c2:6d:f7:3a:
                    e0:62:48:47:e1:39:cf:16:16:34:0b:d9:22:30:c4:
                    8b:36:3d:c8:bc:2b:bd:db:e0:bc:50:32:3d:15:8c:
                    65:b3:a1:7e:2b:0c:c2:07:f9:e3:a7:49:a2:73:a2:
                    41:7b:8a:77:14:b5:0a:bf:c9:b9:28:18:9f:9f:eb:
                    1a:85:91:5c:c7:85:2e:ad:4b:b8:ef:5a:31:63:c0:
                    c2:a0:c8:dd:f9:54:d2:37:d0:fb:5f:00:ca:7a:e2:
                    08:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EA:5D:65:71:0D:A1:8D:25:14:E8:8E:77:65:58:0B:92:6D:F0:F5
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/kepdZXENoY0lFOiOd2VYC5Jt8PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.58.0/24
                  212.22.67.0/24
                  212.22.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:9e:f5:a9:10:05:b9:1a:85:52:13:d5:af:f4:71:4a:79:bc:
         46:71:3e:71:df:28:a2:92:6c:31:40:d4:4c:68:05:9f:b3:af:
         08:de:4c:51:57:12:37:f4:58:ce:e5:63:1b:1f:ca:6d:b7:75:
         c2:a5:47:a2:15:9b:94:0b:57:42:88:5d:a2:72:b5:a2:97:30:
         20:99:e4:04:69:ac:74:fb:1f:29:94:47:a6:80:60:72:36:ba:
         e4:67:d9:05:50:4e:d6:b2:34:39:e2:db:22:ef:d1:2e:b1:37:
         58:d8:b7:00:5d:ae:d2:48:d7:f4:1b:94:f1:b1:d4:8a:6f:b6:
         76:ec:c6:6a:ab:a3:6f:75:8e:71:13:3c:c6:36:92:ff:d9:dc:
         e5:d9:39:75:97:b1:c1:8d:1c:e7:32:4e:f3:82:f1:61:9e:61:
         2b:ba:e5:f8:ce:f5:04:92:84:b6:c3:f1:87:11:51:5a:a0:48:
         3f:8e:c3:a6:e3:6f:2e:65:b8:52:56:ef:aa:a9:f0:f1:2f:a5:
         9d:3b:a2:24:f8:23:dd:f4:53:f2:53:ed:62:e0:69:d5:73:f8:
         a6:70:2c:c6:1c:96:67:ae:b7:2c:b1:28:5b:c7:98:22:e3:7d:
         87:2e:4f:ea:d6:51:a0:c6:99:48:d7:f2:d5:27:a5:35:ac:5c:
         78:15:27:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyzLXYsgcgrGlEvuocFrvv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMzAzMTAxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWVhNWQ2NTcxMGRhMThkMjUxNGU4OGU3NzY1NTgwYjkyNmRmMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQBsjR7hhHanR4+2Df/WIFj9VIPN
2QSCziqypQz6pF1k8UIj5jFdsDZ6Ti4dwJUowzeZGVfRO5kfik1OsNNE92A92r6a
PytqGWIMV3RPAoarxx6XSf/y3TgwaZxVI4pITGstrVsihQPy960rollzl4BkNkSs
+f23NjXkPBts6vlFiBdE9NHlkDUKPV5eAvhDbPWQutZ7ICt3ZSIs2i3yEMJt9zrg
YkhH4TnPFhY0C9kiMMSLNj3IvCu92+C8UDI9FYxls6F+KwzCB/njp0mic6JBe4p3
FLUKv8m5KBifn+sahZFcx4UurUu471oxY8DCoMjd+VTSN9D7XwDKeuIIgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJHqXWVxDaGNJRTojndlWAuSbfD1MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEva2VwZFpYRU5vWTBsRk9pT2QyVllDNUp0OFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuXg6AwQA
1BZDAwQA1BZUMA0GCSqGSIb3DQEBCwUAA4IBAQBynvWpEAW5GoVSE9Wv9HFKebxG
cT5x3yiikmwxQNRMaAWfs68I3kxRVxI39FjO5WMbH8ptt3XCpUeiFZuUC1dCiF2i
crWilzAgmeQEaax0+x8plEemgGByNrrkZ9kFUE7WsjQ54tsi79EusTdY2LcAXa7S
SNf0G5TxsdSKb7Z27MZqq6NvdY5xEzzGNpL/2dzl2Tl1l7HBjRznMk7zgvFhnmEr
uuX4zvUEkoS2w/GHEVFaoEg/jsOm428uZbhSVu+qqfDxL6WdO6Ik+CPd9FPyU+1i
4GnVc/imcCzGHJZnrrcssShbx5gi432HLk/q1lGgxplI1/LVJ6U1rFx4FSc6
-----END CERTIFICATE-----