Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/zOYOJF9DfijezlN9iaw-AlTXC9Y.roa
File:                     zOYOJF9DfijezlN9iaw-AlTXC9Y.roa (raw, json)
Hash identifier:          9l40cVFv1YhreHGWhH0joF4uHabuY804EXNUsY9cFxk=
Subject key identifier:   CC:E6:0E:24:5F:43:7E:28:DE:CE:53:7D:89:AC:3E:02:54:D7:0B:D6
Certificate issuer:       /CN=7c40d38c7e6bcd4b6aefa0bb4acd7b644ce71a47
Certificate serial:       019CE3EE9981162A736A64F56010D07110D9
Authority key identifier: 7C:40:D3:8C:7E:6B:CD:4B:6A:EF:A0:BB:4A:CD:7B:64:4C:E7:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/zOYOJF9DfijezlN9iaw-AlTXC9Y.roa
Signing time:             Thu 12 Mar 2026 21:23:10 +0000
ROA not before:           Thu 12 Mar 2026 21:23:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211667
IP address blocks:        185.29.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 12:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:ee:99:81:16:2a:73:6a:64:f5:60:10:d0:71:10:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c40d38c7e6bcd4b6aefa0bb4acd7b644ce71a47
        Validity
            Not Before: Mar 12 21:23:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cce60e245f437e28dece537d89ac3e0254d70bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:49:fa:70:59:90:8c:be:22:a8:f7:dc:32:92:
                    7d:fe:59:8c:5b:f9:35:e3:d0:ff:cf:b1:45:82:2f:
                    69:58:eb:cf:00:85:45:df:a0:ff:7a:80:dd:14:0d:
                    b4:e2:59:2a:52:4b:40:b3:48:4f:c1:bd:2f:1f:fe:
                    fe:45:81:e5:2a:91:2f:77:7e:b9:6a:0f:10:0a:61:
                    6e:52:c1:49:78:79:bc:b8:db:61:82:f0:6e:53:e8:
                    ba:c0:bf:44:c8:65:75:25:25:2f:48:b0:59:37:f9:
                    d4:51:0c:02:0e:89:52:6b:87:85:eb:ec:6e:ad:4b:
                    7b:30:fe:46:8e:74:6d:19:e2:45:97:9e:9e:97:69:
                    e3:75:c9:10:5f:61:81:b8:c2:b7:be:b2:21:6e:74:
                    92:97:61:4b:a9:2e:26:85:fd:e1:99:bf:1e:a0:a2:
                    78:35:7b:b5:b0:ef:81:c3:4f:54:28:06:33:4c:f6:
                    ce:70:1d:8d:fd:8d:de:6b:49:3d:99:93:19:d2:3e:
                    dd:12:bb:40:c2:44:ec:e0:37:bf:0e:fc:19:90:73:
                    5e:86:a4:3e:d6:85:f7:4b:86:bf:e1:9c:cb:b1:8b:
                    a9:91:76:4c:39:7a:35:32:58:7a:6d:81:49:ed:e9:
                    40:bb:12:40:ac:4e:7c:9a:b0:6b:a8:19:40:91:27:
                    0e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E6:0E:24:5F:43:7E:28:DE:CE:53:7D:89:AC:3E:02:54:D7:0B:D6
            X509v3 Authority Key Identifier:
                keyid:7C:40:D3:8C:7E:6B:CD:4B:6A:EF:A0:BB:4A:CD:7B:64:4C:E7:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/zOYOJF9DfijezlN9iaw-AlTXC9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:aa:bd:d3:49:37:78:c4:fd:74:9a:36:77:88:22:bf:cc:fb:
         ad:b1:29:13:ca:94:6a:02:d9:50:a9:e1:b2:1d:14:cf:40:1f:
         0d:1b:f8:ad:7e:67:f7:56:2b:51:07:c6:a8:f7:78:1a:57:6b:
         c1:3f:22:c0:53:8f:be:75:8a:69:d5:fb:19:f6:86:04:bb:a7:
         61:94:2c:5a:04:97:8b:20:e2:aa:4d:93:25:7f:a4:cb:cc:e7:
         e0:1c:0a:1a:d9:68:21:23:d7:ca:62:c8:4f:f3:dd:92:11:64:
         02:ff:ce:8e:18:a5:a7:0a:5d:84:0e:8b:33:ad:ac:b5:67:5b:
         ed:4d:66:76:83:36:59:fa:aa:d6:77:43:c3:d9:03:e7:ec:a1:
         8b:29:a7:2b:be:e5:82:5e:1b:24:ee:40:a0:36:e4:0c:1e:64:
         63:f2:1b:82:b0:91:36:ff:51:ce:d5:45:aa:14:f8:0b:4a:87:
         ae:35:ca:0d:47:77:c2:73:20:eb:50:f2:34:e9:10:74:21:64:
         04:8e:ed:3a:2c:cc:a0:b5:7d:6f:77:d3:02:7c:b8:80:67:52:
         57:e2:e2:35:4b:cd:21:03:a0:90:7d:05:60:26:b6:e0:fb:be:
         df:b0:64:20:95:41:21:19:af:55:6c:74:bb:2b:e4:41:ab:c0:
         22:62:76:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzj7pmBFipzamT1YBDQcRDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNDBkMzhjN2U2YmNkNGI2YWVmYTBiYjRhY2Q3YjY0NGNl
NzFhNDcwHhcNMjYwMzEyMjEyMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2U2MGUyNDVmNDM3ZTI4ZGVjZTUzN2Q4OWFjM2UwMjU0ZDcwYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUn6cFmQjL4iqPfcMpJ9/lmMW/k1
49D/z7FFgi9pWOvPAIVF36D/eoDdFA204lkqUktAs0hPwb0vH/7+RYHlKpEvd365
ag8QCmFuUsFJeHm8uNthgvBuU+i6wL9EyGV1JSUvSLBZN/nUUQwCDolSa4eF6+xu
rUt7MP5GjnRtGeJFl56el2njdckQX2GBuMK3vrIhbnSSl2FLqS4mhf3hmb8eoKJ4
NXu1sO+Bw09UKAYzTPbOcB2N/Y3ea0k9mZMZ0j7dErtAwkTs4De/DvwZkHNehqQ+
1oX3S4a/4ZzLsYupkXZMOXo1Mlh6bYFJ7elAuxJArE58mrBrqBlAkScObQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzmDiRfQ34o3s5TfYmsPgJU1wvWMB8GA1UdIwQY
MBaAFHxA04x+a81Lau+gu0rNe2RM5xpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkVEVGpINXJ6VXRxNzZDN1NzMTdaRXpuR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84OWYxMmYtY2FlYy00ZTdhLThhYzkt
ZDZiNTFkMzdhZmY0LzEvek9ZT0pGOURmaWplemxOOWlhdy1BbFRYQzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84OWYxMmYtY2FlYy00ZTdhLThhYzktZDZiNTFkMzdhZmY0
LzEvZkVEVGpINXJ6VXRxNzZDN1NzMTdaRXpuR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR3nMA0G
CSqGSIb3DQEBCwUAA4IBAQB4qr3TSTd4xP10mjZ3iCK/zPutsSkTypRqAtlQqeGy
HRTPQB8NG/itfmf3VitRB8ao93gaV2vBPyLAU4++dYpp1fsZ9oYEu6dhlCxaBJeL
IOKqTZMlf6TLzOfgHAoa2WghI9fKYshP892SEWQC/86OGKWnCl2EDoszray1Z1vt
TWZ2gzZZ+qrWd0PD2QPn7KGLKacrvuWCXhsk7kCgNuQMHmRj8huCsJE2/1HO1UWq
FPgLSoeuNcoNR3fCcyDrUPI06RB0IWQEju06LMygtX1vd9MCfLiAZ1JX4uI1S80h
A6CQfQVgJrbg+77fsGQglUEhGa9VbHS7K+RBq8AiYnYT
-----END CERTIFICATE-----