Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/M1q9NGALl_5zWyIsBUUB6ElwUw0.roa
File:                     M1q9NGALl_5zWyIsBUUB6ElwUw0.roa (raw, json)
Hash identifier:          P6viUgEvhrKdeTf5i8KPv7U8+f6vJ2sUgXvC3nzTpOU=
Subject key identifier:   33:5A:BD:34:60:0B:97:FE:73:5B:22:2C:05:45:01:E8:49:70:53:0D
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       019CB8A3E0B9F765E3951F7C2545BE8A01DB
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/M1q9NGALl_5zWyIsBUUB6ElwUw0.roa
Signing time:             Wed 04 Mar 2026 11:37:53 +0000
ROA not before:           Wed 04 Mar 2026 11:37:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272871
IP address blocks:        185.240.164.0/23 maxlen: 23
                          185.240.164.0/24 maxlen: 24
                          185.240.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:a3:e0:b9:f7:65:e3:95:1f:7c:25:45:be:8a:01:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Mar  4 11:37:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=335abd34600b97fe735b222c054501e84970530d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:95:85:02:1b:f3:8b:02:3a:4d:6e:bb:03:3c:
                    c7:37:8c:b7:4c:ca:a7:b5:9d:7f:45:26:84:29:6a:
                    7b:1f:b8:fb:94:88:03:7e:69:bc:6d:32:ec:51:8c:
                    86:95:43:28:8a:86:c9:67:db:d0:5b:0b:3e:75:d3:
                    14:24:db:bf:7d:44:8b:90:cf:b1:ac:0c:d9:a8:ae:
                    cc:0c:9f:10:29:7e:51:da:61:3a:75:df:da:97:b5:
                    6e:28:52:16:e0:c3:b8:fc:66:d7:69:4b:20:92:4f:
                    d0:5d:8f:4e:b0:d2:03:3b:a2:cd:20:be:3d:9a:5a:
                    b2:75:8b:00:ac:c6:03:df:49:39:ab:80:30:ea:fd:
                    48:c3:9f:c6:77:22:a6:35:76:09:cc:7f:12:92:41:
                    9b:46:f0:45:68:a4:dd:aa:10:51:3c:45:cb:b6:c7:
                    5e:22:d2:f1:7b:1c:d9:c5:70:40:ea:01:97:ef:6e:
                    0e:96:ac:7e:6d:f1:e5:3f:55:5b:fc:ac:67:39:d5:
                    90:98:77:83:54:61:20:a6:b4:15:b4:e7:d0:f4:1b:
                    00:e1:1f:1c:d9:03:4a:90:7e:62:ae:2c:ef:18:30:
                    8f:c7:e3:96:5f:46:ac:47:ab:2a:c4:87:75:85:1a:
                    d6:3b:01:d4:79:b7:38:b9:1b:78:23:d6:47:d0:ee:
                    2c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5A:BD:34:60:0B:97:FE:73:5B:22:2C:05:45:01:E8:49:70:53:0D
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/M1q9NGALl_5zWyIsBUUB6ElwUw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:e8:56:2f:b5:fe:90:83:4f:e1:00:c4:60:58:b3:5b:14:6b:
         fe:2b:ff:5c:2a:d6:b3:a5:24:65:40:92:7d:bf:e9:97:5c:c5:
         fc:60:2e:8c:82:d3:f8:f8:e7:dc:ea:de:03:41:0e:bc:b4:17:
         1a:35:e1:a1:d5:32:c6:cc:bf:64:79:ef:b8:45:8c:6b:85:82:
         b1:4e:1e:33:91:cf:b4:0a:cf:75:fa:00:41:4e:38:b2:ae:3b:
         72:ce:cc:52:84:f7:c3:3e:85:76:11:c9:94:c1:9e:24:9f:86:
         e4:6a:3b:76:c0:66:c1:64:5e:79:30:28:19:7e:05:6e:41:ab:
         47:c8:75:22:4f:8f:4a:a4:49:8c:03:dd:e8:58:5c:ef:65:fe:
         7b:db:c0:e7:66:b9:f9:96:70:b6:74:f6:c3:e3:d5:c7:97:2f:
         a8:cf:42:88:59:d2:b4:3c:89:f6:65:b2:bb:73:49:b1:2b:dc:
         a1:28:28:34:ce:38:10:fa:66:fc:75:5e:ab:20:6f:a0:2f:17:
         f5:95:04:19:c4:34:ea:16:35:de:82:04:a8:f6:39:59:34:14:
         bf:01:64:55:ee:59:88:62:c2:56:dd:51:8b:05:98:18:8b:a4:
         01:5f:d7:5f:d8:94:85:da:a8:bb:3c:92:4c:16:86:40:c0:55:
         5d:cd:8f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4o+C592XjlR98JUW+igHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjYwMzA0MTEzNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVhYmQzNDYwMGI5N2ZlNzM1YjIyMmMwNTQ1MDFlODQ5NzA1MzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZWFAhvziwI6TW67AzzHN4y3TMqn
tZ1/RSaEKWp7H7j7lIgDfmm8bTLsUYyGlUMoiobJZ9vQWws+ddMUJNu/fUSLkM+x
rAzZqK7MDJ8QKX5R2mE6dd/al7VuKFIW4MO4/GbXaUsgkk/QXY9OsNIDO6LNIL49
mlqydYsArMYD30k5q4Aw6v1Iw5/GdyKmNXYJzH8SkkGbRvBFaKTdqhBRPEXLtsde
ItLxexzZxXBA6gGX724Olqx+bfHlP1Vb/KxnOdWQmHeDVGEgprQVtOfQ9BsA4R8c
2QNKkH5irizvGDCPx+OWX0asR6sqxId1hRrWOwHUebc4uRt4I9ZH0O4sFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNavTRgC5f+c1siLAVFAehJcFMNMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvTTFxOU5HQUxsXzV6V3lJc0JVVUI2RWx3VXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufCkMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ6FYvtf6Qg0/hAMRgWLNbFGv+K/9cKtazpSRlQJJ9
v+mXXMX8YC6MgtP4+Ofc6t4DQQ68tBcaNeGh1TLGzL9kee+4RYxrhYKxTh4zkc+0
Cs91+gBBTjiyrjtyzsxShPfDPoV2EcmUwZ4kn4bkajt2wGbBZF55MCgZfgVuQatH
yHUiT49KpEmMA93oWFzvZf5728DnZrn5lnC2dPbD49XHly+oz0KIWdK0PIn2ZbK7
c0mxK9yhKCg0zjgQ+mb8dV6rIG+gLxf1lQQZxDTqFjXeggSo9jlZNBS/AWRV7lmI
YsJW3VGLBZgYi6QBX9df2JSF2qi7PJJMFoZAwFVdzY82
-----END CERTIFICATE-----