Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/udpWdNCKkK0P1iH1tzGr-xFImUs.roa
File:                     udpWdNCKkK0P1iH1tzGr-xFImUs.roa (raw, json)
Hash identifier:          Sd5grDbeFgiY7osermhXdAvSR4ijwDBASIa5MD4eRp8=
Subject key identifier:   B9:DA:56:74:D0:8A:90:AD:0F:D6:21:F5:B7:31:AB:FB:11:48:99:4B
Certificate issuer:       /CN=032b9d2de53710b3158e42f22889109e2c40f43b
Certificate serial:       019ED70102ACD2C645144970E3D6F8079B55
Authority key identifier: 03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/udpWdNCKkK0P1iH1tzGr-xFImUs.roa
Signing time:             Wed 17 Jun 2026 19:13:48 +0000
ROA not before:           Wed 17 Jun 2026 19:13:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210022
IP address blocks:        185.158.20.0/24 maxlen: 24
                          185.158.21.0/24 maxlen: 24
                          185.158.22.0/24 maxlen: 24
                          185.158.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 20:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d7:01:02:ac:d2:c6:45:14:49:70:e3:d6:f8:07:9b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=032b9d2de53710b3158e42f22889109e2c40f43b
        Validity
            Not Before: Jun 17 19:13:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9da5674d08a90ad0fd621f5b731abfb1148994b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1e:c3:d4:b3:e9:03:b6:ec:38:a7:b1:01:00:
                    04:21:b0:68:d5:99:67:ff:77:6f:30:94:b2:a4:2c:
                    ee:54:1f:9f:7d:49:e3:ee:e8:0f:d8:b6:ac:19:e1:
                    59:43:eb:30:86:aa:95:00:2d:15:df:ac:e0:7e:ae:
                    45:e8:fd:ff:19:c5:81:21:e0:b6:3a:5a:5f:fa:9e:
                    8f:d4:a3:11:52:77:56:5f:60:49:16:7c:74:a7:fb:
                    10:1a:da:c2:52:46:e5:f6:b3:52:e4:ad:54:70:e3:
                    41:73:cf:bc:db:8d:77:b3:55:6e:27:7a:e0:58:d2:
                    55:ec:05:97:c8:24:68:28:2e:36:4c:ab:82:d1:1c:
                    8e:a4:69:a2:0f:ff:74:45:d2:fc:ff:b9:c8:28:57:
                    b2:fa:32:b1:0a:39:e7:e8:d8:29:dc:57:df:72:34:
                    b0:a5:b1:34:91:8b:52:d5:ea:53:a3:19:5e:8a:04:
                    83:b9:92:2a:00:af:56:2b:be:5f:2d:b8:7f:ca:27:
                    be:9c:52:92:55:ef:a7:2d:d7:34:4a:41:d0:8b:f4:
                    54:3b:3e:4a:44:c8:f2:e8:4c:14:58:b9:ef:bd:51:
                    e8:d1:94:da:fc:84:7a:66:f3:61:0c:28:28:7e:88:
                    3f:7f:b7:0c:31:3e:94:98:0b:89:84:8d:07:b7:7d:
                    6c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:DA:56:74:D0:8A:90:AD:0F:D6:21:F5:B7:31:AB:FB:11:48:99:4B
            X509v3 Authority Key Identifier:
                keyid:03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/udpWdNCKkK0P1iH1tzGr-xFImUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:d7:ca:2a:98:0e:2f:2b:99:f1:af:17:d1:3e:83:cb:a8:b6:
         49:fe:10:cc:23:5a:29:4a:32:44:75:0d:af:f9:0e:48:06:11:
         a2:ec:2d:c2:42:78:c6:68:3a:ef:3f:e7:e7:1e:9b:ce:28:5f:
         d5:ab:15:c6:4c:67:89:0a:81:36:5c:a5:17:44:a4:2e:28:5f:
         ed:0f:6d:ec:99:6d:5a:bd:06:3f:59:3d:3e:47:f3:c5:95:ff:
         fa:c7:e5:58:a9:a8:df:a0:78:3b:84:95:cb:5b:d3:00:fa:fe:
         a6:7f:60:74:cb:83:96:3c:b0:25:4e:87:1c:60:43:33:c6:23:
         36:4c:59:df:fd:d4:34:f8:30:07:d1:02:bd:04:58:2b:13:0d:
         19:5d:4f:2d:bd:4c:b2:69:7c:46:0a:d3:32:fc:36:27:fd:04:
         cc:77:69:a5:60:8a:43:e8:7d:51:5d:95:61:57:d6:4c:f9:0b:
         ae:f3:4c:45:05:4c:67:e5:4c:a2:fa:b6:7f:70:b4:ca:86:2b:
         c9:fc:20:52:a7:28:a6:94:cf:19:b5:1d:cc:f7:b5:bf:bd:8a:
         2c:99:34:20:e5:61:55:4b:b7:ac:f7:80:cd:72:8e:31:a1:34:
         e0:99:3b:ce:e7:2c:f5:5a:ab:61:1c:f6:41:37:65:ec:ae:c7:
         de:97:ce:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7XAQKs0sZFFElw49b4B5tVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMmI5ZDJkZTUzNzEwYjMxNThlNDJmMjI4ODkxMDllMmM0
MGY0M2IwHhcNMjYwNjE3MTkxMzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWRhNTY3NGQwOGE5MGFkMGZkNjIxZjViNzMxYWJmYjExNDg5OTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2h7D1LPpA7bsOKexAQAEIbBo1Zln
/3dvMJSypCzuVB+ffUnj7ugP2LasGeFZQ+swhqqVAC0V36zgfq5F6P3/GcWBIeC2
Olpf+p6P1KMRUndWX2BJFnx0p/sQGtrCUkbl9rNS5K1UcONBc8+82413s1VuJ3rg
WNJV7AWXyCRoKC42TKuC0RyOpGmiD/90RdL8/7nIKFey+jKxCjnn6Ngp3FffcjSw
pbE0kYtS1epToxleigSDuZIqAK9WK75fLbh/yie+nFKSVe+nLdc0SkHQi/RUOz5K
RMjy6EwUWLnvvVHo0ZTa/IR6ZvNhDCgofog/f7cMMT6UmAuJhI0Ht31sAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnaVnTQipCtD9Yh9bcxq/sRSJlLMB8GA1UdIwQY
MBaAFAMrnS3lNxCzFY5C8iiJEJ4sQPQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODIt
NGQxOWE4ZGUwYWJhLzEvdWRwV2ROQ0trSzBQMWlIMXR6R3IteEZJbVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODItNGQxOWE4ZGUwYWJh
LzEvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ4UMA0G
CSqGSIb3DQEBCwUAA4IBAQBp18oqmA4vK5nxrxfRPoPLqLZJ/hDMI1opSjJEdQ2v
+Q5IBhGi7C3CQnjGaDrvP+fnHpvOKF/VqxXGTGeJCoE2XKUXRKQuKF/tD23smW1a
vQY/WT0+R/PFlf/6x+VYqajfoHg7hJXLW9MA+v6mf2B0y4OWPLAlToccYEMzxiM2
TFnf/dQ0+DAH0QK9BFgrEw0ZXU8tvUyyaXxGCtMy/DYn/QTMd2mlYIpD6H1RXZVh
V9ZM+Quu80xFBUxn5Uyi+rZ/cLTKhivJ/CBSpyimlM8ZtR3M97W/vYosmTQg5WFV
S7es94DNco4xoTTgmTvO5yz1WqthHPZBN2Xsrsfel85G
-----END CERTIFICATE-----