Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6a9IFHNk94ENJ793zxWLrbcLaXs.roa
File:                     6a9IFHNk94ENJ793zxWLrbcLaXs.roa (raw, json)
Hash identifier:          ftyyf7+XGBa0S/fyusU1BzlvQrM4qgRsR/55sHu005A=
Subject key identifier:   E9:AF:48:14:73:64:F7:81:0D:27:BF:77:CF:15:8B:AD:B7:0B:69:7B
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D31C26A16FFDAE163284F14AEFDDE3349
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6a9IFHNk94ENJ793zxWLrbcLaXs.roa
Signing time:             Sat 28 Mar 2026 00:05:17 +0000
ROA not before:           Sat 28 Mar 2026 00:05:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        212.135.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 21:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:31:c2:6a:16:ff:da:e1:63:28:4f:14:ae:fd:de:33:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 28 00:05:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9af48147364f7810d27bf77cf158badb70b697b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d4:8b:75:73:23:81:5b:4e:66:87:1d:c6:49:
                    e5:37:cb:15:13:e0:53:ea:c8:26:dc:c8:eb:de:20:
                    4c:17:d5:d0:67:05:c3:2e:24:48:6c:7a:93:93:8e:
                    49:c7:6a:4a:a7:2c:22:8a:22:23:c6:fa:fe:93:69:
                    bd:3a:1d:cb:83:b6:23:0a:81:50:4c:c6:00:0e:1f:
                    bc:28:fc:31:e3:bb:ed:6d:55:24:0c:58:f3:21:e7:
                    91:bd:74:cd:c3:06:0d:41:6b:74:14:8f:b1:3d:6e:
                    2a:b0:ab:3b:9d:6b:36:de:5c:f4:0e:4c:90:9e:7e:
                    65:f9:41:18:fc:b6:9c:89:4e:9a:bc:4b:36:21:5b:
                    59:0e:34:0d:7e:07:01:ef:21:ec:f1:19:d0:90:15:
                    88:80:0e:73:34:07:54:2d:3f:b9:c0:0e:08:b3:d3:
                    f3:7d:95:42:1d:bd:e8:2c:59:de:91:b7:fe:36:01:
                    96:ae:06:0b:19:3a:cc:c2:f1:cf:36:4b:6f:75:7f:
                    1f:4a:67:d0:fb:e9:18:67:e3:15:15:81:f4:e1:e9:
                    1d:52:f0:d8:83:26:4b:9a:69:5f:59:cb:5e:b5:95:
                    42:a7:27:8c:c2:d7:56:65:0e:43:9d:6f:8b:63:86:
                    c5:8b:81:25:1d:d1:ea:07:90:6c:e7:49:28:1b:57:
                    f5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:AF:48:14:73:64:F7:81:0D:27:BF:77:CF:15:8B:AD:B7:0B:69:7B
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6a9IFHNk94ENJ793zxWLrbcLaXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:e3:0f:5d:4b:b5:4e:ba:50:05:aa:67:37:f8:28:3c:81:54:
         0c:7d:b5:36:9a:ff:96:df:9e:24:94:37:17:40:e4:96:5c:35:
         7b:4b:a1:14:ce:73:12:0d:1a:c8:06:73:64:9b:f3:97:86:6b:
         52:06:d4:b5:42:b1:7e:28:65:cb:89:52:b5:c0:0d:54:dd:4e:
         f4:69:1c:1c:37:b0:2e:26:19:27:c3:71:06:cb:88:ac:c5:14:
         40:30:62:f4:30:42:2e:9b:25:60:62:ab:c8:11:f4:82:bc:c2:
         bd:69:d0:ad:4b:26:cb:da:3c:7b:0d:66:58:1f:eb:97:94:ea:
         ff:11:1c:cd:95:3a:7d:6d:56:7c:f6:2f:78:9b:fc:6b:18:e8:
         79:9f:fd:12:d7:56:35:8f:05:9a:5e:7f:fc:ae:31:a4:f0:80:
         0a:45:a3:0e:8a:99:f3:f6:36:fb:59:9a:7b:8e:b2:c2:12:d7:
         b8:7a:4e:b8:7c:6a:1c:77:f0:2d:04:da:a7:24:24:25:f9:e3:
         09:c0:17:81:9b:36:57:02:09:54:44:4e:fd:f8:6d:1f:79:b3:
         a1:ff:22:8b:20:43:d8:2c:89:ce:b6:dc:26:31:12:5a:50:db:
         7f:9d:db:dc:ef:90:63:44:f1:74:ae:b0:49:32:9f:7b:50:a2:
         05:23:d4:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0xwmoW/9rhYyhPFK793jNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI4MDAwNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWFmNDgxNDczNjRmNzgxMGQyN2JmNzdjZjE1OGJhZGI3MGI2OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9SLdXMjgVtOZocdxknlN8sVE+BT
6sgm3Mjr3iBMF9XQZwXDLiRIbHqTk45Jx2pKpywiiiIjxvr+k2m9Oh3Lg7YjCoFQ
TMYADh+8KPwx47vtbVUkDFjzIeeRvXTNwwYNQWt0FI+xPW4qsKs7nWs23lz0DkyQ
nn5l+UEY/LaciU6avEs2IVtZDjQNfgcB7yHs8RnQkBWIgA5zNAdULT+5wA4Is9Pz
fZVCHb3oLFnekbf+NgGWrgYLGTrMwvHPNktvdX8fSmfQ++kYZ+MVFYH04ekdUvDY
gyZLmmlfWctetZVCpyeMwtdWZQ5DnW+LY4bFi4ElHdHqB5Bs50koG1f1KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmvSBRzZPeBDSe/d88Vi623C2l7MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNmE5SUZITms5NEVOSjc5M3p4V0xyYmNMYVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1IfAMA0G
CSqGSIb3DQEBCwUAA4IBAQB14w9dS7VOulAFqmc3+Cg8gVQMfbU2mv+W354klDcX
QOSWXDV7S6EUznMSDRrIBnNkm/OXhmtSBtS1QrF+KGXLiVK1wA1U3U70aRwcN7Au
Jhknw3EGy4isxRRAMGL0MEIumyVgYqvIEfSCvMK9adCtSybL2jx7DWZYH+uXlOr/
ERzNlTp9bVZ89i94m/xrGOh5n/0S11Y1jwWaXn/8rjGk8IAKRaMOipnz9jb7WZp7
jrLCEte4ek64fGocd/AtBNqnJCQl+eMJwBeBmzZXAglURE79+G0febOh/yKLIEPY
LInOttwmMRJaUNt/ndvc75BjRPF0rrBJMp97UKIFI9S5
-----END CERTIFICATE-----