Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/M916cyFrYHbD96VN4AEjasOR0gw.roa
File:                     M916cyFrYHbD96VN4AEjasOR0gw.roa (raw, json)
Hash identifier:          knNwvlnJVR0WRmrA5tjnns7rUb1f2w6ONlZUGBadhdM=
Subject key identifier:   33:DD:7A:73:21:6B:60:76:C3:F7:A5:4D:E0:01:23:6A:C3:91:D2:0C
Certificate issuer:       /CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
Certificate serial:       019C2A0FEE17BF258C69CF8B824A9EFB0B3C
Authority key identifier: AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/M916cyFrYHbD96VN4AEjasOR0gw.roa
Signing time:             Wed 04 Feb 2026 19:10:12 +0000
ROA not before:           Wed 04 Feb 2026 19:10:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.95.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2a:0f:ee:17:bf:25:8c:69:cf:8b:82:4a:9e:fb:0b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
        Validity
            Not Before: Feb  4 19:10:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33dd7a73216b6076c3f7a54de001236ac391d20c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d8:ba:60:de:a6:b8:df:e8:01:e3:86:50:a7:
                    c5:1b:73:31:c3:eb:33:53:e2:08:a3:b1:41:17:25:
                    99:ce:d8:56:5e:7b:35:01:97:1b:ef:c1:e1:7b:c4:
                    27:b8:6e:69:84:8e:29:02:64:aa:6f:70:30:1e:74:
                    31:ca:50:1c:b3:c6:96:f1:f3:9f:c6:b3:4f:da:61:
                    22:44:28:e2:b3:2d:88:f9:78:6a:24:b9:12:e8:cb:
                    20:bb:5f:d8:07:74:99:0e:5a:f3:48:28:65:a4:27:
                    13:1f:69:e1:69:7f:f6:d0:33:dd:85:d3:f4:50:ad:
                    82:bf:d9:1f:28:b6:67:0a:59:bf:c4:86:7c:6e:b1:
                    e0:ef:be:06:20:ca:39:70:a3:b6:3a:4f:b0:30:6f:
                    f5:3c:77:1d:69:b1:9c:58:ac:d4:d8:f1:7a:14:3a:
                    33:cd:02:ac:12:f0:c6:ec:2d:3a:8d:2c:ec:e8:08:
                    33:e6:c3:1f:33:80:04:27:74:dc:4a:15:b4:a6:b0:
                    71:ff:df:27:4d:e8:dc:05:23:46:55:d5:8e:cd:d0:
                    3c:a7:9f:3e:ba:0c:35:51:32:68:f4:25:fb:0b:cb:
                    f3:23:f6:f7:12:bf:6a:61:15:2b:8b:e2:49:b6:38:
                    a5:a0:53:10:1e:cf:cf:66:de:28:a1:f8:5f:cb:39:
                    3a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DD:7A:73:21:6B:60:76:C3:F7:A5:4D:E0:01:23:6A:C3:91:D2:0C
            X509v3 Authority Key Identifier:
                keyid:AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/M916cyFrYHbD96VN4AEjasOR0gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:19:98:94:d7:c2:e9:20:15:a9:b1:c8:c8:2c:db:8c:57:2a:
         5d:ad:d1:b3:21:7f:8b:0c:52:0c:db:d9:74:4c:b0:ec:ab:fa:
         c9:0c:fb:34:77:7d:82:cb:e6:73:e1:a3:46:0b:1c:9c:99:e5:
         ae:83:50:f4:38:fa:1c:c9:a4:1b:c0:6a:f7:15:da:99:1d:e7:
         ca:07:02:94:1c:df:3c:8c:24:18:61:84:58:e5:ea:19:67:4b:
         8e:ac:45:90:51:f1:95:63:35:d8:e9:a5:e6:86:d0:96:73:9d:
         4f:1f:a2:5b:23:fe:36:93:d4:8d:64:8f:71:f3:fb:84:b2:80:
         5e:1f:8f:aa:c1:52:48:fa:c0:a4:7f:a2:63:8a:47:6a:76:14:
         6c:d7:9f:31:62:42:4e:f9:9d:ef:7c:fe:5b:a4:a3:24:6a:b1:
         9c:b2:3f:36:fa:f5:1e:0c:7a:80:2e:d3:e7:4d:69:c8:2a:d1:
         49:be:df:d5:47:17:81:91:62:ea:03:62:03:9b:42:84:06:c9:
         62:90:f5:cd:ab:cf:51:42:5a:90:e1:53:4f:39:f1:53:c5:b8:
         eb:d8:3c:8c:29:e5:33:76:a4:3f:83:8f:d7:1b:7f:f5:18:d0:
         c9:72:b5:f0:65:10:97:10:82:c5:9c:76:a3:87:78:96:fb:d1:
         58:07:aa:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwqD+4XvyWMac+Lgkqe+ws8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjc0NTUxOTMyM2Q4YzJkOTNjMWIxMDdiZjg1ZjYxOTMz
YzcxY2EwHhcNMjYwMjA0MTkxMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RkN2E3MzIxNmI2MDc2YzNmN2E1NGRlMDAxMjM2YWMzOTFkMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19i6YN6muN/oAeOGUKfFG3Mxw+sz
U+IIo7FBFyWZzthWXns1AZcb78Hhe8QnuG5phI4pAmSqb3AwHnQxylAcs8aW8fOf
xrNP2mEiRCjisy2I+XhqJLkS6Msgu1/YB3SZDlrzSChlpCcTH2nhaX/20DPdhdP0
UK2Cv9kfKLZnClm/xIZ8brHg774GIMo5cKO2Ok+wMG/1PHcdabGcWKzU2PF6FDoz
zQKsEvDG7C06jSzs6Agz5sMfM4AEJ3TcShW0prBx/98nTejcBSNGVdWOzdA8p58+
ugw1UTJo9CX7C8vzI/b3Er9qYRUri+JJtjiloFMQHs/PZt4oofhfyzk6nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPdenMha2B2w/elTeABI2rDkdIMMB8GA1UdIwQY
MBaAFKpnRVGTI9jC2TwbEHv4X2GTPHHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAt
ZDc4MTJhMzM4MTgzLzEvTTkxNmN5RnJZSGJEOTZWTjRBRWphc09SMGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAtZDc4MTJhMzM4MTgz
LzEvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBlGZiU18LpIBWpscjILNuMVypdrdGzIX+LDFIM29l0
TLDsq/rJDPs0d32Cy+Zz4aNGCxycmeWug1D0OPocyaQbwGr3FdqZHefKBwKUHN88
jCQYYYRY5eoZZ0uOrEWQUfGVYzXY6aXmhtCWc51PH6JbI/42k9SNZI9x8/uEsoBe
H4+qwVJI+sCkf6JjikdqdhRs158xYkJO+Z3vfP5bpKMkarGcsj82+vUeDHqALtPn
TWnIKtFJvt/VRxeBkWLqA2IDm0KEBslikPXNq89RQlqQ4VNPOfFTxbjr2DyMKeUz
dqQ/g4/XG3/1GNDJcrXwZRCXEILFnHajh3iW+9FYB6rw
-----END CERTIFICATE-----