Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U-mZ75Inz1b_t_Ngdd6Fzvl4dEc.roa
File:                     U-mZ75Inz1b_t_Ngdd6Fzvl4dEc.roa (raw, json)
Hash identifier:          9oIV6l4AaqKVsa8syd05EY8IOOf9t0ePbEn5KZJr5IE=
Subject key identifier:   53:E9:99:EF:92:27:CF:56:FF:B7:F3:60:75:DE:85:CE:F9:78:74:47
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368A9D7BA67A10706B4615A2AE56E68
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U-mZ75Inz1b_t_Ngdd6Fzvl4dEc.roa
Signing time:             Thu 02 Jul 2026 15:18:09 +0000
ROA not before:           Thu 02 Jul 2026 15:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        109.176.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:a9:d7:ba:67:a1:07:06:b4:61:5a:2a:e5:6e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53e999ef9227cf56ffb7f36075de85cef9787447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:64:5d:9a:be:dc:4f:99:f0:e3:fc:f1:73:f8:
                    6a:3a:2a:e1:e6:a6:92:7c:9b:c9:ff:51:6b:e0:71:
                    a7:6b:cd:dd:ae:04:39:ef:dd:da:50:ca:28:99:74:
                    f9:ad:84:4a:ce:69:79:df:42:30:62:a3:b1:b8:f8:
                    c5:48:31:a5:d2:f0:17:f3:35:c1:01:05:c8:bf:3b:
                    38:d7:78:f6:95:76:fe:99:e0:36:84:59:ae:78:2c:
                    82:fc:e3:48:93:e2:d7:08:2c:e3:a8:6a:54:ab:59:
                    db:c8:39:fc:5c:c0:21:62:f9:12:38:bf:6e:47:68:
                    87:61:49:41:ce:57:a4:e3:9e:b7:a2:91:63:de:f7:
                    1e:11:ea:0c:28:dc:24:86:c8:63:3b:01:42:a3:8c:
                    88:da:48:dd:b0:3a:6b:af:f6:bb:6f:85:be:17:47:
                    e9:bf:96:61:4a:67:e8:99:47:74:63:71:3a:84:c1:
                    a7:13:e6:a8:94:f6:a2:da:8a:6a:66:28:7a:5f:c3:
                    04:d8:4c:b3:82:c5:19:51:20:12:38:b0:04:f3:1a:
                    d2:e8:9a:46:72:d3:c7:28:c3:88:a8:2e:eb:89:b7:
                    ff:31:a8:2d:c9:3a:15:54:16:0a:bb:8e:fc:62:0a:
                    76:76:76:70:35:31:42:72:58:67:48:9a:7d:b2:0a:
                    e1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E9:99:EF:92:27:CF:56:FF:B7:F3:60:75:DE:85:CE:F9:78:74:47
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U-mZ75Inz1b_t_Ngdd6Fzvl4dEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:55:4d:a2:f0:b6:11:9a:8d:32:f3:b2:d2:a6:c9:26:b5:42:
         b7:23:58:f5:3f:0f:70:7a:bc:9a:61:23:19:9a:0d:1c:ff:f9:
         45:44:11:1e:4e:22:f8:24:4b:4c:33:a0:31:9c:25:08:07:89:
         0b:55:56:51:6d:5e:2b:16:a5:a2:f9:5e:04:64:c3:fc:a5:a6:
         c2:29:08:a9:aa:c6:7e:9b:74:3e:ee:eb:d3:bd:4a:06:0b:44:
         32:21:cd:67:88:de:a8:bd:28:ed:ce:6d:df:7c:f2:7b:e2:d2:
         37:4e:14:4f:a2:be:59:ce:3e:d4:3b:2a:1c:1e:26:e2:f0:28:
         ba:f3:9f:47:31:16:25:3b:fc:e1:f7:4d:83:b8:a0:8b:4b:09:
         7e:ee:88:3b:f7:54:24:b3:3c:0b:dc:95:7b:a4:43:51:24:88:
         ae:f5:77:54:fd:27:a1:54:b6:7d:f2:d1:59:db:92:81:3e:10:
         34:d7:e7:7f:1f:23:d0:8c:a5:0c:09:66:53:23:2b:1f:79:5d:
         fc:af:6f:3e:a1:59:7c:bc:97:c2:2e:6d:ec:b1:b2:e3:96:2e:
         6f:0b:ab:58:f7:69:48:ab:28:a4:a8:38:42:8c:26:ec:6a:3f:
         10:e6:e6:c7:75:7f:d0:a4:c9:99:b5:6d:d3:3a:74:1c:e0:e7:
         e8:a4:fd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaKnXumehBwa0YVoq5W5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2U5OTllZjkyMjdjZjU2ZmZiN2YzNjA3NWRlODVjZWY5Nzg3NDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12Rdmr7cT5nw4/zxc/hqOirh5qaS
fJvJ/1Fr4HGna83drgQ5793aUMoomXT5rYRKzml530IwYqOxuPjFSDGl0vAX8zXB
AQXIvzs413j2lXb+meA2hFmueCyC/ONIk+LXCCzjqGpUq1nbyDn8XMAhYvkSOL9u
R2iHYUlBzlek4563opFj3vceEeoMKNwkhshjOwFCo4yI2kjdsDprr/a7b4W+F0fp
v5ZhSmfomUd0Y3E6hMGnE+aolPai2opqZih6X8ME2EyzgsUZUSASOLAE8xrS6JpG
ctPHKMOIqC7ribf/MagtyToVVBYKu478Ygp2dnZwNTFCclhnSJp9sgrhmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPpme+SJ89W/7fzYHXehc75eHRHMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVS1tWjc1SW56MWJfdF9OZ2RkNkZ6dmw0ZEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAPMA0G
CSqGSIb3DQEBCwUAA4IBAQAxVU2i8LYRmo0y87LSpskmtUK3I1j1Pw9weryaYSMZ
mg0c//lFRBEeTiL4JEtMM6AxnCUIB4kLVVZRbV4rFqWi+V4EZMP8pabCKQipqsZ+
m3Q+7uvTvUoGC0QyIc1niN6ovSjtzm3ffPJ74tI3ThRPor5Zzj7UOyocHibi8Ci6
859HMRYlO/zh902DuKCLSwl+7og791QkszwL3JV7pENRJIiu9XdU/SehVLZ98tFZ
25KBPhA01+d/HyPQjKUMCWZTIysfeV38r28+oVl8vJfCLm3ssbLjli5vC6tY92lI
qyikqDhCjCbsaj8Q5ubHdX/QpMmZtW3TOnQc4OfopP1v
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:32 2026 by rpki-client