Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/OHcGQbUAqdSq6mt4_3eyTZJR1XA.roa
File:                     OHcGQbUAqdSq6mt4_3eyTZJR1XA.roa (raw, json)
Hash identifier:          O7C2wF+M5BpxMvsOFLPpquh+G4qmdUXld04pX58Ae9M=
Subject key identifier:   38:77:06:41:B5:00:A9:D4:AA:EA:6B:78:FF:77:B2:4D:92:51:D5:70
Certificate issuer:       /CN=4166c06ff49e0534809e234005baa5cca7e146a8
Certificate serial:       019ECFE7778D3AA8886F4C28D96FDC8459A2
Authority key identifier: 41:66:C0:6F:F4:9E:05:34:80:9E:23:40:05:BA:A5:CC:A7:E1:46:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QWbAb_SeBTSAniNABbqlzKfhRqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/OHcGQbUAqdSq6mt4_3eyTZJR1XA.roa
Signing time:             Tue 16 Jun 2026 10:08:33 +0000
ROA not before:           Tue 16 Jun 2026 10:08:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204798
IP address blocks:        185.239.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/QWbAb_SeBTSAniNABbqlzKfhRqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/QWbAb_SeBTSAniNABbqlzKfhRqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QWbAb_SeBTSAniNABbqlzKfhRqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Jun 2026 21:52:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:e7:77:8d:3a:a8:88:6f:4c:28:d9:6f:dc:84:59:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4166c06ff49e0534809e234005baa5cca7e146a8
        Validity
            Not Before: Jun 16 10:08:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38770641b500a9d4aaea6b78ff77b24d9251d570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1a:b6:21:a9:25:20:1b:fa:42:5e:fe:3a:16:
                    40:ba:d4:34:e8:15:a1:89:bc:12:6f:10:dc:7b:5a:
                    35:c0:08:07:49:e3:f0:94:fd:a7:61:d8:9f:45:eb:
                    f7:99:57:12:50:c9:23:10:3a:d1:b8:78:93:04:c2:
                    13:24:0f:66:85:56:fa:e4:e3:7f:76:d1:3c:92:b5:
                    1b:50:34:2c:cb:ac:b8:0c:d9:ce:79:fe:1a:2e:b6:
                    6a:e9:86:fc:9c:a9:58:b2:eb:02:83:ec:ef:90:fe:
                    f6:46:f8:cf:15:52:b6:4f:a1:fa:3e:de:d6:d3:6c:
                    27:ee:0f:74:72:dd:3f:54:37:a3:96:d3:e6:87:c9:
                    5d:44:f9:99:9a:7d:bc:47:5a:58:b8:7c:f7:fd:69:
                    e4:21:9c:f5:43:32:97:5b:e9:1f:5b:ed:cb:c1:e6:
                    64:c0:8f:90:66:d9:2e:64:22:d3:d9:8b:8f:29:06:
                    5b:3e:e8:ae:ac:20:85:4c:4d:02:28:6e:ed:37:b4:
                    7e:63:06:32:cb:5a:4f:3e:96:b9:be:5d:24:d2:ce:
                    89:52:3c:51:c2:98:bf:68:b3:02:a0:2f:29:41:0f:
                    51:b5:32:18:ad:d4:34:b1:0e:63:9e:3c:de:95:b8:
                    58:96:62:64:d7:f3:78:09:a9:5b:d5:c2:0e:d9:52:
                    22:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:77:06:41:B5:00:A9:D4:AA:EA:6B:78:FF:77:B2:4D:92:51:D5:70
            X509v3 Authority Key Identifier:
                keyid:41:66:C0:6F:F4:9E:05:34:80:9E:23:40:05:BA:A5:CC:A7:E1:46:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QWbAb_SeBTSAniNABbqlzKfhRqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/OHcGQbUAqdSq6mt4_3eyTZJR1XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/70d2d4-354a-4a89-931e-8826e877d143/1/QWbAb_SeBTSAniNABbqlzKfhRqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:e5:b2:fc:6e:39:13:39:a4:66:b8:65:37:9c:16:ef:5a:fc:
         2e:bb:bf:af:2f:92:00:9c:5e:19:ae:74:39:4f:72:8b:53:1f:
         ba:83:8b:7e:49:98:7f:d4:9b:a6:af:a7:9e:c3:08:19:e0:e8:
         42:dc:7e:27:2e:42:60:40:c5:1c:65:da:93:cf:ab:b4:55:ff:
         6a:cf:a7:42:2a:4f:ca:96:33:96:ee:ef:04:de:f3:be:52:8d:
         81:64:39:52:27:de:c0:4c:9b:54:fa:50:e9:1f:3f:bb:7c:a4:
         d2:15:de:5c:62:5b:fe:92:af:e4:ae:5c:7b:40:17:1a:45:e1:
         ff:fe:23:d3:e6:e9:d2:7f:8b:29:d2:ea:21:97:6c:33:22:54:
         37:fd:94:0d:00:64:00:94:17:f6:07:9e:27:fb:65:1e:d3:9c:
         85:54:20:fe:53:9f:a2:29:42:05:44:c8:b7:cb:50:48:be:b2:
         ad:93:7b:97:d5:c5:40:57:6e:dc:b2:28:d1:0b:0d:71:f0:8d:
         eb:99:7c:b3:a3:b0:a6:59:87:04:ac:15:44:37:6c:f0:1b:e4:
         36:97:61:e3:e6:8f:dc:15:84:66:36:3d:db:4a:a7:98:a2:b4:
         ba:2d:37:99:a9:79:99:2a:c1:0d:d8:9c:22:4c:6c:dd:92:f8:
         11:ae:72:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7P53eNOqiIb0wo2W/chFmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNjZjMDZmZjQ5ZTA1MzQ4MDllMjM0MDA1YmFhNWNjYTdl
MTQ2YTgwHhcNMjYwNjE2MTAwODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc3MDY0MWI1MDBhOWQ0YWFlYTZiNzhmZjc3YjI0ZDkyNTFkNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRq2IaklIBv6Ql7+OhZAutQ06BWh
ibwSbxDce1o1wAgHSePwlP2nYdifRev3mVcSUMkjEDrRuHiTBMITJA9mhVb65ON/
dtE8krUbUDQsy6y4DNnOef4aLrZq6Yb8nKlYsusCg+zvkP72RvjPFVK2T6H6Pt7W
02wn7g90ct0/VDejltPmh8ldRPmZmn28R1pYuHz3/WnkIZz1QzKXW+kfW+3LweZk
wI+QZtkuZCLT2YuPKQZbPuiurCCFTE0CKG7tN7R+YwYyy1pPPpa5vl0k0s6JUjxR
wpi/aLMCoC8pQQ9RtTIYrdQ0sQ5jnjzelbhYlmJk1/N4Calb1cIO2VIiqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDh3BkG1AKnUqupreP93sk2SUdVwMB8GA1UdIwQY
MBaAFEFmwG/0ngU0gJ4jQAW6pcyn4UaoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVdiQWJfU2VCVFNBbmlOQUJicWx6S2ZoUnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC83MGQyZDQtMzU0YS00YTg5LTkzMWUt
ODgyNmU4NzdkMTQzLzEvT0hjR1FiVUFxZFNxNm10NF8zZXlUWkpSMVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC83MGQyZDQtMzU0YS00YTg5LTkzMWUtODgyNmU4NzdkMTQz
LzEvUVdiQWJfU2VCVFNBbmlOQUJicWx6S2ZoUnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+xMA0G
CSqGSIb3DQEBCwUAA4IBAQBq5bL8bjkTOaRmuGU3nBbvWvwuu7+vL5IAnF4ZrnQ5
T3KLUx+6g4t+SZh/1Jumr6eewwgZ4OhC3H4nLkJgQMUcZdqTz6u0Vf9qz6dCKk/K
ljOW7u8E3vO+Uo2BZDlSJ97ATJtU+lDpHz+7fKTSFd5cYlv+kq/krlx7QBcaReH/
/iPT5unSf4sp0uohl2wzIlQ3/ZQNAGQAlBf2B54n+2Ue05yFVCD+U5+iKUIFRMi3
y1BIvrKtk3uX1cVAV27csijRCw1x8I3rmXyzo7CmWYcErBVEN2zwG+Q2l2Hj5o/c
FYRmNj3bSqeYorS6LTeZqXmZKsEN2JwiTGzdkvgRrnLr
-----END CERTIFICATE-----