Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/Eg2EGWU0muHyssilrxeeQBjKbvk.roa
File:                     Eg2EGWU0muHyssilrxeeQBjKbvk.roa (raw, json)
Hash identifier:          wy9mHmoh2oNmnAMgYgnKyL3/vaCOlR30B/2LCFJDYyc=
Subject key identifier:   12:0D:84:19:65:34:9A:E1:F2:B2:C8:A5:AF:17:9E:40:18:CA:6E:F9
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019E16DA78F76A9256B7E2647B766F889E1D
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/Eg2EGWU0muHyssilrxeeQBjKbvk.roa
Signing time:             Mon 11 May 2026 11:44:36 +0000
ROA not before:           Mon 11 May 2026 11:44:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214388
IP address blocks:        185.138.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 May 2026 11:44:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:da:78:f7:6a:92:56:b7:e2:64:7b:76:6f:88:9e:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: May 11 11:44:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=120d841965349ae1f2b2c8a5af179e4018ca6ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d0:9e:4b:4d:4d:92:60:3f:f7:fe:de:75:e5:
                    16:0c:2f:40:d6:57:a7:d0:06:f4:f7:b8:79:0d:51:
                    2d:03:0d:29:3d:c8:c9:62:d1:a9:64:65:4b:05:81:
                    d5:b3:bb:fc:80:d6:6c:27:66:d9:01:33:15:f0:56:
                    57:9f:fc:33:45:62:ba:70:45:3c:20:b1:1f:7f:b4:
                    03:03:ac:0f:bc:ff:ee:eb:79:3d:ca:2d:4f:d2:f1:
                    19:89:aa:a0:55:70:55:88:53:6d:53:d2:e4:41:9c:
                    8a:d0:4f:5d:d5:cb:9b:60:ad:b4:66:0b:08:02:03:
                    0d:3b:c0:f2:f4:1d:e8:65:46:cf:35:88:bf:6f:75:
                    55:24:26:55:1b:4e:f8:82:38:11:f0:26:f4:31:1e:
                    32:0b:84:24:90:b1:88:59:d9:f3:ba:68:a3:55:1b:
                    8a:aa:e5:41:0d:44:39:75:8b:42:8b:9d:bc:88:b0:
                    8e:cd:e9:af:2f:d8:1c:e2:cc:af:4c:85:06:41:e9:
                    c8:f3:67:c4:77:72:5d:05:80:19:c3:cb:d4:02:e2:
                    8a:2f:60:0b:5a:09:a3:d0:9d:a5:78:90:8e:c9:e5:
                    81:52:a7:ab:7d:7c:eb:16:66:c4:14:5a:a6:cb:3e:
                    ae:c6:f1:aa:b3:0c:e2:a9:19:a6:cc:80:0e:99:fc:
                    16:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0D:84:19:65:34:9A:E1:F2:B2:C8:A5:AF:17:9E:40:18:CA:6E:F9
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/Eg2EGWU0muHyssilrxeeQBjKbvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:be:61:5c:e5:3e:62:f4:27:2a:ae:3f:4e:ea:fc:43:3b:a8:
         8a:6c:89:af:6d:96:e8:d1:46:1f:fe:4b:93:ba:de:a1:f8:dd:
         3f:c5:c0:aa:89:5a:51:ec:df:6f:ca:0f:ae:be:db:15:f1:d5:
         bb:6b:60:b1:5b:a3:fd:6c:8d:49:f2:51:68:43:9e:29:4b:c7:
         5d:27:74:3c:6f:a5:9d:08:93:ed:77:80:0f:e5:3b:d6:12:1b:
         ba:4a:e1:31:e4:03:04:21:49:e1:c8:dd:f9:af:3d:98:d8:d6:
         e3:4a:9c:38:ed:ae:35:c0:e8:49:84:87:79:32:5f:c4:24:67:
         c1:7e:8d:76:4c:52:43:f6:ba:0c:12:d2:46:11:8e:28:8b:fc:
         76:a5:70:41:1e:a6:0f:26:f1:4f:72:fd:28:06:7a:0b:c0:89:
         d8:d2:64:a2:90:59:58:58:53:ed:81:86:a5:30:15:67:7c:72:
         83:a8:a2:fa:9b:8f:8b:dd:89:75:b9:b8:d4:d6:35:69:32:15:
         db:ac:84:80:50:58:fe:83:25:87:42:19:e1:9b:31:38:64:bc:
         1f:fb:67:fa:74:8d:63:49:9e:86:c0:dc:87:1d:39:64:38:ec:
         8e:27:fd:34:e0:fb:29:10:bf:0a:08:44:23:2b:b6:b9:96:d8:
         cd:ba:a1:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4W2nj3apJWt+Jke3ZviJ4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwNTExMTE0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBkODQxOTY1MzQ5YWUxZjJiMmM4YTVhZjE3OWU0MDE4Y2E2ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndCeS01NkmA/9/7edeUWDC9A1len
0Ab097h5DVEtAw0pPcjJYtGpZGVLBYHVs7v8gNZsJ2bZATMV8FZXn/wzRWK6cEU8
ILEff7QDA6wPvP/u63k9yi1P0vEZiaqgVXBViFNtU9LkQZyK0E9d1cubYK20ZgsI
AgMNO8Dy9B3oZUbPNYi/b3VVJCZVG074gjgR8Cb0MR4yC4QkkLGIWdnzumijVRuK
quVBDUQ5dYtCi528iLCOzemvL9gc4syvTIUGQenI82fEd3JdBYAZw8vUAuKKL2AL
Wgmj0J2leJCOyeWBUqerfXzrFmbEFFqmyz6uxvGqswziqRmmzIAOmfwWwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBINhBllNJrh8rLIpa8XnkAYym75MB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvRWcyRUdXVTBtdUh5c3NpbHJ4ZWVRQmpLYnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrqMA0G
CSqGSIb3DQEBCwUAA4IBAQBavmFc5T5i9Ccqrj9O6vxDO6iKbImvbZbo0UYf/kuT
ut6h+N0/xcCqiVpR7N9vyg+uvtsV8dW7a2CxW6P9bI1J8lFoQ54pS8ddJ3Q8b6Wd
CJPtd4AP5TvWEhu6SuEx5AMEIUnhyN35rz2Y2NbjSpw47a41wOhJhId5Ml/EJGfB
fo12TFJD9roMEtJGEY4oi/x2pXBBHqYPJvFPcv0oBnoLwInY0mSikFlYWFPtgYal
MBVnfHKDqKL6m4+L3Yl1ubjU1jVpMhXbrISAUFj+gyWHQhnhmzE4ZLwf+2f6dI1j
SZ6GwNyHHTlkOOyOJ/004PspEL8KCEQjK7a5ltjNuqEC
-----END CERTIFICATE-----