Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/vdZ7NAZKpOOWfxeuOtoKVqSmi9o.roa
File:                     vdZ7NAZKpOOWfxeuOtoKVqSmi9o.roa (raw, json)
Hash identifier:          nGN4JdghU2JG9U+xki8YfeD2LkJmHUGqq8eet8nt3TI=
Subject key identifier:   BD:D6:7B:34:06:4A:A4:E3:96:7F:17:AE:3A:DA:0A:56:A4:A6:8B:DA
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019DA5CF52AC5A4760E143BE2DE81F3B3011
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/vdZ7NAZKpOOWfxeuOtoKVqSmi9o.roa
Signing time:             Sun 19 Apr 2026 12:55:20 +0000
ROA not before:           Sun 19 Apr 2026 12:55:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215607
IP address blocks:        185.138.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a5:cf:52:ac:5a:47:60:e1:43:be:2d:e8:1f:3b:30:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Apr 19 12:55:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdd67b34064aa4e3967f17ae3ada0a56a4a68bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:10:3d:40:14:41:d3:63:20:68:00:14:04:48:
                    5c:22:5b:6d:fe:46:3e:c1:a9:3c:e6:61:83:6e:97:
                    8b:35:41:e4:ea:b8:84:98:a1:87:af:95:2a:fb:e5:
                    37:69:18:a4:d2:e4:7a:2b:e2:d6:2c:7b:a3:2a:35:
                    7b:00:3f:db:30:69:8e:80:77:e5:8d:17:1f:d6:9a:
                    c7:01:9a:5b:6a:af:70:03:9a:ff:38:06:35:89:0c:
                    37:ed:23:5f:d9:ba:e2:d6:86:eb:8e:cd:21:05:39:
                    90:16:4c:65:ef:31:3d:ff:77:ca:ec:84:ba:18:bd:
                    f8:ab:83:0c:9f:70:df:9f:64:59:d2:b9:ac:ee:c1:
                    26:ed:7b:93:a2:af:ee:d2:a3:46:58:78:1a:7e:47:
                    7d:25:f1:1a:ac:81:f3:0a:69:8b:7d:54:16:62:45:
                    c0:7c:0b:7f:b2:39:a4:c6:cf:65:b3:bb:72:d4:1b:
                    8c:3c:51:b1:92:fd:ac:5b:9c:8d:65:dd:1a:ea:5e:
                    3c:64:12:e4:a1:98:c5:50:2e:eb:cf:43:80:26:9f:
                    0f:f5:1f:c4:8a:3e:97:29:03:19:cd:f4:d0:f3:4a:
                    f5:eb:81:65:d9:d5:78:af:a5:42:a1:3f:6a:5e:f3:
                    7d:8e:ca:4a:8f:55:7f:a7:9b:c7:91:a7:ce:13:9f:
                    08:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D6:7B:34:06:4A:A4:E3:96:7F:17:AE:3A:DA:0A:56:A4:A6:8B:DA
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/vdZ7NAZKpOOWfxeuOtoKVqSmi9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:1e:0e:1f:03:fc:26:42:ee:78:83:b4:1f:03:a3:f1:8a:26:
         59:d4:dd:d1:08:d1:5f:55:13:80:47:00:79:2d:67:c5:0b:ff:
         ed:74:a1:66:da:9a:f3:98:6e:c1:a8:35:cf:be:b3:06:aa:ef:
         82:f0:52:d5:91:ed:1f:2d:f3:ed:b5:5f:38:1d:ab:62:dd:60:
         07:03:d3:ca:2e:ba:54:26:1a:cf:e6:b0:fa:ec:41:0f:f3:0f:
         ed:16:51:1f:18:a1:b7:36:ca:cd:9d:45:53:11:ba:fb:2d:a3:
         b1:55:bb:b5:8e:16:1f:30:42:35:67:c5:02:c3:5a:49:02:ba:
         21:3e:fb:97:cc:8a:c3:e6:83:1c:41:4a:7d:a4:16:07:7c:20:
         99:03:f2:f9:4a:67:e4:a9:6c:f0:71:d2:85:0e:36:d0:fa:0f:
         c3:fe:e3:d7:fb:4f:4c:73:83:7c:9a:3b:0a:43:53:26:38:d5:
         f0:84:97:ce:3f:fc:08:c6:15:0d:b8:26:74:eb:12:48:96:17:
         f0:ff:7b:4a:ac:5b:26:e5:01:a3:df:8f:b0:bb:b9:a7:03:d8:
         1e:f0:aa:c1:bd:f9:8f:f4:f6:6d:39:dd:f7:74:ef:61:51:c2:
         29:71:ad:4f:2b:58:55:1b:56:13:4d:da:82:fb:69:5e:ec:4f:
         41:3f:c1:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2lz1KsWkdg4UO+LegfOzARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwNDE5MTI1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQ2N2IzNDA2NGFhNGUzOTY3ZjE3YWUzYWRhMGE1NmE0YTY4YmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBA9QBRB02MgaAAUBEhcIltt/kY+
wak85mGDbpeLNUHk6riEmKGHr5Uq++U3aRik0uR6K+LWLHujKjV7AD/bMGmOgHfl
jRcf1prHAZpbaq9wA5r/OAY1iQw37SNf2bri1obrjs0hBTmQFkxl7zE9/3fK7IS6
GL34q4MMn3Dfn2RZ0rms7sEm7XuToq/u0qNGWHgafkd9JfEarIHzCmmLfVQWYkXA
fAt/sjmkxs9ls7ty1BuMPFGxkv2sW5yNZd0a6l48ZBLkoZjFUC7rz0OAJp8P9R/E
ij6XKQMZzfTQ80r164Fl2dV4r6VCoT9qXvN9jspKj1V/p5vHkafOE58I5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3WezQGSqTjln8XrjraClakpovaMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvdmRaN05BWktwT09XZnhldU90b0tWcVNtaTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrqMA0G
CSqGSIb3DQEBCwUAA4IBAQCJHg4fA/wmQu54g7QfA6PxiiZZ1N3RCNFfVROARwB5
LWfFC//tdKFm2przmG7BqDXPvrMGqu+C8FLVke0fLfPttV84Hati3WAHA9PKLrpU
JhrP5rD67EEP8w/tFlEfGKG3NsrNnUVTEbr7LaOxVbu1jhYfMEI1Z8UCw1pJAroh
PvuXzIrD5oMcQUp9pBYHfCCZA/L5SmfkqWzwcdKFDjbQ+g/D/uPX+09Mc4N8mjsK
Q1MmONXwhJfOP/wIxhUNuCZ06xJIlhfw/3tKrFsm5QGj34+wu7mnA9ge8KrBvfmP
9PZtOd33dO9hUcIpca1PK1hVG1YTTdqC+2le7E9BP8EC
-----END CERTIFICATE-----