Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVDRpTPNwuZUFLmP8Hd-9EnZEwM.roa
File:                     aVDRpTPNwuZUFLmP8Hd-9EnZEwM.roa (raw, json)
Hash identifier:          T3CAf9VBBjcTFILr38JUqxoN1EFrQgvBKQ2GH9nS60E=
Subject key identifier:   69:50:D1:A5:33:CD:C2:E6:54:14:B9:8F:F0:77:7E:F4:49:D9:13:03
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019D008CEFD5FC4EB7D66190A30C7CBE00D0
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVDRpTPNwuZUFLmP8Hd-9EnZEwM.roa
Signing time:             Wed 18 Mar 2026 10:45:29 +0000
ROA not before:           Wed 18 Mar 2026 10:45:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        185.58.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:8c:ef:d5:fc:4e:b7:d6:61:90:a3:0c:7c:be:00:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Mar 18 10:45:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6950d1a533cdc2e65414b98ff0777ef449d91303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:87:cc:06:cd:9a:9f:37:87:8c:f8:db:cd:b1:
                    4f:14:cb:35:69:ef:f2:d2:e0:18:1c:eb:ce:75:ee:
                    99:17:25:dd:9d:3a:42:aa:0f:f0:c4:01:24:52:a0:
                    d4:fe:47:c9:ef:0c:4d:25:1c:f3:49:77:4e:6e:53:
                    a9:00:4e:11:2c:03:68:97:d7:37:6f:8c:aa:ff:eb:
                    44:e1:7d:5f:d6:17:64:cb:2e:ff:fc:12:f6:95:91:
                    6e:61:c5:2f:5d:7e:e0:b0:77:f2:a0:c8:54:da:3c:
                    5c:a3:91:4f:a8:db:bc:2c:e4:89:f4:a0:32:e9:91:
                    7f:0e:8b:a6:d4:cb:2a:65:c2:aa:ce:15:fb:c1:1e:
                    34:16:df:56:66:0c:91:91:04:b2:44:5d:11:c0:fd:
                    d8:a4:90:28:6b:19:b0:ec:3e:a9:72:82:58:45:86:
                    50:ce:79:6d:7a:ee:54:51:3c:9f:af:bb:f6:9f:a1:
                    08:66:43:83:0a:c1:e2:23:a2:af:00:b0:51:dd:db:
                    dc:7d:5d:e8:21:2b:46:5c:bf:41:3e:41:6e:bf:34:
                    b0:d1:10:fe:8c:fe:51:cb:e0:64:11:bf:59:a7:15:
                    4e:b0:0b:23:d4:c5:be:f6:43:5b:a1:5e:a4:42:3f:
                    65:eb:ec:6a:47:84:6a:92:bd:ef:4e:c9:8f:d1:17:
                    23:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:50:D1:A5:33:CD:C2:E6:54:14:B9:8F:F0:77:7E:F4:49:D9:13:03
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVDRpTPNwuZUFLmP8Hd-9EnZEwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:6c:10:57:1c:73:a4:41:81:ad:e0:49:c4:3f:c5:d9:8f:03:
         ff:37:32:a8:69:50:1b:78:9c:53:3e:a3:ce:e6:92:0b:44:00:
         6f:2f:e9:6f:3b:67:e7:c2:c8:00:6f:7d:07:ad:82:b5:f2:a4:
         69:ea:4e:76:7a:b8:13:f8:50:4e:79:f8:a6:c1:79:8b:e1:72:
         14:6c:1a:17:83:70:43:e8:ad:2d:35:9f:3a:5c:52:5b:72:e6:
         82:36:a0:ef:7b:60:e9:14:e5:01:0a:3a:52:39:45:e3:98:77:
         a4:38:bb:b0:21:3c:7c:bc:94:3e:f9:3f:74:b5:b6:24:6d:bc:
         3d:b4:bc:d6:c3:b3:15:1b:d0:3c:0a:ea:4b:27:a6:1c:6d:d2:
         97:97:6a:4b:ad:bc:40:3f:9c:c2:c8:c3:6e:c9:65:f4:68:2b:
         19:ed:36:62:8b:e3:86:7f:90:11:e2:20:87:d6:f6:fb:2d:11:
         3e:0a:d6:bf:84:67:d8:84:4a:ed:a9:9e:9f:8a:2b:9b:58:fd:
         d6:cc:89:d0:6c:f7:2a:da:68:36:48:b6:56:30:32:10:99:be:
         ff:10:34:1e:7f:4c:49:86:3e:f2:12:c8:da:21:a2:11:9a:92:
         9a:cb:7f:b3:10:9c:f5:83:3c:ba:e3:7d:27:2b:f3:95:ce:d0:
         28:00:bb:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AjO/V/E631mGQowx8vgDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwMzE4MTA0NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTUwZDFhNTMzY2RjMmU2NTQxNGI5OGZmMDc3N2VmNDQ5ZDkxMzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYfMBs2anzeHjPjbzbFPFMs1ae/y
0uAYHOvOde6ZFyXdnTpCqg/wxAEkUqDU/kfJ7wxNJRzzSXdOblOpAE4RLANol9c3
b4yq/+tE4X1f1hdkyy7//BL2lZFuYcUvXX7gsHfyoMhU2jxco5FPqNu8LOSJ9KAy
6ZF/Doum1MsqZcKqzhX7wR40Ft9WZgyRkQSyRF0RwP3YpJAoaxmw7D6pcoJYRYZQ
znlteu5UUTyfr7v2n6EIZkODCsHiI6KvALBR3dvcfV3oIStGXL9BPkFuvzSw0RD+
jP5Ry+BkEb9ZpxVOsAsj1MW+9kNboV6kQj9l6+xqR4Rqkr3vTsmP0RcjwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlQ0aUzzcLmVBS5j/B3fvRJ2RMDMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvYVZEUnBUUE53dVpVRkxtUDhIZC05RW5aRXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuToXMA0G
CSqGSIb3DQEBCwUAA4IBAQCBbBBXHHOkQYGt4EnEP8XZjwP/NzKoaVAbeJxTPqPO
5pILRABvL+lvO2fnwsgAb30HrYK18qRp6k52ergT+FBOefimwXmL4XIUbBoXg3BD
6K0tNZ86XFJbcuaCNqDve2DpFOUBCjpSOUXjmHekOLuwITx8vJQ++T90tbYkbbw9
tLzWw7MVG9A8CupLJ6YcbdKXl2pLrbxAP5zCyMNuyWX0aCsZ7TZii+OGf5AR4iCH
1vb7LRE+Cta/hGfYhErtqZ6fiiubWP3WzInQbPcq2mg2SLZWMDIQmb7/EDQef0xJ
hj7yEsjaIaIRmpKay3+zEJz1gzy6430nK/OVztAoALvt
-----END CERTIFICATE-----