Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/ic9El4BtymTELX4tfO85KLsnnzA.roa
File:                     ic9El4BtymTELX4tfO85KLsnnzA.roa (raw, json)
Hash identifier:          Ab+vOEfUlKcuCz2lVkxdfNmPtdmCY2q8gRV8PJiaibk=
Subject key identifier:   89:CF:44:97:80:6D:CA:64:C4:2D:7E:2D:7C:EF:39:28:BB:27:9F:30
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019CBE7E3061CDA33C16BB391E735E0F416F
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/ic9El4BtymTELX4tfO85KLsnnzA.roa
Signing time:             Thu 05 Mar 2026 14:54:26 +0000
ROA not before:           Thu 05 Mar 2026 14:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        91.234.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:7e:30:61:cd:a3:3c:16:bb:39:1e:73:5e:0f:41:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Mar  5 14:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89cf4497806dca64c42d7e2d7cef3928bb279f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2e:f5:15:92:2b:62:2d:a6:ff:97:43:ca:08:
                    db:32:c1:fe:3a:dd:f9:98:f9:5e:97:65:65:67:97:
                    9c:37:34:d6:7e:30:95:93:ca:68:64:2f:2c:0f:cb:
                    88:3b:74:01:31:62:77:ad:5d:08:77:ca:ee:f2:63:
                    7b:e3:42:2a:19:51:17:2a:b7:34:24:c2:76:5c:46:
                    44:70:af:b8:f2:29:e0:6a:70:d9:7d:b5:39:a2:c9:
                    50:f9:05:44:ec:6c:e7:f6:70:76:ae:ae:b4:6e:53:
                    1d:e8:f4:23:d1:6f:96:bd:12:73:ed:3f:c7:e8:a3:
                    f2:7b:76:c8:99:1d:2f:3b:32:e9:38:a8:47:7a:2d:
                    57:29:0e:81:e4:48:17:83:2f:29:81:86:1a:ad:bb:
                    31:11:31:f3:49:82:26:76:0d:63:47:07:b4:b5:c4:
                    b6:6a:d4:f7:f4:68:f6:6f:99:cd:55:fa:a5:0c:c1:
                    b9:4d:63:79:b6:0a:a6:26:dc:7b:50:45:08:3e:46:
                    d3:01:1d:11:a8:ab:22:c6:e8:40:87:10:17:4f:07:
                    9c:a8:f3:ce:ea:52:51:3a:c6:77:ee:47:e5:95:ec:
                    e5:f8:5e:58:fa:1a:01:ba:17:99:bb:c0:57:98:bd:
                    c3:47:66:32:f8:d9:9b:20:1c:64:95:57:78:7d:a9:
                    6b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CF:44:97:80:6D:CA:64:C4:2D:7E:2D:7C:EF:39:28:BB:27:9F:30
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/ic9El4BtymTELX4tfO85KLsnnzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9e:1c:75:be:82:a3:7b:cd:d5:df:76:43:41:05:f0:95:38:
         54:3a:ab:80:78:2e:81:bc:05:7a:00:10:f3:f1:09:47:9d:50:
         4e:57:47:d9:67:75:6a:d8:14:af:3b:db:ee:64:34:cd:4d:ea:
         ba:a4:20:cb:0d:ae:9e:d2:b2:76:5a:ca:ff:05:86:a0:16:d5:
         00:25:da:54:6e:05:55:75:3a:90:69:9c:86:0b:d7:95:1a:95:
         d5:90:63:4b:fc:a7:95:63:a7:33:33:3b:cf:00:f1:4b:f2:19:
         33:0e:48:6e:8b:4f:d4:42:17:b7:8e:61:e7:ed:c8:eb:10:a2:
         e5:aa:4a:64:57:4b:aa:b3:02:0c:b1:5d:b2:8c:cb:96:2d:c3:
         3b:9d:c6:18:d6:f3:6a:cc:8c:b0:6b:d1:00:aa:1c:e9:11:44:
         15:dd:50:f8:13:1d:31:13:0d:b1:5f:4a:54:19:8f:5d:a1:ec:
         27:94:02:4c:b7:5d:05:37:94:03:f2:25:bc:9a:72:a8:b6:87:
         f1:28:f1:2a:fd:7c:23:b5:db:af:60:92:c4:7a:7d:55:7c:37:
         27:d3:0d:08:40:5c:43:3b:8b:c2:57:1e:da:ad:b9:03:39:ee:
         6e:ed:1d:fb:28:ca:89:4f:86:79:84:36:27:91:4d:3c:30:d4:
         fe:ad:7f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+fjBhzaM8Frs5HnNeD0FvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwMzA1MTQ1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWNmNDQ5NzgwNmRjYTY0YzQyZDdlMmQ3Y2VmMzkyOGJiMjc5ZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0S71FZIrYi2m/5dDygjbMsH+Ot35
mPlel2VlZ5ecNzTWfjCVk8poZC8sD8uIO3QBMWJ3rV0Id8ru8mN740IqGVEXKrc0
JMJ2XEZEcK+48inganDZfbU5oslQ+QVE7Gzn9nB2rq60blMd6PQj0W+WvRJz7T/H
6KPye3bImR0vOzLpOKhHei1XKQ6B5EgXgy8pgYYarbsxETHzSYImdg1jRwe0tcS2
atT39Gj2b5nNVfqlDMG5TWN5tgqmJtx7UEUIPkbTAR0RqKsixuhAhxAXTwecqPPO
6lJROsZ37kfllezl+F5Y+hoBuheZu8BXmL3DR2Yy+NmbIBxklVd4falryQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInPRJeAbcpkxC1+LXzvOSi7J58wMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvaWM5RWw0QnR5bVRFTFg0dGZPODVLTHNubnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rKMA0G
CSqGSIb3DQEBCwUAA4IBAQCbnhx1voKje83V33ZDQQXwlThUOquAeC6BvAV6ABDz
8QlHnVBOV0fZZ3Vq2BSvO9vuZDTNTeq6pCDLDa6e0rJ2Wsr/BYagFtUAJdpUbgVV
dTqQaZyGC9eVGpXVkGNL/KeVY6czMzvPAPFL8hkzDkhui0/UQhe3jmHn7cjrEKLl
qkpkV0uqswIMsV2yjMuWLcM7ncYY1vNqzIywa9EAqhzpEUQV3VD4Ex0xEw2xX0pU
GY9doewnlAJMt10FN5QD8iW8mnKotofxKPEq/XwjtduvYJLEen1VfDcn0w0IQFxD
O4vCVx7arbkDOe5u7R37KMqJT4Z5hDYnkU08MNT+rX/s
-----END CERTIFICATE-----