Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/TIw274m8VtVS81gRQbbaAg9y9qo.roa
File:                     TIw274m8VtVS81gRQbbaAg9y9qo.roa (raw, json)
Hash identifier:          vQbtbmsP7ww+jMIm8AvD1TwBUQ0YruSRmDg5jICLknw=
Subject key identifier:   4C:8C:36:EF:89:BC:56:D5:52:F3:58:11:41:B6:DA:02:0F:72:F6:AA
Certificate issuer:       /CN=8053abc3d49f565b94878ed8f220ce327f974a32
Certificate serial:       019E9767BCB4445B62E5A0E482983ACA60B6
Authority key identifier: 80:53:AB:C3:D4:9F:56:5B:94:87:8E:D8:F2:20:CE:32:7F:97:4A:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/TIw274m8VtVS81gRQbbaAg9y9qo.roa
Signing time:             Fri 05 Jun 2026 10:50:18 +0000
ROA not before:           Fri 05 Jun 2026 10:50:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212720
IP address blocks:        193.148.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:67:bc:b4:44:5b:62:e5:a0:e4:82:98:3a:ca:60:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8053abc3d49f565b94878ed8f220ce327f974a32
        Validity
            Not Before: Jun  5 10:50:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c8c36ef89bc56d552f3581141b6da020f72f6aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:47:ca:65:97:ce:c3:7a:11:b4:75:a8:e5:e2:
                    c8:0c:2b:19:a8:a5:90:dd:c4:5d:20:4a:6f:6b:54:
                    7b:51:d0:0e:a1:58:c8:fd:09:db:5d:7e:75:f0:2d:
                    b5:02:c3:01:d7:6d:3c:28:5a:d3:29:a8:73:af:69:
                    a1:40:0a:4f:43:2a:29:14:8f:05:1b:81:8c:af:2b:
                    4a:aa:90:59:4e:a1:fb:70:96:c6:71:e1:39:19:68:
                    4d:0a:87:c6:04:69:d3:1f:0b:bd:8d:9c:a7:34:3a:
                    4d:0c:ea:02:f2:a9:37:0e:f9:9e:27:c7:fb:d3:f4:
                    b8:be:55:b4:9e:b7:7e:c0:8a:6f:0c:28:ed:d2:dd:
                    a9:b0:2e:2b:7b:4e:be:97:d3:a1:10:c0:6f:eb:b5:
                    fc:cc:f4:fd:21:bd:ea:9e:51:c3:f5:7c:50:db:8a:
                    87:15:c3:45:6b:dc:34:a4:d6:51:43:e2:06:18:1a:
                    65:24:60:8d:11:72:34:68:7d:e4:f2:9f:d5:88:0f:
                    2a:85:94:f6:6d:14:80:03:29:d3:79:71:59:8f:23:
                    45:ce:5a:f5:70:25:be:df:60:31:b4:07:87:a4:8f:
                    0a:40:bf:99:85:e4:5d:fd:df:21:20:be:7b:5c:a7:
                    a1:c3:04:60:2f:75:98:f3:6a:10:c9:51:7d:fc:02:
                    69:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8C:36:EF:89:BC:56:D5:52:F3:58:11:41:B6:DA:02:0F:72:F6:AA
            X509v3 Authority Key Identifier:
                keyid:80:53:AB:C3:D4:9F:56:5B:94:87:8E:D8:F2:20:CE:32:7F:97:4A:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/TIw274m8VtVS81gRQbbaAg9y9qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:20:bc:88:4a:06:34:cb:d1:b9:9d:25:2f:e5:db:4c:75:78:
         7f:80:28:4b:3a:29:8f:5b:8b:56:93:3a:94:39:e8:a4:fc:5b:
         b3:9f:71:9c:6d:2d:c0:56:58:a8:c8:d2:32:9c:64:2c:79:16:
         9b:09:3f:56:c2:fa:5e:06:13:b0:9c:33:a7:39:f0:67:9d:8d:
         c2:ac:7a:05:e8:a9:81:0f:87:27:57:04:e9:6a:19:36:82:fd:
         1a:74:27:5d:f2:fa:1e:db:33:c6:d8:a5:3d:06:8f:56:46:a4:
         d3:01:68:1d:e1:c7:2e:5d:ee:f8:d4:6d:60:97:3b:af:28:cb:
         52:4f:8a:e9:0f:da:7d:4e:42:06:d9:ed:f3:d6:17:86:2e:41:
         c3:17:0e:ae:d0:c5:22:1d:55:e2:8d:98:b9:7f:af:af:5b:06:
         9e:23:12:17:cc:45:60:71:41:3f:30:3f:5d:d8:98:8d:51:c6:
         af:27:01:49:dd:1a:b2:41:d8:53:ee:58:93:0e:23:97:fe:df:
         9c:a0:fc:07:67:91:a2:24:3d:49:f5:62:24:78:c4:e6:19:cd:
         88:1d:76:0d:bb:b0:a9:0b:6f:5c:f2:93:ac:55:5b:9e:06:cf:
         f9:11:91:24:72:e4:8d:b8:35:19:99:8d:22:6e:27:e9:fa:79:
         58:08:87:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XZ7y0RFti5aDkgpg6ymC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTNhYmMzZDQ5ZjU2NWI5NDg3OGVkOGYyMjBjZTMyN2Y5
NzRhMzIwHhcNMjYwNjA1MTA1MDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhjMzZlZjg5YmM1NmQ1NTJmMzU4MTE0MWI2ZGEwMjBmNzJmNmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEfKZZfOw3oRtHWo5eLIDCsZqKWQ
3cRdIEpva1R7UdAOoVjI/QnbXX518C21AsMB1208KFrTKahzr2mhQApPQyopFI8F
G4GMrytKqpBZTqH7cJbGceE5GWhNCofGBGnTHwu9jZynNDpNDOoC8qk3DvmeJ8f7
0/S4vlW0nrd+wIpvDCjt0t2psC4re06+l9OhEMBv67X8zPT9Ib3qnlHD9XxQ24qH
FcNFa9w0pNZRQ+IGGBplJGCNEXI0aH3k8p/ViA8qhZT2bRSAAynTeXFZjyNFzlr1
cCW+32AxtAeHpI8KQL+ZheRd/d8hIL57XKehwwRgL3WY82oQyVF9/AJpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyMNu+JvFbVUvNYEUG22gIPcvaqMB8GA1UdIwQY
MBaAFIBTq8PUn1ZblIeO2PIgzjJ/l0oyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZPcnc5U2ZWbHVVaDQ3WThpRE9Nbi1YU2pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85YWFkNmMtZTAxZC00MTMzLWE2M2Yt
MDUzMGE2Y2ZmYTNjLzEvVEl3Mjc0bThWdFZTODFnUlFiYmFBZzl5OXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85YWFkNmMtZTAxZC00MTMzLWE2M2YtMDUzMGE2Y2ZmYTNj
LzEvZ0ZPcnc5U2ZWbHVVaDQ3WThpRE9Nbi1YU2pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZQtMA0G
CSqGSIb3DQEBCwUAA4IBAQDHILyISgY0y9G5nSUv5dtMdXh/gChLOimPW4tWkzqU
Oeik/Fuzn3GcbS3AVlioyNIynGQseRabCT9WwvpeBhOwnDOnOfBnnY3CrHoF6KmB
D4cnVwTpahk2gv0adCdd8voe2zPG2KU9Bo9WRqTTAWgd4ccuXe741G1glzuvKMtS
T4rpD9p9TkIG2e3z1heGLkHDFw6u0MUiHVXijZi5f6+vWwaeIxIXzEVgcUE/MD9d
2JiNUcavJwFJ3RqyQdhT7liTDiOX/t+coPwHZ5GiJD1J9WIkeMTmGc2IHXYNu7Cp
C29c8pOsVVueBs/5EZEkcuSNuDUZmY0ibifp+nlYCIdi
-----END CERTIFICATE-----