Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/_D9qS-8DScnc_2I6GqJqvVKb0NE.roa
File:                     _D9qS-8DScnc_2I6GqJqvVKb0NE.roa (raw, json)
Hash identifier:          by/V+9jlEV4exXP9BXZGcUReXmY3vjq1g4eXzgdYxqA=
Subject key identifier:   FC:3F:6A:4B:EF:03:49:C9:DC:FF:62:3A:1A:A2:6A:BD:52:9B:D0:D1
Certificate issuer:       /CN=6564cd583ca3ed5ee61d079c362d4e39ffea63a9
Certificate serial:       019CBD5AF80D37CE34FD12FDD38730E70B8B
Authority key identifier: 65:64:CD:58:3C:A3:ED:5E:E6:1D:07:9C:36:2D:4E:39:FF:EA:63:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/_D9qS-8DScnc_2I6GqJqvVKb0NE.roa
Signing time:             Thu 05 Mar 2026 09:36:21 +0000
ROA not before:           Thu 05 Mar 2026 09:36:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        138.134.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:5a:f8:0d:37:ce:34:fd:12:fd:d3:87:30:e7:0b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6564cd583ca3ed5ee61d079c362d4e39ffea63a9
        Validity
            Not Before: Mar  5 09:36:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc3f6a4bef0349c9dcff623a1aa26abd529bd0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:36:eb:48:5e:0d:c7:4c:a9:e0:d4:a4:b7:07:
                    b9:1e:42:cd:21:6a:8d:5b:f0:68:15:cc:05:3f:0e:
                    9e:aa:d3:46:3b:b7:34:d8:f8:0a:fd:5c:83:13:94:
                    a2:7b:e9:e9:23:aa:04:dd:24:ae:00:30:c9:4e:5e:
                    24:74:f4:24:49:04:4e:3e:19:cf:ea:e6:0f:e8:ad:
                    65:1e:6a:fd:54:6b:34:45:38:9a:11:ca:6d:1c:5c:
                    26:c8:e2:80:fb:cd:c4:7f:12:40:8e:9c:c6:db:03:
                    f4:d9:39:9b:9c:04:1f:96:c2:78:21:4d:cb:cd:cd:
                    f6:dc:9a:a4:a8:f0:99:4d:90:1d:41:17:ae:47:23:
                    75:fb:01:0f:c3:a0:d4:ae:78:5a:f6:43:5f:67:29:
                    05:3c:91:f7:40:25:02:33:bf:7c:71:d4:a3:95:d5:
                    b0:76:25:c1:f8:f6:69:2f:02:13:36:38:c9:7b:75:
                    8e:bd:65:95:d3:6c:2a:16:c4:e7:4d:1c:68:b8:fd:
                    72:7e:56:b2:95:fd:19:90:6f:d7:55:53:89:1d:db:
                    d8:5f:6c:3a:18:49:20:ce:80:ed:df:f5:28:79:0e:
                    43:3f:f2:ff:db:60:41:94:d7:10:63:be:22:eb:38:
                    fa:bc:3e:c0:b4:45:ab:46:b3:14:3a:29:86:0d:31:
                    68:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:3F:6A:4B:EF:03:49:C9:DC:FF:62:3A:1A:A2:6A:BD:52:9B:D0:D1
            X509v3 Authority Key Identifier:
                keyid:65:64:CD:58:3C:A3:ED:5E:E6:1D:07:9C:36:2D:4E:39:FF:EA:63:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/_D9qS-8DScnc_2I6GqJqvVKb0NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.134.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b3:76:21:dd:87:34:78:17:d7:a8:22:21:b4:41:e7:2c:bf:
         9b:e9:37:f8:d5:0d:c5:cc:89:c3:69:67:9f:d3:5e:98:ac:b8:
         a1:a6:e5:63:a2:cf:47:b7:83:10:f4:d1:ad:36:cb:27:aa:4a:
         fe:00:73:c2:e6:76:a5:a5:dd:2e:b5:c9:2d:8d:b9:45:50:f6:
         d6:28:27:52:3e:84:f1:a3:1b:fb:f7:ab:30:ae:17:d4:a7:e6:
         2e:28:03:79:e5:62:36:b3:87:e4:5d:10:fe:cf:76:47:d3:50:
         92:90:06:bc:2d:dc:49:4c:0d:fd:d9:de:db:d5:bf:5d:ac:d6:
         b8:f9:1e:67:9d:40:91:5d:e4:9d:bf:46:82:ca:ca:88:f7:d5:
         02:f4:8f:f8:77:a4:61:a1:c9:5e:8f:eb:94:3a:a5:9f:df:30:
         b6:4b:2e:72:d2:02:2d:4a:4d:6b:05:af:ec:5c:99:09:2e:d0:
         df:bc:3f:ef:5c:1f:35:59:16:ed:54:1e:62:80:ac:1f:1e:93:
         53:43:8e:e5:a9:50:2b:c1:62:25:9a:db:08:ae:86:8a:a8:f7:
         13:2b:24:05:84:73:03:7a:83:e5:08:02:5c:52:31:f0:de:30:
         ba:82:06:a0:d3:bd:65:78:1d:ac:45:fe:fa:f9:79:db:df:67:
         e3:74:18:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9WvgNN840/RL904cw5wuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NjRjZDU4M2NhM2VkNWVlNjFkMDc5YzM2MmQ0ZTM5ZmZl
YTYzYTkwHhcNMjYwMzA1MDkzNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzNmNmE0YmVmMDM0OWM5ZGNmZjYyM2ExYWEyNmFiZDUyOWJkMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzbrSF4Nx0yp4NSktwe5HkLNIWqN
W/BoFcwFPw6eqtNGO7c02PgK/VyDE5Sie+npI6oE3SSuADDJTl4kdPQkSQROPhnP
6uYP6K1lHmr9VGs0RTiaEcptHFwmyOKA+83EfxJAjpzG2wP02TmbnAQflsJ4IU3L
zc323JqkqPCZTZAdQReuRyN1+wEPw6DUrnha9kNfZykFPJH3QCUCM798cdSjldWw
diXB+PZpLwITNjjJe3WOvWWV02wqFsTnTRxouP1yflaylf0ZkG/XVVOJHdvYX2w6
GEkgzoDt3/UoeQ5DP/L/22BBlNcQY74i6zj6vD7AtEWrRrMUOimGDTFoWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPw/akvvA0nJ3P9iOhqiar1Sm9DRMB8GA1UdIwQY
MBaAFGVkzVg8o+1e5h0HnDYtTjn/6mOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWldUTldEeWo3VjdtSFFlY05pMU9PZl9xWTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yN2FmM2ItZGI1Ni00YjI5LTk0MTUt
ZmFkOWJmNmE2ZjRmLzEvX0Q5cVMtOERTY25jXzJJNkdxSnF2VktiME5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yN2FmM2ItZGI1Ni00YjI5LTk0MTUtZmFkOWJmNmE2ZjRm
LzEvWldUTldEeWo3VjdtSFFlY05pMU9PZl9xWTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAioZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBMs3Yh3Yc0eBfXqCIhtEHnLL+b6Tf41Q3FzInDaWef
016YrLihpuVjos9Ht4MQ9NGtNssnqkr+AHPC5nalpd0utcktjblFUPbWKCdSPoTx
oxv796swrhfUp+YuKAN55WI2s4fkXRD+z3ZH01CSkAa8LdxJTA392d7b1b9drNa4
+R5nnUCRXeSdv0aCysqI99UC9I/4d6Rhoclej+uUOqWf3zC2Sy5y0gItSk1rBa/s
XJkJLtDfvD/vXB81WRbtVB5igKwfHpNTQ47lqVArwWIlmtsIroaKqPcTKyQFhHMD
eoPlCAJcUjHw3jC6ggag071leB2sRf76+Xnb32fjdBhC
-----END CERTIFICATE-----