Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/m0S6_WzWlrHR_2JCITRe_ZXwGnA.roa
File:                     m0S6_WzWlrHR_2JCITRe_ZXwGnA.roa (raw, json)
Hash identifier:          me1fB1mJ0Ch7//Q7zoSWoOV6hA8e2Ax4/+PxpVsvA8c=
Subject key identifier:   9B:44:BA:FD:6C:D6:96:B1:D1:FF:62:42:21:34:5E:FD:95:F0:1A:70
Certificate issuer:       /CN=6564cd583ca3ed5ee61d079c362d4e39ffea63a9
Certificate serial:       019C9005EB0F62966926EF1BD769664E7246
Authority key identifier: 65:64:CD:58:3C:A3:ED:5E:E6:1D:07:9C:36:2D:4E:39:FF:EA:63:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/m0S6_WzWlrHR_2JCITRe_ZXwGnA.roa
Signing time:             Tue 24 Feb 2026 14:20:32 +0000
ROA not before:           Tue 24 Feb 2026 14:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5540
IP address blocks:        138.134.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:05:eb:0f:62:96:69:26:ef:1b:d7:69:66:4e:72:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6564cd583ca3ed5ee61d079c362d4e39ffea63a9
        Validity
            Not Before: Feb 24 14:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b44bafd6cd696b1d1ff624221345efd95f01a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3c:c1:41:21:19:1b:74:49:1a:ed:0c:06:3e:
                    f5:8f:9d:97:87:39:4f:67:06:6b:4e:a0:0a:4a:33:
                    f5:93:62:1f:b9:1d:60:29:04:ec:d2:ab:37:a4:2e:
                    52:dd:52:a1:78:e3:30:64:23:72:47:df:7d:c1:c3:
                    ed:c0:14:5c:4e:46:17:1a:29:48:c4:34:79:02:36:
                    db:87:1d:4b:c4:e7:33:91:d1:0d:ab:58:2e:25:4d:
                    cc:35:0d:54:50:2b:12:2b:53:07:b0:8d:a9:1b:9b:
                    67:f8:6f:9a:3b:6f:c3:64:a6:aa:b9:09:04:e7:1e:
                    d7:45:0d:81:75:f0:56:8e:73:aa:fd:2e:f5:7f:18:
                    e8:eb:e9:13:46:0a:5b:d4:90:cc:58:ba:fc:da:e1:
                    d5:04:1d:7c:f0:69:78:2a:9d:5e:64:b0:14:df:9f:
                    2c:49:53:6d:30:c2:54:df:a4:85:61:c4:08:dc:3f:
                    10:e1:28:d6:39:14:4f:d9:0f:d9:1b:71:06:09:9d:
                    bb:5a:35:f8:e9:e5:9c:95:8d:b9:d7:95:f4:c4:d9:
                    67:d6:52:32:02:6b:bd:1a:76:23:33:0d:dd:f8:c2:
                    bc:ce:c2:92:22:3f:b3:bd:fa:02:0b:d7:38:45:05:
                    9c:d7:95:a4:99:a5:3b:8e:49:20:bc:74:95:31:2a:
                    eb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:44:BA:FD:6C:D6:96:B1:D1:FF:62:42:21:34:5E:FD:95:F0:1A:70
            X509v3 Authority Key Identifier:
                keyid:65:64:CD:58:3C:A3:ED:5E:E6:1D:07:9C:36:2D:4E:39:FF:EA:63:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWTNWDyj7V7mHQecNi1OOf_qY6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/m0S6_WzWlrHR_2JCITRe_ZXwGnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/27af3b-db56-4b29-9415-fad9bf6a6f4f/1/ZWTNWDyj7V7mHQecNi1OOf_qY6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.134.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:fc:4b:0c:f0:6a:15:b8:64:64:90:a8:b7:ba:01:05:f5:14:
         3e:de:a6:2d:83:d1:a6:69:35:ba:7d:26:ee:06:c3:5a:ed:84:
         de:9e:2f:f1:97:27:31:c1:7a:ca:8f:1d:93:80:58:59:e0:da:
         17:06:e5:d0:a3:f6:2c:71:ac:3f:8f:c3:c4:ec:b0:86:6c:a3:
         db:f0:4e:38:4d:ee:61:30:fb:9f:33:78:bc:31:37:73:e3:76:
         fe:7f:fa:e5:fe:7f:97:3e:8d:94:9d:6e:65:2f:01:56:c7:a0:
         30:29:ca:09:70:09:d6:cd:87:e5:8a:ea:67:82:15:aa:84:67:
         1f:fb:e6:e2:52:f9:2b:44:a6:cb:40:2c:89:e0:01:e7:b8:6e:
         0b:4b:45:ec:8a:6e:b4:8f:7c:9a:3e:c5:3e:47:f9:ce:25:a5:
         9c:8b:f9:c8:41:fa:be:de:e2:c2:2a:25:ea:2c:33:7d:e4:ef:
         16:4e:6f:e1:c7:87:06:6f:65:04:8f:06:6b:9d:82:d8:a5:92:
         7c:5b:28:0d:ab:fb:2e:e1:3e:bb:a9:f6:a5:3f:69:d6:cb:09:
         4e:a1:d4:c7:12:c2:56:f4:3d:15:d0:04:9e:1c:84:fb:8e:31:
         d0:43:b7:e8:e0:ba:eb:99:2a:55:8d:4f:23:51:8c:42:03:f4:
         e5:8d:8d:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQBesPYpZpJu8b12lmTnJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NjRjZDU4M2NhM2VkNWVlNjFkMDc5YzM2MmQ0ZTM5ZmZl
YTYzYTkwHhcNMjYwMjI0MTQyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQ0YmFmZDZjZDY5NmIxZDFmZjYyNDIyMTM0NWVmZDk1ZjAxYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDzBQSEZG3RJGu0MBj71j52XhzlP
ZwZrTqAKSjP1k2IfuR1gKQTs0qs3pC5S3VKheOMwZCNyR999wcPtwBRcTkYXGilI
xDR5Ajbbhx1LxOczkdENq1guJU3MNQ1UUCsSK1MHsI2pG5tn+G+aO2/DZKaquQkE
5x7XRQ2BdfBWjnOq/S71fxjo6+kTRgpb1JDMWLr82uHVBB188Gl4Kp1eZLAU358s
SVNtMMJU36SFYcQI3D8Q4SjWORRP2Q/ZG3EGCZ27WjX46eWclY2515X0xNln1lIy
Amu9GnYjMw3d+MK8zsKSIj+zvfoCC9c4RQWc15WkmaU7jkkgvHSVMSrrDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtEuv1s1pax0f9iQiE0Xv2V8BpwMB8GA1UdIwQY
MBaAFGVkzVg8o+1e5h0HnDYtTjn/6mOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWldUTldEeWo3VjdtSFFlY05pMU9PZl9xWTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yN2FmM2ItZGI1Ni00YjI5LTk0MTUt
ZmFkOWJmNmE2ZjRmLzEvbTBTNl9XeldsckhSXzJKQ0lUUmVfWlh3R25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yN2FmM2ItZGI1Ni00YjI5LTk0MTUtZmFkOWJmNmE2ZjRm
LzEvWldUTldEeWo3VjdtSFFlY05pMU9PZl9xWTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAioaGMA0G
CSqGSIb3DQEBCwUAA4IBAQC7/EsM8GoVuGRkkKi3ugEF9RQ+3qYtg9GmaTW6fSbu
BsNa7YTeni/xlycxwXrKjx2TgFhZ4NoXBuXQo/Yscaw/j8PE7LCGbKPb8E44Te5h
MPufM3i8MTdz43b+f/rl/n+XPo2UnW5lLwFWx6AwKcoJcAnWzYfliupnghWqhGcf
++biUvkrRKbLQCyJ4AHnuG4LS0Xsim60j3yaPsU+R/nOJaWci/nIQfq+3uLCKiXq
LDN95O8WTm/hx4cGb2UEjwZrnYLYpZJ8WygNq/su4T67qfalP2nWywlOodTHEsJW
9D0V0ASeHIT7jjHQQ7fo4LrrmSpVjU8jUYxCA/TljY1t
-----END CERTIFICATE-----