Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UtZAQpBbOIHm0PE4SKnw4ez-0WQ.roa
File:                     UtZAQpBbOIHm0PE4SKnw4ez-0WQ.roa (raw, json)
Hash identifier:          u96RfVLw9q+aplb3/0JImM/0RuNxKLWBzV2HsmObrEg=
Subject key identifier:   52:D6:40:42:90:5B:38:81:E6:D0:F1:38:48:A9:F0:E1:EC:FE:D1:64
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019C2793E959A2EC6AACBD5A11C7A3141794
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UtZAQpBbOIHm0PE4SKnw4ez-0WQ.roa
Signing time:             Wed 04 Feb 2026 07:35:30 +0000
ROA not before:           Wed 04 Feb 2026 07:35:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        80.64.27.0/24 maxlen: 24
                          185.210.136.0/24 maxlen: 24
                          188.64.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:93:e9:59:a2:ec:6a:ac:bd:5a:11:c7:a3:14:17:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Feb  4 07:35:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52d64042905b3881e6d0f13848a9f0e1ecfed164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ed:21:63:42:87:a4:c9:48:75:51:df:95:77:
                    41:87:13:aa:b9:b3:8d:e2:eb:7d:e8:db:80:f8:45:
                    18:de:78:e1:6c:05:e3:45:6b:27:72:b4:84:0e:e5:
                    b4:5e:24:11:e6:92:b8:f7:3f:67:ba:cc:bc:48:33:
                    59:9a:35:7d:b6:79:35:c6:06:58:c2:a3:f3:f1:ab:
                    54:18:03:c2:20:e2:57:88:66:95:9c:30:0c:d0:88:
                    8c:ad:1a:63:c7:9f:27:2f:98:3d:16:53:f3:23:01:
                    a3:7c:68:3c:10:b1:18:b2:ca:d6:43:d0:2f:fd:48:
                    9d:64:59:14:ac:80:bd:d6:7b:53:7c:d9:8d:62:cd:
                    b8:9a:dc:e2:5f:eb:6d:a9:72:eb:43:35:63:37:f8:
                    3e:fc:7a:3b:e7:aa:67:bd:cd:92:0e:4f:a3:d9:68:
                    2c:1b:c0:35:8c:9a:88:91:6c:3f:1b:fd:44:9e:24:
                    51:52:03:a1:30:5c:07:db:75:0a:b5:e0:e2:bb:dc:
                    06:ba:d0:53:88:61:bf:83:44:7f:4a:68:b5:3c:40:
                    df:4e:d0:fc:b0:f5:dc:88:69:0f:9d:7e:f7:93:40:
                    9e:95:e0:50:dc:ec:df:f5:61:ba:98:6e:1c:12:a8:
                    97:da:f5:38:8f:ea:a3:84:ba:fa:73:06:ee:2d:ca:
                    c1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D6:40:42:90:5B:38:81:E6:D0:F1:38:48:A9:F0:E1:EC:FE:D1:64
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UtZAQpBbOIHm0PE4SKnw4ez-0WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.27.0/24
                  185.210.136.0/24
                  188.64.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:cd:47:02:54:f6:52:e8:f3:91:e1:d3:e8:20:ce:7f:b7:23:
         3f:27:88:7e:37:8b:ae:c9:a2:b4:83:2b:6e:26:8f:90:5b:0b:
         e1:36:6a:57:84:43:cf:ea:b8:b6:d5:e0:12:33:db:95:41:ce:
         75:31:7a:ff:8d:ec:fc:30:74:3c:e2:9b:ba:21:95:ae:ba:aa:
         35:d1:2b:4e:9d:d5:49:f9:e0:91:86:6d:aa:3c:e8:8b:b9:b6:
         78:19:b8:e9:b4:99:32:ca:9a:21:83:8a:fe:a1:7a:fe:69:15:
         f1:05:0e:97:da:0c:bc:c5:f0:e0:c9:f8:f2:5b:41:89:f6:36:
         99:69:e6:b0:c2:5d:b4:c5:a1:47:55:34:60:88:ac:b1:d3:a6:
         40:dc:bf:6d:19:f7:f7:18:56:0d:d7:6e:8d:cb:a2:70:26:f2:
         2b:dc:54:27:d8:bc:39:47:79:24:90:96:88:ce:ba:c1:82:8b:
         2c:09:21:8e:76:56:5b:b8:19:a7:74:0b:45:48:6f:ba:4a:ce:
         c0:f8:6c:fd:4f:2a:09:71:cd:39:1b:52:bd:8d:90:2d:cb:77:
         f3:88:e7:33:55:1d:ff:57:15:a0:23:b5:95:3a:5d:9c:d9:02:
         a9:0a:44:75:e1:99:10:fd:e0:7a:ef:75:95:6f:4a:e1:4d:e6:
         42:58:3b:f0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwnk+lZouxqrL1aEcejFBeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMjA0MDczNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQ2NDA0MjkwNWIzODgxZTZkMGYxMzg0OGE5ZjBlMWVjZmVkMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO0hY0KHpMlIdVHflXdBhxOqubON
4ut96NuA+EUY3njhbAXjRWsncrSEDuW0XiQR5pK49z9nusy8SDNZmjV9tnk1xgZY
wqPz8atUGAPCIOJXiGaVnDAM0IiMrRpjx58nL5g9FlPzIwGjfGg8ELEYssrWQ9Av
/UidZFkUrIC91ntTfNmNYs24mtziX+ttqXLrQzVjN/g+/Ho756pnvc2SDk+j2Wgs
G8A1jJqIkWw/G/1EniRRUgOhMFwH23UKteDiu9wGutBTiGG/g0R/Smi1PEDfTtD8
sPXciGkPnX73k0CeleBQ3Ozf9WG6mG4cEqiX2vU4j+qjhLr6cwbuLcrBDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFLWQEKQWziB5tDxOEip8OHs/tFkMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVXRaQVFwQmJPSUhtMFBFNFNLbnc0ZXotMFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEAbAwQA
udKIAwQAvECiMA0GCSqGSIb3DQEBCwUAA4IBAQAozUcCVPZS6POR4dPoIM5/tyM/
J4h+N4uuyaK0gytuJo+QWwvhNmpXhEPP6ri21eASM9uVQc51MXr/jez8MHQ84pu6
IZWuuqo10StOndVJ+eCRhm2qPOiLubZ4GbjptJkyypohg4r+oXr+aRXxBQ6X2gy8
xfDgyfjyW0GJ9jaZaeawwl20xaFHVTRgiKyx06ZA3L9tGff3GFYN126Ny6JwJvIr
3FQn2Lw5R3kkkJaIzrrBgossCSGOdlZbuBmndAtFSG+6Ss7A+Gz9TyoJcc05G1K9
jZAty3fziOczVR3/VxWgI7WVOl2c2QKpCkR14ZkQ/eB673WVb0rhTeZCWDvw
-----END CERTIFICATE-----