Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/i9kzZBEPSIQwbMZfNqvulYgSaao.roa
File:                     i9kzZBEPSIQwbMZfNqvulYgSaao.roa (raw, json)
Hash identifier:          9Og3ibdmWGNSIjDGBXMLymE/K8GzzlULzDfKShanqjc=
Subject key identifier:   8B:D9:33:64:11:0F:48:84:30:6C:C6:5F:36:AB:EE:95:88:12:69:AA
Certificate issuer:       /CN=c25ed6de23b320e302888f9427723f2201f2919f
Certificate serial:       019D2980C806A7449E3913513B092582B103
Authority key identifier: C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/i9kzZBEPSIQwbMZfNqvulYgSaao.roa
Signing time:             Thu 26 Mar 2026 09:36:38 +0000
ROA not before:           Thu 26 Mar 2026 09:36:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        140.150.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:80:c8:06:a7:44:9e:39:13:51:3b:09:25:82:b1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25ed6de23b320e302888f9427723f2201f2919f
        Validity
            Not Before: Mar 26 09:36:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bd93364110f4884306cc65f36abee95881269aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f8:26:66:08:3e:f2:c5:09:77:c1:f4:b1:f3:
                    2b:e2:84:9a:97:01:8e:fa:41:69:77:ff:79:76:3d:
                    06:8a:39:5b:c9:f9:1e:b2:dd:94:b9:e3:ac:b4:8f:
                    f8:e1:a0:f1:53:01:5c:a1:c3:24:72:c1:87:36:ea:
                    83:69:1d:b6:d0:69:db:b4:c2:ae:89:cf:23:9b:6b:
                    08:75:41:23:88:63:f6:c1:12:12:b5:4b:aa:c4:25:
                    57:e3:47:c8:fc:86:cb:ed:1d:44:5d:c1:14:82:f4:
                    25:06:97:62:0c:db:c7:d8:65:d2:96:be:47:d6:59:
                    93:d5:63:e6:68:cd:46:fa:c4:49:18:86:c1:fe:3f:
                    ec:5d:e6:44:fa:c4:9b:6c:5c:5a:36:a6:3f:c0:ca:
                    05:5d:e4:5e:49:17:7d:48:49:74:6d:00:82:58:33:
                    7f:5d:7d:5b:31:e9:fe:64:65:28:1e:d4:7e:d0:6f:
                    c5:e3:36:ee:c1:b0:eb:58:f6:c4:26:25:af:d9:f3:
                    44:ad:37:dd:c6:63:02:50:1a:e1:a3:d4:d8:29:2e:
                    88:37:b2:37:2e:60:db:8f:4b:7e:e4:c4:14:ca:ef:
                    ae:ed:a8:d3:35:fd:a4:77:58:04:c3:a3:5f:ea:78:
                    21:5a:81:39:2d:b2:1d:5c:84:24:3d:03:23:d9:cb:
                    fc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D9:33:64:11:0F:48:84:30:6C:C6:5F:36:AB:EE:95:88:12:69:AA
            X509v3 Authority Key Identifier:
                keyid:C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/i9kzZBEPSIQwbMZfNqvulYgSaao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a3:ba:78:63:e6:ca:ea:2a:4d:f5:ed:25:a7:14:10:1b:a2:e5:
         9e:f3:93:f7:49:5a:81:6c:8f:de:32:17:46:63:e0:99:45:49:
         39:56:69:22:74:64:93:56:49:d5:95:66:46:e1:0c:17:e2:b1:
         59:5f:2a:9c:42:df:db:37:ed:a0:35:06:56:ee:83:df:0c:a5:
         f4:c9:41:9f:a7:1c:6e:bf:56:c5:78:40:6f:f2:55:36:43:a9:
         a2:b0:df:56:f5:ec:4e:92:78:a4:d1:a3:f6:e5:00:95:ac:ac:
         83:d5:9a:dc:2a:76:7f:a2:d8:83:05:1e:e3:a8:01:ed:9e:49:
         d1:f2:38:6d:60:0d:a9:d8:55:9f:fa:02:2a:6d:12:c6:f1:2a:
         9e:bf:28:b9:fd:bd:24:7c:db:17:bd:69:2e:a0:50:07:30:1c:
         81:c5:ae:77:0c:0f:42:69:74:f7:0c:52:cb:7c:48:38:99:3a:
         43:38:3e:ff:cd:dc:ac:c0:fa:af:11:65:d5:82:87:71:65:a0:
         b6:7a:69:c1:7b:0b:c2:26:9c:47:42:e0:67:51:3c:ad:e0:59:
         c0:f6:ef:92:bc:6c:4b:5a:71:99:62:1a:47:5c:27:30:5b:77:
         63:9a:33:c9:11:b4:dd:e2:3e:a2:51:cc:7f:a6:b4:20:a9:cb:
         b8:3d:e6:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pgMgGp0SeORNROwklgrEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWVkNmRlMjNiMzIwZTMwMjg4OGY5NDI3NzIzZjIyMDFm
MjkxOWYwHhcNMjYwMzI2MDkzNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmQ5MzM2NDExMGY0ODg0MzA2Y2M2NWYzNmFiZWU5NTg4MTI2OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvgmZgg+8sUJd8H0sfMr4oSalwGO
+kFpd/95dj0Gijlbyfkest2UueOstI/44aDxUwFcocMkcsGHNuqDaR220GnbtMKu
ic8jm2sIdUEjiGP2wRIStUuqxCVX40fI/IbL7R1EXcEUgvQlBpdiDNvH2GXSlr5H
1lmT1WPmaM1G+sRJGIbB/j/sXeZE+sSbbFxaNqY/wMoFXeReSRd9SEl0bQCCWDN/
XX1bMen+ZGUoHtR+0G/F4zbuwbDrWPbEJiWv2fNErTfdxmMCUBrho9TYKS6IN7I3
LmDbj0t+5MQUyu+u7ajTNf2kd1gEw6Nf6nghWoE5LbIdXIQkPQMj2cv8XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvZM2QRD0iEMGzGXzar7pWIEmmqMB8GA1UdIwQY
MBaAFMJe1t4jsyDjAoiPlCdyPyIB8pGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2w3VzNpT3pJT01DaUktVUozSV9JZ0h5a1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mZDQ0MDEtNzhmMi00NjVhLTlkYzAt
MzNjYWFlMGU0Mzc2LzEvaTlrelpCRVBTSVF3Yk1aZk5xdnVsWWdTYWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mZDQ0MDEtNzhmMi00NjVhLTlkYzAtMzNjYWFlMGU0Mzc2
LzEvd2w3VzNpT3pJT01DaUktVUozSV9JZ0h5a1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEjJYwMA0G
CSqGSIb3DQEBCwUAA4IBAQCjunhj5srqKk317SWnFBAbouWe85P3SVqBbI/eMhdG
Y+CZRUk5VmkidGSTVknVlWZG4QwX4rFZXyqcQt/bN+2gNQZW7oPfDKX0yUGfpxxu
v1bFeEBv8lU2Q6misN9W9exOknik0aP25QCVrKyD1ZrcKnZ/otiDBR7jqAHtnknR
8jhtYA2p2FWf+gIqbRLG8Sqevyi5/b0kfNsXvWkuoFAHMByBxa53DA9CaXT3DFLL
fEg4mTpDOD7/zdyswPqvEWXVgodxZaC2emnBewvCJpxHQuBnUTyt4FnA9u+SvGxL
WnGZYhpHXCcwW3djmjPJEbTd4j6iUcx/prQgqcu4PeaG
-----END CERTIFICATE-----