Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/lTWEkgJKELlSipjMtxAwhYWB7pA.roa
File:                     lTWEkgJKELlSipjMtxAwhYWB7pA.roa (raw, json)
Hash identifier:          J6isN9PWN65bgatPG4qkpJ6/vf7Bogjcg3QwVkpblQA=
Subject key identifier:   95:35:84:92:02:4A:10:B9:52:8A:98:CC:B7:10:30:85:85:81:EE:90
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019CC76FED666BE105F1FBC669ADA6F8EB0D
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/lTWEkgJKELlSipjMtxAwhYWB7pA.roa
Signing time:             Sat 07 Mar 2026 08:35:26 +0000
ROA not before:           Sat 07 Mar 2026 08:35:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        217.147.13.0/24 maxlen: 24
                          217.147.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c7:6f:ed:66:6b:e1:05:f1:fb:c6:69:ad:a6:f8:eb:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  7 08:35:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95358492024a10b9528a98ccb71030858581ee90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6c:f7:58:a3:d0:59:b4:e5:17:b5:6d:87:c2:
                    8f:17:04:32:b9:ec:f0:57:9a:a4:34:e5:37:b1:3a:
                    76:e0:2a:82:db:37:cd:59:60:e7:0f:55:f5:cb:9d:
                    c1:84:1a:cd:ba:ce:aa:06:37:aa:76:d0:a9:70:70:
                    7f:93:e9:30:af:87:ee:91:be:53:cf:9d:f9:33:77:
                    ca:de:21:e8:e4:d7:a3:69:f2:1c:6d:8f:cc:08:87:
                    2c:aa:f3:95:a1:87:e1:1c:33:ca:76:75:b4:b2:6f:
                    18:b5:b1:2b:51:33:ad:04:e9:65:f2:8b:d1:52:d5:
                    a8:93:3b:a9:4f:6f:b8:b7:b0:1c:ca:7d:0e:95:55:
                    01:3e:2c:09:c6:a9:17:d6:fb:c6:0c:f9:d3:82:f7:
                    bb:f3:0d:f1:33:d9:67:68:41:1d:b6:b8:21:55:10:
                    55:ab:a6:46:6f:9e:b3:4a:23:7d:e4:f2:c8:94:73:
                    60:b2:7f:60:57:4d:ce:27:e9:6c:2b:fa:55:89:80:
                    d7:b1:65:ff:d0:d0:3b:52:48:fe:e6:0b:a9:68:87:
                    a0:d9:81:a8:ec:c0:e0:b0:2c:01:63:20:33:fb:db:
                    00:e0:ae:1a:7b:90:c1:06:26:c2:a8:66:3e:20:e0:
                    18:b1:7b:53:49:76:42:52:7c:f5:56:5a:07:80:d0:
                    fd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:35:84:92:02:4A:10:B9:52:8A:98:CC:B7:10:30:85:85:81:EE:90
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/lTWEkgJKELlSipjMtxAwhYWB7pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.13.0-217.147.14.255

    Signature Algorithm: sha256WithRSAEncryption
         03:25:c2:b1:09:2b:a7:9c:a6:59:1c:8b:ab:55:47:8a:4b:d9:
         b0:0a:50:10:87:c1:4a:ab:27:bb:68:0e:c2:2d:58:6f:db:8c:
         51:e1:12:fb:e0:2a:6c:5c:e2:07:eb:7f:e7:4c:0b:77:ee:f8:
         de:2f:af:c3:6b:09:54:7a:af:b5:be:83:6c:f1:32:0f:25:92:
         65:3d:80:67:5d:ae:45:86:7b:bc:ac:b1:b2:15:5f:4c:36:1f:
         94:d6:0a:13:4e:20:bc:3d:8d:d2:43:84:b2:89:6b:1f:a7:1b:
         73:65:9f:ec:d7:6f:cd:61:8e:4f:c8:70:93:f7:a0:36:e6:10:
         6f:0b:23:19:85:74:6a:d4:ca:8e:bb:15:65:bb:30:d9:c8:16:
         32:87:37:89:78:de:0f:95:88:4e:b4:3d:96:d8:b5:c5:3e:d1:
         54:34:19:21:88:30:0a:f5:48:e2:83:2c:fe:9d:62:bf:98:33:
         e2:95:b5:cd:a6:84:49:4e:c6:43:fd:b9:9e:67:d7:9a:18:14:
         a1:fb:d2:b8:9d:31:4c:ae:be:41:9a:98:83:f5:ea:2b:3a:30:
         f6:e8:4f:e9:01:86:ad:bd:c1:be:80:c4:5e:08:5e:26:b2:28:
         cd:c2:ed:61:ba:ea:e7:7c:ab:8e:0e:cf:c0:a8:52:a9:97:ec:
         16:0b:29:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZzHb+1ma+EF8fvGaa2m+OsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMzA3MDgzNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTM1ODQ5MjAyNGExMGI5NTI4YTk4Y2NiNzEwMzA4NTg1ODFlZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2z3WKPQWbTlF7Vth8KPFwQyuezw
V5qkNOU3sTp24CqC2zfNWWDnD1X1y53BhBrNus6qBjeqdtCpcHB/k+kwr4fukb5T
z535M3fK3iHo5NejafIcbY/MCIcsqvOVoYfhHDPKdnW0sm8YtbErUTOtBOll8ovR
UtWokzupT2+4t7Acyn0OlVUBPiwJxqkX1vvGDPnTgve78w3xM9lnaEEdtrghVRBV
q6ZGb56zSiN95PLIlHNgsn9gV03OJ+lsK/pViYDXsWX/0NA7Ukj+5gupaIeg2YGo
7MDgsCwBYyAz+9sA4K4ae5DBBibCqGY+IOAYsXtTSXZCUnz1VloHgND9ewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJU1hJICShC5UoqYzLcQMIWFge6QMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvbFRXRWtnSktFTGxTaXBqTXR4QXdoWVdCN3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADZkw0D
BADZkw4wDQYJKoZIhvcNAQELBQADggEBAAMlwrEJK6ecplkci6tVR4pL2bAKUBCH
wUqrJ7toDsItWG/bjFHhEvvgKmxc4gfrf+dMC3fu+N4vr8NrCVR6r7W+g2zxMg8l
kmU9gGddrkWGe7yssbIVX0w2H5TWChNOILw9jdJDhLKJax+nG3Nln+zXb81hjk/I
cJP3oDbmEG8LIxmFdGrUyo67FWW7MNnIFjKHN4l43g+ViE60PZbYtcU+0VQ0GSGI
MAr1SOKDLP6dYr+YM+KVtc2mhElOxkP9uZ5n15oYFKH70ridMUyuvkGamIP16is6
MPboT+kBhq29wb6AxF4IXiayKM3C7WG66ud8q44Oz8CoUqmX7BYLKaI=
-----END CERTIFICATE-----