Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/aUr1ysL81CfqAdniFre4gi94E8A.roa
File:                     aUr1ysL81CfqAdniFre4gi94E8A.roa (raw, json)
Hash identifier:          eONrhGiDVZtdhnOMqJ+egC5boW8zK4VYWv9jkDyNOI4=
Subject key identifier:   69:4A:F5:CA:C2:FC:D4:27:EA:01:D9:E2:16:B7:B8:82:2F:78:13:C0
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       019E7EC960D957509628E46993AFA4DE5A47
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/aUr1ysL81CfqAdniFre4gi94E8A.roa
Signing time:             Sun 31 May 2026 16:06:27 +0000
ROA not before:           Sun 31 May 2026 16:06:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211421
IP address blocks:        80.249.112.0/23 maxlen: 23
                          213.109.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7e:c9:60:d9:57:50:96:28:e4:69:93:af:a4:de:5a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: May 31 16:06:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=694af5cac2fcd427ea01d9e216b7b8822f7813c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8a:63:30:c1:da:f6:c9:62:ee:b2:a3:0f:19:
                    c0:b9:0d:50:ea:92:3d:c8:0f:23:f2:bb:09:98:f7:
                    6e:7d:f4:a0:f4:05:15:f8:29:e6:5c:17:de:8e:44:
                    0b:68:2a:d7:1a:5a:d7:0a:6e:ae:a9:fb:86:cf:2a:
                    f4:36:cb:84:e3:00:41:6e:53:fa:e9:31:58:52:d2:
                    b5:da:a2:9f:9b:31:1e:62:36:90:24:95:98:fe:48:
                    fb:f2:13:2a:a2:b9:10:63:a6:90:27:49:d9:0b:48:
                    bb:7b:41:27:3f:6b:b5:a0:da:34:b4:fe:80:d1:66:
                    09:ca:79:24:50:19:c7:34:76:36:85:2c:de:86:98:
                    91:1f:13:ec:0a:1b:e6:87:ab:02:21:98:c9:9b:ef:
                    1f:09:fc:00:73:b4:33:9a:e8:78:23:c2:89:b4:e2:
                    44:c7:fb:18:6e:cd:b6:76:de:43:c3:86:81:73:41:
                    2e:1b:6d:0b:34:d5:58:ea:50:3d:1a:07:11:7e:77:
                    96:2c:5a:e9:8b:42:b3:ce:e3:51:90:36:8e:fa:58:
                    e7:73:d4:15:9f:4e:a2:04:ba:4f:15:01:13:51:0f:
                    18:a2:02:24:af:42:f3:37:b5:b4:a8:43:83:1c:c4:
                    ff:e4:6d:3e:89:10:17:68:72:df:e1:8a:ae:ef:76:
                    08:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4A:F5:CA:C2:FC:D4:27:EA:01:D9:E2:16:B7:B8:82:2F:78:13:C0
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/aUr1ysL81CfqAdniFre4gi94E8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.112.0/23
                  213.109.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4c:5b:43:41:89:78:75:4f:e9:af:f8:5a:8d:62:56:99:4f:
         5c:6c:ca:f5:f1:b8:61:41:73:79:b5:e0:26:bb:c1:cf:17:bb:
         75:38:38:79:e6:f8:ef:59:5a:9b:6f:b4:ac:12:e1:68:fb:ff:
         73:09:0c:38:71:14:c3:c2:08:ec:ff:ec:f0:fe:19:8d:d9:6e:
         61:5b:fd:a5:8c:f7:21:29:92:c3:76:ea:34:9e:bc:da:8d:e4:
         a3:cb:c5:11:89:d1:93:fc:2d:3e:2c:b2:43:f5:0f:7a:f5:d0:
         c3:21:e0:1e:b0:ea:d0:9b:41:2d:4f:14:f6:91:7c:0b:dc:13:
         02:ba:52:0f:1a:0e:f5:77:8e:d9:83:ab:6e:c7:07:aa:e0:e9:
         81:8d:6a:28:40:03:cc:90:ea:c9:98:7d:2b:ca:bc:f9:68:cf:
         55:7b:25:02:8d:ee:2b:fc:7e:1f:f7:14:a9:b4:f2:02:e0:5f:
         32:d9:d8:38:b4:dd:59:45:a8:a1:75:ca:c6:2c:59:b5:15:06:
         c1:b9:05:13:ed:7e:09:a1:d3:5e:df:ec:ac:10:cf:80:b4:f8:
         e2:62:ce:03:1b:a5:1f:b5:96:19:93:59:ca:00:6c:f5:3a:69:
         31:ae:51:a7:fc:d5:53:fd:ce:4f:a1:84:f1:f4:7f:db:0d:65:
         8b:9d:c2:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5+yWDZV1CWKORpk6+k3lpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjYwNTMxMTYwNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRhZjVjYWMyZmNkNDI3ZWEwMWQ5ZTIxNmI3Yjg4MjJmNzgxM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIpjMMHa9sli7rKjDxnAuQ1Q6pI9
yA8j8rsJmPduffSg9AUV+CnmXBfejkQLaCrXGlrXCm6uqfuGzyr0NsuE4wBBblP6
6TFYUtK12qKfmzEeYjaQJJWY/kj78hMqorkQY6aQJ0nZC0i7e0EnP2u1oNo0tP6A
0WYJynkkUBnHNHY2hSzehpiRHxPsChvmh6sCIZjJm+8fCfwAc7Qzmuh4I8KJtOJE
x/sYbs22dt5Dw4aBc0EuG20LNNVY6lA9GgcRfneWLFrpi0KzzuNRkDaO+ljnc9QV
n06iBLpPFQETUQ8YogIkr0LzN7W0qEODHMT/5G0+iRAXaHLf4Yqu73YIBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlK9crC/NQn6gHZ4ha3uIIveBPAMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvYVVyMXlzTDgxQ2ZxQWRuaUZyZTRnaTk0RThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUPlwAwQA
1W3HMA0GCSqGSIb3DQEBCwUAA4IBAQB4TFtDQYl4dU/pr/hajWJWmU9cbMr18bhh
QXN5teAmu8HPF7t1ODh55vjvWVqbb7SsEuFo+/9zCQw4cRTDwgjs/+zw/hmN2W5h
W/2ljPchKZLDduo0nrzajeSjy8URidGT/C0+LLJD9Q969dDDIeAesOrQm0EtTxT2
kXwL3BMCulIPGg71d47Zg6tuxweq4OmBjWooQAPMkOrJmH0ryrz5aM9VeyUCje4r
/H4f9xSptPIC4F8y2dg4tN1ZRaihdcrGLFm1FQbBuQUT7X4JodNe3+ysEM+AtPji
Ys4DG6UftZYZk1nKAGz1OmkxrlGn/NVT/c5PoYTx9H/bDWWLncJ8
-----END CERTIFICATE-----