Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/fKtoyxRVW8bUMI_rB5p-nLcW5mU.roa
File:                     fKtoyxRVW8bUMI_rB5p-nLcW5mU.roa (raw, json)
Hash identifier:          ps8RU8VkZlyeWoj9Je22w0i7MXOLJvXdQve7pnVShE0=
Subject key identifier:   7C:AB:68:CB:14:55:5B:C6:D4:30:8F:EB:07:9A:7E:9C:B7:16:E6:65
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019CB8016D05BE6B38DB2A1B24833AFF4853
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/fKtoyxRVW8bUMI_rB5p-nLcW5mU.roa
Signing time:             Wed 04 Mar 2026 08:40:27 +0000
ROA not before:           Wed 04 Mar 2026 08:40:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22427
IP address blocks:        213.220.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:01:6d:05:be:6b:38:db:2a:1b:24:83:3a:ff:48:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar  4 08:40:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cab68cb14555bc6d4308feb079a7e9cb716e665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:df:b4:f0:19:55:53:bc:51:8b:29:b7:4d:2d:
                    1a:65:38:c6:cb:c8:de:40:3f:6f:52:e2:17:91:24:
                    42:e8:e3:29:26:1f:64:23:d4:29:f7:22:cb:10:c4:
                    61:3d:b8:3f:a1:24:e6:4f:a7:2f:ec:ae:7d:a0:68:
                    fd:13:2c:10:ac:32:81:e2:4b:c5:14:38:8c:cc:42:
                    17:30:bd:c2:1f:f5:31:b9:cd:30:da:48:de:63:cf:
                    31:d4:74:e8:48:02:f5:b2:08:7a:e9:30:fb:d5:bc:
                    fd:18:1c:be:cb:4b:52:40:20:0c:b9:0a:2c:6c:f2:
                    9e:b2:1e:f1:a9:80:d0:f6:c6:6c:14:00:3d:60:15:
                    1c:fd:73:47:65:1f:4c:98:af:78:78:26:ef:36:84:
                    45:52:30:42:c9:4f:2c:05:b1:ad:73:62:d8:38:fc:
                    12:fb:0d:a2:fe:5d:38:b5:03:8f:a2:40:db:09:84:
                    23:d1:14:34:e4:6d:35:d9:a5:a1:7e:99:21:79:14:
                    28:aa:2b:20:39:43:22:d6:94:70:fc:82:a8:44:f9:
                    63:d1:a4:d1:53:0a:36:88:32:e3:3d:de:25:7a:61:
                    32:a0:02:99:15:8a:86:cf:35:70:a6:11:65:42:48:
                    8d:83:95:30:fd:a2:a0:52:12:84:74:6b:76:f7:46:
                    7e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:AB:68:CB:14:55:5B:C6:D4:30:8F:EB:07:9A:7E:9C:B7:16:E6:65
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/fKtoyxRVW8bUMI_rB5p-nLcW5mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:dd:18:ac:88:da:dc:28:24:06:49:69:e7:ca:aa:99:9c:3e:
         6e:e5:9f:00:7d:e4:9c:be:05:bb:5a:06:fc:47:1b:be:9f:81:
         3f:90:b1:89:26:38:88:c6:36:76:22:60:b3:ff:bf:ca:df:8f:
         05:37:2b:7d:f3:50:88:89:f6:26:2e:f7:14:68:2b:34:cf:72:
         db:35:c3:18:57:7a:bc:ef:9c:d3:fe:d7:49:67:69:7b:30:76:
         03:c0:42:e5:f5:cc:6e:4e:5c:3c:1a:9c:be:ac:a8:0d:9f:ce:
         3b:aa:e7:91:c3:2b:75:3e:54:6b:1e:31:f1:77:df:49:41:25:
         f4:17:ba:3a:61:18:f6:10:4e:36:b8:90:af:28:b1:7f:bc:bc:
         75:32:f5:90:f1:b0:f9:15:95:da:fa:2e:2b:8c:a8:8e:2c:ea:
         e1:70:a6:53:fc:71:0a:ba:44:63:a9:a2:90:05:05:d9:76:15:
         9c:00:21:da:a4:dd:a2:31:34:24:92:60:ee:53:80:3f:c2:c0:
         77:50:30:16:d6:f3:ca:ab:f7:ee:db:05:fa:dc:90:a5:71:8d:
         89:c7:7f:71:2a:72:bf:1f:99:3d:44:da:44:6c:ad:a1:c2:a1:
         fb:fb:6f:d7:09:fb:d7:0d:52:80:c6:1e:d9:80:dc:be:b5:8e:
         30:a2:f5:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4AW0Fvms42yobJIM6/0hTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMzA0MDg0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2FiNjhjYjE0NTU1YmM2ZDQzMDhmZWIwNzlhN2U5Y2I3MTZlNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9+08BlVU7xRiym3TS0aZTjGy8je
QD9vUuIXkSRC6OMpJh9kI9Qp9yLLEMRhPbg/oSTmT6cv7K59oGj9EywQrDKB4kvF
FDiMzEIXML3CH/Uxuc0w2kjeY88x1HToSAL1sgh66TD71bz9GBy+y0tSQCAMuQos
bPKesh7xqYDQ9sZsFAA9YBUc/XNHZR9MmK94eCbvNoRFUjBCyU8sBbGtc2LYOPwS
+w2i/l04tQOPokDbCYQj0RQ05G012aWhfpkheRQoqisgOUMi1pRw/IKoRPlj0aTR
Uwo2iDLjPd4lemEyoAKZFYqGzzVwphFlQkiNg5Uw/aKgUhKEdGt290Z+TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyraMsUVVvG1DCP6weafpy3FuZlMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvZkt0b3l4UlZXOGJVTUlfckI1cC1uTGNXNW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwyMA0G
CSqGSIb3DQEBCwUAA4IBAQAo3RisiNrcKCQGSWnnyqqZnD5u5Z8AfeScvgW7Wgb8
Rxu+n4E/kLGJJjiIxjZ2ImCz/7/K348FNyt981CIifYmLvcUaCs0z3LbNcMYV3q8
75zT/tdJZ2l7MHYDwELl9cxuTlw8Gpy+rKgNn847queRwyt1PlRrHjHxd99JQSX0
F7o6YRj2EE42uJCvKLF/vLx1MvWQ8bD5FZXa+i4rjKiOLOrhcKZT/HEKukRjqaKQ
BQXZdhWcACHapN2iMTQkkmDuU4A/wsB3UDAW1vPKq/fu2wX63JClcY2Jx39xKnK/
H5k9RNpEbK2hwqH7+2/XCfvXDVKAxh7ZgNy+tY4wovWt
-----END CERTIFICATE-----