Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ofDnG2RR07Ffgo6O-NriMLrnSqk.roa
File:                     ofDnG2RR07Ffgo6O-NriMLrnSqk.roa (raw, json)
Hash identifier:          NnioAnFhMcEqC2jvleG0Rix97KFCy1QoGkLlAfyyOm0=
Subject key identifier:   A1:F0:E7:1B:64:51:D3:B1:5F:82:8E:8E:F8:DA:E2:30:BA:E7:4A:A9
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019D42AA1BF58C03F6BFBCE1CD02045A8092
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ofDnG2RR07Ffgo6O-NriMLrnSqk.roa
Signing time:             Tue 31 Mar 2026 06:52:17 +0000
ROA not before:           Tue 31 Mar 2026 06:52:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200182
IP address blocks:        195.114.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:aa:1b:f5:8c:03:f6:bf:bc:e1:cd:02:04:5a:80:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar 31 06:52:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1f0e71b6451d3b15f828e8ef8dae230bae74aa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:37:a1:3a:1f:c1:47:9b:57:45:56:f3:eb:1d:
                    23:30:56:89:a0:08:7c:7a:3b:d7:d0:70:59:c6:c4:
                    be:4f:8a:8e:ba:7e:f6:26:e8:ab:3d:65:91:a0:29:
                    70:4c:f2:e7:39:b6:7a:31:b5:a3:19:9b:8f:2a:2f:
                    c0:64:99:9f:19:27:13:36:6c:0e:42:90:0c:e6:53:
                    24:bf:be:8e:ff:bd:f1:4d:99:c2:86:c0:0e:70:c7:
                    20:62:75:79:b9:d3:e1:0c:bb:26:cd:ce:6b:ca:c0:
                    7a:f4:d7:ea:81:05:e0:b0:17:0b:80:52:d2:a8:86:
                    6b:24:6a:94:c2:d5:3f:9c:d3:25:5a:51:be:01:e5:
                    71:8f:37:1b:d5:f6:0e:5d:e2:d8:3e:0b:e5:43:b2:
                    6b:aa:a4:c3:1e:52:2e:07:3d:d7:e0:af:e1:eb:34:
                    ff:3d:fd:50:49:c2:6a:fb:fa:b4:29:23:86:e6:55:
                    4c:3b:8a:a0:f8:6e:89:11:f7:d7:06:60:85:23:58:
                    e3:48:b8:fa:1d:58:80:0d:47:b8:cd:af:9c:fe:cb:
                    3d:a1:56:ab:e5:e3:b5:85:95:a8:0a:6d:a4:54:7b:
                    e6:9f:37:b4:a3:b7:dc:03:cb:5a:4c:61:39:15:bd:
                    ce:34:eb:fd:49:30:c9:97:b4:d7:bb:c7:34:4d:4c:
                    9c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F0:E7:1B:64:51:D3:B1:5F:82:8E:8E:F8:DA:E2:30:BA:E7:4A:A9
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ofDnG2RR07Ffgo6O-NriMLrnSqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:f8:59:fc:b3:69:46:42:06:d8:54:be:35:42:61:dd:3e:20:
         66:bf:d3:1c:b3:d5:01:0b:83:fb:45:ac:50:be:e1:5d:2c:9f:
         4a:66:81:14:52:8e:81:6d:92:df:b5:ee:39:21:db:5e:ff:31:
         53:0e:7b:fb:df:ec:11:f8:a2:2f:d0:f9:56:30:8e:aa:e7:10:
         fe:12:cc:4f:40:14:b5:0a:7a:83:0a:76:4d:a4:a4:7a:4e:46:
         73:60:29:e0:62:99:b6:b0:35:b1:dd:8e:cd:8b:26:9b:e0:c0:
         6f:28:c8:aa:1a:05:89:ad:de:a8:b7:e5:9a:6e:a2:cc:6f:63:
         cc:db:71:59:72:ef:89:de:21:ab:0d:a5:e8:c6:4c:ad:6e:96:
         64:d1:83:c0:c6:20:65:30:ee:7b:7c:55:96:fc:e3:0d:29:de:
         4b:ef:4f:97:5f:61:9c:52:3c:c9:c8:7c:ec:5c:61:70:d5:71:
         fc:05:a6:d3:b7:ec:15:cd:6d:e1:2c:8c:32:94:b3:85:fc:29:
         32:c5:1c:82:7a:7d:55:51:c6:c4:80:83:ba:40:db:26:fa:e0:
         02:d4:24:dd:f2:0b:e9:52:4e:2b:51:54:32:69:69:36:a2:1b:
         10:51:e5:a4:cb:9e:0a:1c:62:70:7f:be:13:3d:36:f3:6f:99:
         7d:1c:09:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Cqhv1jAP2v7zhzQIEWoCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMzMxMDY1MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWYwZTcxYjY0NTFkM2IxNWY4MjhlOGVmOGRhZTIzMGJhZTc0YWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzehOh/BR5tXRVbz6x0jMFaJoAh8
ejvX0HBZxsS+T4qOun72JuirPWWRoClwTPLnObZ6MbWjGZuPKi/AZJmfGScTNmwO
QpAM5lMkv76O/73xTZnChsAOcMcgYnV5udPhDLsmzc5rysB69NfqgQXgsBcLgFLS
qIZrJGqUwtU/nNMlWlG+AeVxjzcb1fYOXeLYPgvlQ7JrqqTDHlIuBz3X4K/h6zT/
Pf1QScJq+/q0KSOG5lVMO4qg+G6JEffXBmCFI1jjSLj6HViADUe4za+c/ss9oVar
5eO1hZWoCm2kVHvmnze0o7fcA8taTGE5Fb3ONOv9STDJl7TXu8c0TUycMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHw5xtkUdOxX4KOjvja4jC650qpMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvb2ZEbkcyUlIwN0ZmZ282Ty1OcmlNTHJuU3FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LDMA0G
CSqGSIb3DQEBCwUAA4IBAQAw+Fn8s2lGQgbYVL41QmHdPiBmv9Mcs9UBC4P7RaxQ
vuFdLJ9KZoEUUo6BbZLfte45Idte/zFTDnv73+wR+KIv0PlWMI6q5xD+EsxPQBS1
CnqDCnZNpKR6TkZzYCngYpm2sDWx3Y7Niyab4MBvKMiqGgWJrd6ot+WabqLMb2PM
23FZcu+J3iGrDaXoxkytbpZk0YPAxiBlMO57fFWW/OMNKd5L70+XX2GcUjzJyHzs
XGFw1XH8BabTt+wVzW3hLIwylLOF/CkyxRyCen1VUcbEgIO6QNsm+uAC1CTd8gvp
Uk4rUVQyaWk2ohsQUeWky54KHGJwf74TPTbzb5l9HAmW
-----END CERTIFICATE-----