Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/mumLWwUy02iI14llBv5wJ_lorZQ.roa
File:                     mumLWwUy02iI14llBv5wJ_lorZQ.roa (raw, json)
Hash identifier:          +ebJj3wcVfSIMhzyt4I03LHO8VAMKf7UgXLiYDudW78=
Subject key identifier:   9A:E9:8B:5B:05:32:D3:68:88:D7:89:65:06:FE:70:27:F9:68:AD:94
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019CFE92A882E3CFB8EFCA718D51E5AAB391
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/mumLWwUy02iI14llBv5wJ_lorZQ.roa
Signing time:             Wed 18 Mar 2026 01:32:29 +0000
ROA not before:           Wed 18 Mar 2026 01:32:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        74.112.152.0/22 maxlen: 24
                          94.229.212.0/24 maxlen: 24
                          205.237.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fe:92:a8:82:e3:cf:b8:ef:ca:71:8d:51:e5:aa:b3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Mar 18 01:32:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ae98b5b0532d36888d7896506fe7027f968ad94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cf:02:81:a0:42:e0:17:5b:d5:dd:9b:86:de:
                    12:dd:4f:87:7d:14:74:09:40:1e:2f:cd:f5:18:55:
                    1f:17:b3:53:a4:89:2e:79:11:a8:85:25:cb:b1:99:
                    f2:de:cd:a8:6f:2d:66:e6:6d:8a:65:1d:d6:42:03:
                    43:16:6b:78:b7:68:eb:5e:c8:84:32:bc:e0:ca:b8:
                    d9:3c:6b:96:e5:61:0c:0a:aa:da:30:6e:14:f0:13:
                    ea:21:3d:91:5f:b5:19:b1:2c:e2:92:78:ce:b3:10:
                    a1:37:1c:0f:35:60:61:f9:66:14:c6:b6:4f:36:c4:
                    07:69:ff:21:08:95:5c:50:57:16:27:85:09:65:3c:
                    d3:e7:20:38:e2:0a:5c:9c:d2:8c:58:01:48:67:94:
                    71:f4:eb:76:8a:68:25:a4:30:75:fc:9e:bf:97:85:
                    83:4f:fa:18:a0:1a:2e:f0:3d:d3:ee:74:42:79:d8:
                    5f:8f:ed:81:8e:be:5d:a9:01:b1:15:5b:ad:be:62:
                    f9:bb:f2:cb:2c:48:6a:11:90:27:37:af:54:72:8c:
                    3a:9a:9d:bb:93:e0:9c:7a:1d:f1:c4:c3:46:8e:78:
                    31:96:22:d5:03:05:60:a5:da:af:e2:81:57:8e:9f:
                    ac:f4:c8:ed:5a:07:39:30:5b:32:13:09:d2:8d:71:
                    68:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E9:8B:5B:05:32:D3:68:88:D7:89:65:06:FE:70:27:F9:68:AD:94
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/mumLWwUy02iI14llBv5wJ_lorZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.112.152.0/22
                  94.229.212.0/24
                  205.237.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:c7:04:f0:a9:82:ac:3d:6b:25:25:a6:03:6e:1d:44:37:d0:
         fd:f0:ab:ec:94:95:70:0d:29:5c:63:11:74:46:b2:3d:78:d5:
         14:63:7d:70:cf:85:36:e9:95:fd:a2:06:3b:c1:ea:e4:87:fb:
         0f:f6:2c:98:57:6d:3e:38:41:89:ff:dc:5f:33:6f:66:12:bd:
         45:05:8a:a5:eb:fc:c6:98:5a:01:15:a7:b4:40:0d:8f:a1:1d:
         ce:12:78:53:69:45:ba:22:fa:10:46:ae:73:9f:36:ec:85:06:
         00:85:8f:3f:57:8f:0d:6f:9f:58:c6:d0:a7:a2:68:44:e7:a1:
         57:38:e7:2f:86:5e:d1:68:66:97:48:5c:a5:a0:b0:9c:e0:7f:
         51:96:a6:b6:d0:22:22:e6:b5:8c:b4:50:65:4e:28:54:8f:86:
         d7:96:da:98:51:04:d1:63:ad:28:13:67:56:b2:a0:ee:ef:a9:
         41:20:85:e7:04:e2:72:4b:7b:64:6a:26:a8:63:d3:49:da:d2:
         28:59:1b:49:ea:97:ac:92:69:82:38:31:f0:38:63:67:32:16:
         78:08:26:a8:22:38:e8:ec:f2:b2:e1:53:65:a0:50:b5:70:71:
         9b:c0:49:17:2f:61:e5:ee:30:12:7b:53:41:e8:c5:be:be:93:
         7e:4a:97:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZz+kqiC48+478pxjVHlqrORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMzE4MDEzMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWU5OGI1YjA1MzJkMzY4ODhkNzg5NjUwNmZlNzAyN2Y5NjhhZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA088CgaBC4Bdb1d2bht4S3U+HfRR0
CUAeL831GFUfF7NTpIkueRGohSXLsZny3s2oby1m5m2KZR3WQgNDFmt4t2jrXsiE
MrzgyrjZPGuW5WEMCqraMG4U8BPqIT2RX7UZsSziknjOsxChNxwPNWBh+WYUxrZP
NsQHaf8hCJVcUFcWJ4UJZTzT5yA44gpcnNKMWAFIZ5Rx9Ot2imglpDB1/J6/l4WD
T/oYoBou8D3T7nRCedhfj+2Bjr5dqQGxFVutvmL5u/LLLEhqEZAnN69Ucow6mp27
k+Cceh3xxMNGjngxliLVAwVgpdqv4oFXjp+s9MjtWgc5MFsyEwnSjXFoewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJrpi1sFMtNoiNeJZQb+cCf5aK2UMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvbXVtTFd3VXkwMmlJMTRsbEJ2NXdKX2xvclpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCSnCYAwQA
XuXUAwQCze1YMA0GCSqGSIb3DQEBCwUAA4IBAQADxwTwqYKsPWslJaYDbh1EN9D9
8KvslJVwDSlcYxF0RrI9eNUUY31wz4U26ZX9ogY7werkh/sP9iyYV20+OEGJ/9xf
M29mEr1FBYql6/zGmFoBFae0QA2PoR3OEnhTaUW6IvoQRq5znzbshQYAhY8/V48N
b59YxtCnomhE56FXOOcvhl7RaGaXSFyloLCc4H9Rlqa20CIi5rWMtFBlTihUj4bX
ltqYUQTRY60oE2dWsqDu76lBIIXnBOJyS3tkaiaoY9NJ2tIoWRtJ6peskmmCODHw
OGNnMhZ4CCaoIjjo7PKy4VNloFC1cHGbwEkXL2Hl7jASe1NB6MW+vpN+SpdE
-----END CERTIFICATE-----