Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/sk6WLXVZEkboXRVPMZBoeqCrxVY.roa
File:                     sk6WLXVZEkboXRVPMZBoeqCrxVY.roa (raw, json)
Hash identifier:          4xjEoOdVMoXraD+ur+OZrTrLjOFEYcxLVFCWWAfHvz8=
Subject key identifier:   B2:4E:96:2D:75:59:12:46:E8:5D:15:4F:31:90:68:7A:A0:AB:C5:56
Certificate issuer:       /CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
Certificate serial:       019CB368F8EECAB4A4884475819653EF1D7F
Authority key identifier: 2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/sk6WLXVZEkboXRVPMZBoeqCrxVY.roa
Signing time:             Tue 03 Mar 2026 11:15:27 +0000
ROA not before:           Tue 03 Mar 2026 11:15:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207784
IP address blocks:        84.45.124.0/24 maxlen: 24
                          109.104.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:68:f8:ee:ca:b4:a4:88:44:75:81:96:53:ef:1d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
        Validity
            Not Before: Mar  3 11:15:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b24e962d75591246e85d154f3190687aa0abc556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:90:26:dc:d6:18:4c:34:f5:54:be:6b:da:a7:
                    45:5e:6a:87:9a:e3:df:6b:2f:08:b2:6b:9d:59:70:
                    56:dc:11:d8:0e:2f:9a:fb:a1:07:84:d9:7f:df:61:
                    8b:de:53:fb:92:8c:77:c9:34:37:77:a5:cd:25:96:
                    43:bb:0e:47:80:0c:49:a0:be:f9:fa:c8:fa:e5:69:
                    15:4b:70:9e:8d:3d:1e:51:b0:7b:2e:73:e7:95:8a:
                    e8:91:df:09:bb:b6:33:8d:43:bf:63:1a:a9:62:28:
                    3d:dc:bf:70:1a:6b:6d:64:e1:9a:71:69:47:74:af:
                    4e:b3:15:b1:25:06:7a:bc:bb:8d:43:a8:e9:b6:f2:
                    4b:e2:a4:5c:1e:9e:c0:3f:27:fd:15:ca:70:3b:cc:
                    f7:83:2c:be:83:9e:bb:b7:de:f6:63:55:69:13:39:
                    4a:4c:0c:9d:f7:a5:ac:7c:3c:1f:e6:5c:aa:fd:4b:
                    59:f0:f0:1a:63:3d:cb:f4:6d:3c:0b:ba:dd:ce:91:
                    ac:50:8c:e1:1d:c3:d5:f5:fa:a3:90:bc:9f:80:26:
                    90:64:c2:2d:02:45:f3:07:3c:29:74:41:52:aa:43:
                    0e:40:3a:9b:e2:56:9c:a8:d1:ad:36:a7:f2:46:68:
                    e3:bb:dd:eb:fb:d2:b0:2c:d5:1d:40:42:c7:6f:53:
                    cc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4E:96:2D:75:59:12:46:E8:5D:15:4F:31:90:68:7A:A0:AB:C5:56
            X509v3 Authority Key Identifier:
                keyid:2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/sk6WLXVZEkboXRVPMZBoeqCrxVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.45.124.0/24
                  109.104.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:a6:9e:00:11:ba:ce:4b:04:88:77:ec:9b:58:a0:5f:58:eb:
         75:12:3e:64:7d:9c:6a:e0:46:f4:4f:97:8f:5b:d5:e9:58:5e:
         84:10:98:36:74:46:a2:2a:6f:9d:f8:e3:dc:a3:66:f6:87:21:
         44:29:51:6e:ff:fb:99:9a:16:d8:66:4e:1f:c8:44:7a:3e:a1:
         4b:9e:ab:d1:bc:c0:4f:c1:fc:22:82:0e:ae:91:87:c3:c3:d5:
         5b:cf:2f:22:9a:97:d6:a1:9c:0a:bd:33:88:85:e9:f5:96:69:
         b1:ad:fc:da:4a:4c:cb:91:e9:eb:3f:0d:aa:7c:74:2a:06:c2:
         67:53:d7:8a:8d:70:24:04:4c:cc:18:bc:30:3b:1d:50:36:7b:
         99:bc:03:fc:d2:28:3d:d6:a4:16:9f:16:f9:1d:e0:b0:ab:40:
         0e:b7:f7:16:d8:a7:d7:82:d0:7e:91:a2:63:94:4f:04:48:b3:
         8e:b4:e4:15:ab:dc:0a:13:d0:da:43:00:86:95:9d:09:1f:22:
         4e:dc:f0:e7:c6:e7:25:3c:bb:f5:26:53:0c:e2:04:7c:2d:2a:
         03:d2:9a:b6:88:81:99:6d:3c:27:a5:cf:e9:30:27:4f:81:ae:
         93:2d:75:5e:23:62:d6:18:57:d0:97:93:f2:34:ac:53:52:b5:
         a6:41:a4:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyzaPjuyrSkiER1gZZT7x1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlY2M1NzE1YzE2NzYxMTJlZWQ2MzE0NTk0YTU5MzMzYzNk
N2UxZTAwHhcNMjYwMzAzMTExNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRlOTYyZDc1NTkxMjQ2ZTg1ZDE1NGYzMTkwNjg3YWEwYWJjNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJAm3NYYTDT1VL5r2qdFXmqHmuPf
ay8IsmudWXBW3BHYDi+a+6EHhNl/32GL3lP7kox3yTQ3d6XNJZZDuw5HgAxJoL75
+sj65WkVS3CejT0eUbB7LnPnlYrokd8Ju7YzjUO/YxqpYig93L9wGmttZOGacWlH
dK9OsxWxJQZ6vLuNQ6jptvJL4qRcHp7APyf9FcpwO8z3gyy+g567t972Y1VpEzlK
TAyd96WsfDwf5lyq/UtZ8PAaYz3L9G08C7rdzpGsUIzhHcPV9fqjkLyfgCaQZMIt
AkXzBzwpdEFSqkMOQDqb4lacqNGtNqfyRmjju93r+9KwLNUdQELHb1PMIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLJOli11WRJG6F0VTzGQaHqgq8VWMB8GA1UdIwQY
MBaAFC7MVxXBZ2ES7tYxRZSlkzPD1+HgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGIt
MzZmZDYwNmQ4ZDA5LzEvc2s2V0xYVlpFa2JvWFJWUE1aQm9lcUNyeFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGItMzZmZDYwNmQ4ZDA5
LzEvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVC18AwQA
bWhhMA0GCSqGSIb3DQEBCwUAA4IBAQBjpp4AEbrOSwSId+ybWKBfWOt1Ej5kfZxq
4Eb0T5ePW9XpWF6EEJg2dEaiKm+d+OPco2b2hyFEKVFu//uZmhbYZk4fyER6PqFL
nqvRvMBPwfwigg6ukYfDw9Vbzy8impfWoZwKvTOIhen1lmmxrfzaSkzLkenrPw2q
fHQqBsJnU9eKjXAkBEzMGLwwOx1QNnuZvAP80ig91qQWnxb5HeCwq0AOt/cW2KfX
gtB+kaJjlE8ESLOOtOQVq9wKE9DaQwCGlZ0JHyJO3PDnxuclPLv1JlMM4gR8LSoD
0pq2iIGZbTwnpc/pMCdPga6TLXVeI2LWGFfQl5PyNKxTUrWmQaSc
-----END CERTIFICATE-----