Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/2c-E5BZdiwqZ2Q-DnytRU90rLWI.roa
File:                     2c-E5BZdiwqZ2Q-DnytRU90rLWI.roa (raw, json)
Hash identifier:          +KiT1wYNU4xT/dbPCwls8LNvm2nJx4GyHtaKqzRjkQI=
Subject key identifier:   D9:CF:84:E4:16:5D:8B:0A:99:D9:0F:83:9F:2B:51:53:DD:2B:2D:62
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019CAE7D358318BF47E41F96E2F3094DD20D
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/2c-E5BZdiwqZ2Q-DnytRU90rLWI.roa
Signing time:             Mon 02 Mar 2026 12:19:27 +0000
ROA not before:           Mon 02 Mar 2026 12:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48266
IP address blocks:        95.155.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 10:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:7d:35:83:18:bf:47:e4:1f:96:e2:f3:09:4d:d2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Mar  2 12:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9cf84e4165d8b0a99d90f839f2b5153dd2b2d62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2b:a9:83:36:29:ad:e5:77:f9:3b:d5:c5:81:
                    4c:63:31:ef:75:f6:3f:96:9d:18:67:7f:ad:93:75:
                    83:da:6b:c7:9d:3e:a0:fa:2a:18:6a:dd:03:51:c9:
                    93:32:df:0b:89:de:d8:38:54:75:3f:31:60:74:42:
                    31:ca:69:b7:f6:97:c1:5a:0c:c5:d9:27:0f:eb:09:
                    92:fe:c6:90:57:23:b4:e6:9a:79:17:f6:02:f7:06:
                    f9:8b:87:5c:97:04:30:aa:d6:d0:24:b5:b6:3c:f7:
                    c3:32:8a:d7:cc:71:02:39:91:ad:60:34:0b:8c:0a:
                    2b:b2:bd:79:ca:61:17:39:ac:10:28:1a:01:72:46:
                    d9:f6:06:48:d3:d0:53:ab:67:f6:5a:41:e4:80:ed:
                    be:8e:84:11:88:8e:ab:bf:53:12:a8:90:4b:e5:4a:
                    00:19:13:02:90:19:1f:b8:a0:a3:fd:e8:3c:03:46:
                    db:a9:c4:7f:60:0d:4d:92:71:2d:c2:16:f7:b9:a1:
                    13:f0:fd:8a:a2:3f:c0:82:33:2e:bb:fe:c3:0b:e0:
                    73:b4:f1:5b:c9:07:e3:5b:a7:7e:9f:b2:dd:5b:f2:
                    db:69:68:59:f0:22:5b:43:72:85:8c:13:bc:44:5a:
                    ce:df:83:cd:74:f2:bd:0d:a0:0e:6d:cd:f5:5b:d3:
                    64:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:CF:84:E4:16:5D:8B:0A:99:D9:0F:83:9F:2B:51:53:DD:2B:2D:62
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/2c-E5BZdiwqZ2Q-DnytRU90rLWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:c0:d3:fb:78:f3:65:9b:52:d2:b6:4c:01:00:9e:c9:3b:c2:
         ab:95:96:48:c7:b7:79:1e:bd:9d:c2:c1:b5:d8:e4:6c:97:18:
         63:73:d6:b3:6b:9e:f3:7a:a1:cb:35:b4:2c:78:42:2a:c3:b3:
         49:68:cf:ec:36:bf:c7:ce:31:9e:ba:ee:78:29:6c:58:15:a7:
         c5:59:08:62:55:66:26:50:e7:58:50:6f:37:3c:15:d5:08:67:
         ba:6b:a6:07:37:69:cc:77:b6:50:c3:b5:2a:9e:11:a5:a2:bd:
         ee:91:bb:88:fc:98:d5:18:44:08:15:0e:8f:dd:f2:5b:86:86:
         a3:5b:a3:b0:76:c8:33:aa:7a:81:89:95:ba:ab:27:86:ed:ee:
         cc:f5:5b:9b:1d:95:40:02:83:f0:fb:f5:46:0e:c2:7d:1f:0d:
         0d:61:b6:e0:f2:74:cb:e1:b3:ec:10:02:fc:91:f2:4a:58:11:
         d2:c2:81:f6:9e:d6:e4:be:1d:ca:48:2a:1b:91:50:de:35:9f:
         08:23:fd:f6:fc:9d:70:b6:99:42:19:73:cd:2e:21:8b:bc:a9:
         81:47:ae:50:13:dc:47:71:01:04:5b:96:bf:86:d2:a6:42:01:
         9c:74:9f:11:cc:1d:eb:01:e5:5b:73:f2:76:09:d7:4d:18:7f:
         6d:81:d0:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyufTWDGL9H5B+W4vMJTdINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwMzAyMTIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNmODRlNDE2NWQ4YjBhOTlkOTBmODM5ZjJiNTE1M2RkMmIyZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSupgzYpreV3+TvVxYFMYzHvdfY/
lp0YZ3+tk3WD2mvHnT6g+ioYat0DUcmTMt8Lid7YOFR1PzFgdEIxymm39pfBWgzF
2ScP6wmS/saQVyO05pp5F/YC9wb5i4dclwQwqtbQJLW2PPfDMorXzHECOZGtYDQL
jAorsr15ymEXOawQKBoBckbZ9gZI09BTq2f2WkHkgO2+joQRiI6rv1MSqJBL5UoA
GRMCkBkfuKCj/eg8A0bbqcR/YA1NknEtwhb3uaET8P2Koj/AgjMuu/7DC+BztPFb
yQfjW6d+n7LdW/LbaWhZ8CJbQ3KFjBO8RFrO34PNdPK9DaAObc31W9Nk2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnPhOQWXYsKmdkPg58rUVPdKy1iMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvMmMtRTVCWmRpd3FaMlEtRG55dFJVOTByTFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5uRMA0G
CSqGSIb3DQEBCwUAA4IBAQA+wNP7ePNlm1LStkwBAJ7JO8KrlZZIx7d5Hr2dwsG1
2ORslxhjc9aza57zeqHLNbQseEIqw7NJaM/sNr/HzjGeuu54KWxYFafFWQhiVWYm
UOdYUG83PBXVCGe6a6YHN2nMd7ZQw7UqnhGlor3ukbuI/JjVGEQIFQ6P3fJbhoaj
W6OwdsgzqnqBiZW6qyeG7e7M9VubHZVAAoPw+/VGDsJ9Hw0NYbbg8nTL4bPsEAL8
kfJKWBHSwoH2ntbkvh3KSCobkVDeNZ8II/32/J1wtplCGXPNLiGLvKmBR65QE9xH
cQEEW5a/htKmQgGcdJ8RzB3rAeVbc/J2CddNGH9tgdAs
-----END CERTIFICATE-----