Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/CPLUynwu2NtFcucVWVxqTphoPjM.roa
File:                     CPLUynwu2NtFcucVWVxqTphoPjM.roa (raw, json)
Hash identifier:          V+jAkOUO5qvzn78/cOQ6/1OzIhTFNyket1nMyJB8WXI=
Subject key identifier:   08:F2:D4:CA:7C:2E:D8:DB:45:72:E7:15:59:5C:6A:4E:98:68:3E:33
Certificate issuer:       /CN=16979d37da016abd13279270ba55d6b3c2960578
Certificate serial:       019EB5FB6379B9F008967269E392BA0CAABA
Authority key identifier: 16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/CPLUynwu2NtFcucVWVxqTphoPjM.roa
Signing time:             Thu 11 Jun 2026 09:20:11 +0000
ROA not before:           Thu 11 Jun 2026 09:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43906
IP address blocks:        91.198.229.0/24 maxlen: 24
                          2001:678:12a4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:fb:63:79:b9:f0:08:96:72:69:e3:92:ba:0c:aa:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16979d37da016abd13279270ba55d6b3c2960578
        Validity
            Not Before: Jun 11 09:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08f2d4ca7c2ed8db4572e715595c6a4e98683e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:90:48:72:13:ab:0e:e4:41:1b:8d:b1:12:
                    3d:9a:96:7f:82:cb:3e:41:09:72:e3:1a:7f:ec:a4:
                    d7:1d:a5:f3:b7:83:95:6d:3b:93:59:c6:ed:25:ab:
                    41:92:72:9e:ba:e3:17:23:0a:7c:ea:3d:4b:9c:22:
                    c0:e5:d1:1a:ea:5c:8d:2d:b9:f4:f0:80:3e:65:22:
                    b2:11:a6:49:9d:54:7b:08:a1:8a:8a:cb:a6:4a:28:
                    41:80:7b:fc:95:8a:fb:dc:f4:97:f3:f8:6f:02:4f:
                    0a:b9:c4:4b:26:35:d1:ed:e1:1a:f6:d5:cb:26:b0:
                    a0:54:79:2a:d1:81:da:c3:e5:41:4d:2d:6e:4a:86:
                    7b:d5:1a:12:84:f8:3d:c6:af:61:5d:4a:b9:e9:cd:
                    f1:4b:4c:d1:92:33:d6:de:a1:bb:38:32:2d:f3:f8:
                    f8:05:f7:b6:96:a7:79:c6:ce:f0:75:d3:f1:e4:c1:
                    7d:ba:d5:67:91:81:c0:d2:61:74:07:20:ae:7a:42:
                    0a:c6:31:3f:43:56:d8:07:58:b8:f5:82:bc:e5:cc:
                    7f:73:fa:cd:5b:22:d0:05:d8:32:6d:1f:d7:bc:47:
                    b4:a1:e9:a7:97:ea:11:35:f4:34:c0:f1:9a:e2:9d:
                    a2:8c:d5:63:d0:f2:0f:72:a5:8c:e0:bd:25:ac:55:
                    4f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F2:D4:CA:7C:2E:D8:DB:45:72:E7:15:59:5C:6A:4E:98:68:3E:33
            X509v3 Authority Key Identifier:
                keyid:16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/CPLUynwu2NtFcucVWVxqTphoPjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.229.0/24
                IPv6:
                  2001:678:12a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:b0:d4:9b:d2:1b:6d:93:9e:db:27:d9:17:92:73:c4:ff:98:
         b4:3f:da:22:50:aa:ed:09:4c:90:66:c9:7b:4e:48:7f:e7:16:
         6a:e7:68:4e:4a:41:98:79:aa:4f:58:2f:2b:88:17:67:87:a6:
         bf:b5:aa:13:29:e9:15:b2:14:2b:bf:15:37:03:47:b4:a4:c4:
         02:51:ca:2f:18:90:6f:35:60:ee:9f:fe:e8:18:7d:38:a1:d2:
         2e:81:e9:d8:ea:2d:ac:48:a7:f5:c1:b0:6e:89:50:2b:7b:f2:
         4a:98:bb:47:61:41:54:2c:3b:a1:45:1f:f9:4e:41:b9:dd:78:
         c2:b8:88:34:95:1f:1f:70:dc:13:29:5e:79:63:80:23:4b:26:
         96:fb:1c:8e:d3:5e:9f:46:00:c2:9d:da:a9:46:49:73:2a:8b:
         44:cc:7b:79:94:c5:16:5e:9f:66:2f:38:e5:76:45:ef:79:05:
         55:f8:04:72:be:8e:32:0f:1f:40:49:e5:07:0e:0b:bf:72:39:
         06:a5:dd:37:ae:9f:03:a0:d5:91:0c:90:2a:50:c0:e5:85:94:
         25:5e:97:9a:c2:86:d4:5b:c5:00:23:fa:95:8d:9b:36:22:af:
         b2:eb:fd:4a:f9:65:55:9e:94:a1:2b:55:7d:8e:fc:d2:32:0f:
         49:b9:ba:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ61+2N5ufAIlnJp45K6DKq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTc5ZDM3ZGEwMTZhYmQxMzI3OTI3MGJhNTVkNmIzYzI5
NjA1NzgwHhcNMjYwNjExMDkyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYyZDRjYTdjMmVkOGRiNDU3MmU3MTU1OTVjNmE0ZTk4NjgzZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5OQSHITqw7kQRuNsRI9mpZ/gss+
QQly4xp/7KTXHaXzt4OVbTuTWcbtJatBknKeuuMXIwp86j1LnCLA5dEa6lyNLbn0
8IA+ZSKyEaZJnVR7CKGKisumSihBgHv8lYr73PSX8/hvAk8KucRLJjXR7eEa9tXL
JrCgVHkq0YHaw+VBTS1uSoZ71RoShPg9xq9hXUq56c3xS0zRkjPW3qG7ODIt8/j4
Bfe2lqd5xs7wddPx5MF9utVnkYHA0mF0ByCuekIKxjE/Q1bYB1i49YK85cx/c/rN
WyLQBdgybR/XvEe0oemnl+oRNfQ0wPGa4p2ijNVj0PIPcqWM4L0lrFVPKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAjy1Mp8LtjbRXLnFVlcak6YaD4zMB8GA1UdIwQY
MBaAFBaXnTfaAWq9EyeScLpV1rPClgV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzIt
YjlkYmRjOGI0MzljLzEvQ1BMVXlud3UyTnRGY3VjVldWeHFUcGhvUGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzItYjlkYmRjOGI0Mzlj
LzEvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8blMA8E
AgACMAkDBwAgAQZ4EqQwDQYJKoZIhvcNAQELBQADggEBAJCw1JvSG22Tntsn2ReS
c8T/mLQ/2iJQqu0JTJBmyXtOSH/nFmrnaE5KQZh5qk9YLyuIF2eHpr+1qhMp6RWy
FCu/FTcDR7SkxAJRyi8YkG81YO6f/ugYfTih0i6B6djqLaxIp/XBsG6JUCt78kqY
u0dhQVQsO6FFH/lOQbndeMK4iDSVHx9w3BMpXnljgCNLJpb7HI7TXp9GAMKd2qlG
SXMqi0TMe3mUxRZen2YvOOV2Re95BVX4BHK+jjIPH0BJ5QcOC79yOQal3TeunwOg
1ZEMkCpQwOWFlCVel5rChtRbxQAj+pWNmzYir7Lr/Ur5ZVWelKErVX2O/NIyD0m5
uh0=
-----END CERTIFICATE-----