Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/9zKp-C_pAMEIaqr0sp4A8ZATXhM.roa
File:                     9zKp-C_pAMEIaqr0sp4A8ZATXhM.roa (raw, json)
Hash identifier:          2S2O2Ruy0UoJaMl/WLPTBZ5v0Sh/FIVzqayXsx6eq4M=
Subject key identifier:   F7:32:A9:F8:2F:E9:00:C1:08:6A:AA:F4:B2:9E:00:F1:90:13:5E:13
Certificate issuer:       /CN=f8d3e9daedb6ba426b6816d1c90f379223be7576
Certificate serial:       019B7EA73BF040C832C9241896F0057D6A2F
Authority key identifier: F8:D3:E9:DA:ED:B6:BA:42:6B:68:16:D1:C9:0F:37:92:23:BE:75:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-NPp2u22ukJraBbRyQ83kiO-dXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/9zKp-C_pAMEIaqr0sp4A8ZATXhM.roa
Signing time:             Fri 02 Jan 2026 12:20:47 +0000
ROA not before:           Fri 02 Jan 2026 12:20:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213117
IP address blocks:        92.119.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/1-NPp2u22ukJraBbRyQ83kiO-dXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/1-NPp2u22ukJraBbRyQ83kiO-dXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-NPp2u22ukJraBbRyQ83kiO-dXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:3b:f0:40:c8:32:c9:24:18:96:f0:05:7d:6a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8d3e9daedb6ba426b6816d1c90f379223be7576
        Validity
            Not Before: Jan  2 12:20:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f732a9f82fe900c1086aaaf4b29e00f190135e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7a:af:30:39:20:22:e2:c4:2e:cf:70:93:5f:
                    b2:78:19:77:fe:cb:7f:eb:a7:7b:60:11:c5:29:0a:
                    a1:bc:f3:80:23:35:5b:a6:af:99:7c:2f:a9:4a:a2:
                    25:d8:d5:2d:98:ff:37:db:d0:f0:6f:f4:25:69:ea:
                    f4:75:e3:b9:ca:ef:3e:56:7b:3c:e5:89:2e:84:54:
                    73:b3:66:f2:3f:d7:b2:25:fa:a5:98:7b:db:de:87:
                    3b:7b:b9:5e:38:7d:e9:10:51:ad:6a:d3:c4:43:39:
                    a8:57:2a:44:db:71:ed:38:a2:39:9b:2a:75:da:77:
                    f1:d9:07:d7:f8:1e:0d:31:b0:dc:61:7d:d1:1f:ca:
                    ff:9c:0b:49:73:3c:25:cf:ab:e5:0f:de:5a:aa:2a:
                    05:8e:93:2a:f2:99:c6:72:f3:9e:f6:20:e2:c6:a5:
                    57:6b:9d:b5:c5:53:d9:25:ea:32:64:0d:8c:6c:8d:
                    5c:97:d1:d0:fe:80:78:0c:f1:d4:1c:11:d1:1a:45:
                    2e:f1:e6:05:6b:cb:56:37:bf:8b:43:1b:45:24:6c:
                    29:f1:d2:a9:05:ae:6d:9f:64:4d:80:17:4a:96:96:
                    55:a9:11:78:41:c5:4a:bd:f5:2b:54:91:84:97:dd:
                    e1:12:89:db:bf:de:25:44:70:28:a7:a8:ce:0b:da:
                    56:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:32:A9:F8:2F:E9:00:C1:08:6A:AA:F4:B2:9E:00:F1:90:13:5E:13
            X509v3 Authority Key Identifier:
                keyid:F8:D3:E9:DA:ED:B6:BA:42:6B:68:16:D1:C9:0F:37:92:23:BE:75:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-NPp2u22ukJraBbRyQ83kiO-dXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/9zKp-C_pAMEIaqr0sp4A8ZATXhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/228f34-3563-44d4-8ffb-6b3273f344f3/1/1-NPp2u22ukJraBbRyQ83kiO-dXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:87:9c:d3:14:98:1f:82:ec:2e:d2:4c:5c:ab:8f:1b:00:17:
         e8:2e:11:f9:2b:8c:c5:36:30:8e:fd:06:a3:34:5c:8e:b9:4b:
         41:66:7f:43:c7:a4:da:c9:52:fd:39:85:4e:18:4f:aa:ee:a2:
         53:19:c3:1b:f9:54:3d:4a:ad:1b:aa:54:fe:68:88:dd:2b:e8:
         f0:eb:65:50:66:03:5d:0e:36:d7:f1:c6:ad:01:20:a8:b7:81:
         d8:45:c3:f4:9a:58:0c:a2:38:b2:c6:a3:87:17:f6:33:9f:e6:
         94:11:a7:d3:ce:23:66:4d:2e:93:da:92:a4:23:bc:c0:09:07:
         a7:f1:f8:61:7f:75:40:df:6c:e7:c9:c5:01:a7:32:7f:f0:c9:
         e4:f5:30:9c:86:8d:0d:2d:df:d9:8f:67:f3:ad:c6:74:30:a7:
         17:c9:3b:26:8f:20:18:47:d2:ed:37:17:3f:3e:e7:ce:94:91:
         aa:45:cc:04:f1:58:8e:c2:1a:df:1d:c1:61:1a:e7:ed:ad:e3:
         b4:d8:87:81:e2:67:58:2a:dc:82:45:c6:11:25:5f:b0:15:af:
         65:60:c2:43:52:c5:e6:e8:15:90:65:e6:53:fb:d6:58:4a:fb:
         dc:59:5c:db:15:3c:67:9e:5d:fb:1b:37:5e:17:68:b0:c9:d2:
         be:47:54:c8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+pzvwQMgyySQYlvAFfWovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZDNlOWRhZWRiNmJhNDI2YjY4MTZkMWM5MGYzNzkyMjNi
ZTc1NzYwHhcNMjYwMTAyMTIyMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzMyYTlmODJmZTkwMGMxMDg2YWFhZjRiMjllMDBmMTkwMTM1ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXqvMDkgIuLELs9wk1+yeBl3/st/
66d7YBHFKQqhvPOAIzVbpq+ZfC+pSqIl2NUtmP8329Dwb/Qlaer0deO5yu8+Vns8
5YkuhFRzs2byP9eyJfqlmHvb3oc7e7leOH3pEFGtatPEQzmoVypE23HtOKI5myp1
2nfx2QfX+B4NMbDcYX3RH8r/nAtJczwlz6vlD95aqioFjpMq8pnGcvOe9iDixqVX
a521xVPZJeoyZA2MbI1cl9HQ/oB4DPHUHBHRGkUu8eYFa8tWN7+LQxtFJGwp8dKp
Ba5tn2RNgBdKlpZVqRF4QcVKvfUrVJGEl93hEonbv94lRHAop6jOC9pWHwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPcyqfgv6QDBCGqq9LKeAPGQE14TMB8GA1UdIwQY
MBaAFPjT6drttrpCa2gW0ckPN5IjvnV2MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1OUHAydTIydWtKcmFCYlJ5UTgza2lPLWRYWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDkvMjI4ZjM0LTM1NjMtNDRkNC04ZmZi
LTZiMzI3M2YzNDRmMy8xLzl6S3AtQ19wQU1FSWFxcjBzcDRBOFpBVFhoTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDkvMjI4ZjM0LTM1NjMtNDRkNC04ZmZiLTZiMzI3M2YzNDRm
My8xLzEtTlBwMnUyMnVrSnJhQmJSeVE4M2tpTy1kWFkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABcd9gw
DQYJKoZIhvcNAQELBQADggEBAKGHnNMUmB+C7C7STFyrjxsAF+guEfkrjMU2MI79
BqM0XI65S0Fmf0PHpNrJUv05hU4YT6ruolMZwxv5VD1KrRuqVP5oiN0r6PDrZVBm
A10ONtfxxq0BIKi3gdhFw/SaWAyiOLLGo4cX9jOf5pQRp9POI2ZNLpPakqQjvMAJ
B6fx+GF/dUDfbOfJxQGnMn/wyeT1MJyGjQ0t39mPZ/OtxnQwpxfJOyaPIBhH0u03
Fz8+586UkapFzATxWI7CGt8dwWEa5+2t47TYh4HiZ1gq3IJFxhElX7AVr2VgwkNS
xeboFZBl5lP71lhK+9xZXNsVPGeeXfsbN14XaLDJ0r5HVMg=
-----END CERTIFICATE-----