Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xIlZTQbgDGLDZ2R1Os93qaxbIpU.roa
File:                     xIlZTQbgDGLDZ2R1Os93qaxbIpU.roa (raw, json)
Hash identifier:          3xSVA9pgmj6pxskGgKdeL94CZ1PYBtkdbbHcyweBovY=
Subject key identifier:   C4:89:59:4D:06:E0:0C:62:C3:67:64:75:3A:CF:77:A9:AC:5B:22:95
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019C9F686E7BA4BBC0A49698D0AD57EF7A02
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xIlZTQbgDGLDZ2R1Os93qaxbIpU.roa
Signing time:             Fri 27 Feb 2026 14:02:27 +0000
ROA not before:           Fri 27 Feb 2026 14:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205775
IP address blocks:        147.45.45.0/24 maxlen: 24
                          193.233.112.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:68:6e:7b:a4:bb:c0:a4:96:98:d0:ad:57:ef:7a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 27 14:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c489594d06e00c62c36764753acf77a9ac5b2295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:13:6a:c3:0e:22:30:33:7f:f0:9f:2e:4c:76:
                    09:ca:aa:70:b5:36:90:7d:cf:d7:bd:5c:27:9b:f2:
                    fe:4a:40:26:15:e6:c1:a4:7c:b0:b3:b8:63:d0:62:
                    b3:0e:ee:32:4e:ce:c1:b5:5b:dc:ab:26:13:c0:9f:
                    41:20:a3:89:a1:2d:fd:51:ef:cd:9e:fc:63:a8:c5:
                    93:e5:fd:8f:9f:e0:55:ee:7a:2b:0e:1b:18:37:87:
                    b5:8e:65:6d:f3:3b:78:cf:9e:9b:4c:60:12:f0:88:
                    8c:f5:f0:8f:da:d1:da:98:11:63:bc:29:3a:88:68:
                    74:96:39:98:d5:1a:bf:6d:bb:01:e6:b3:8c:31:4d:
                    c2:db:d5:c1:d3:d2:31:78:f7:75:dc:43:5e:20:3a:
                    a8:ef:9a:07:06:49:71:b1:3d:e7:83:4c:25:af:85:
                    63:5a:91:33:c3:94:7c:07:75:26:b8:60:70:a4:58:
                    30:73:93:a8:05:86:ed:72:03:f7:90:ed:61:cb:b9:
                    a7:69:03:cb:33:87:4b:a3:eb:6a:6d:ec:9d:4e:3c:
                    c2:5c:f1:d3:77:f1:c8:d1:44:39:11:26:17:6b:87:
                    a7:ac:f3:d2:33:75:8e:a4:13:c1:ae:29:09:c8:b9:
                    92:16:55:ff:06:f3:4d:2d:53:a6:74:9f:ca:f8:a4:
                    3c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:89:59:4D:06:E0:0C:62:C3:67:64:75:3A:CF:77:A9:AC:5B:22:95
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/xIlZTQbgDGLDZ2R1Os93qaxbIpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.45.0/24
                  193.233.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:24:52:84:50:84:cc:ca:44:7f:68:07:e6:99:08:07:2e:4a:
         68:74:47:2d:d0:87:65:f4:06:bd:93:98:2d:b9:37:04:0a:95:
         3b:aa:64:fc:04:45:38:67:df:0a:e7:f9:86:50:62:0f:b9:ce:
         1c:8c:c2:ee:d8:a1:73:90:2e:30:bc:b4:74:bd:be:c1:9b:ba:
         90:fe:6a:ad:3d:0d:a9:60:6e:22:07:d3:82:a9:4d:da:2a:16:
         33:a5:67:8b:86:36:38:2f:bf:16:fd:03:99:f0:dc:95:71:de:
         79:ca:e8:81:17:79:60:50:3e:9d:2f:f3:e4:bd:df:28:79:f9:
         25:a0:2d:00:f9:ee:d5:81:72:dd:71:cb:e9:84:17:f5:6a:ce:
         53:14:dc:3f:c3:53:0f:45:f5:59:19:53:fe:56:70:ef:a2:b4:
         b1:39:4a:ff:83:a0:12:04:92:f5:7c:19:35:d1:d1:eb:6a:a3:
         ab:16:93:34:fe:41:3c:7d:bc:fc:08:e5:f1:56:70:86:5d:ae:
         dc:e9:85:ab:51:92:8b:0d:39:2c:ff:f2:6e:11:d7:67:95:eb:
         37:17:5d:37:2e:58:e3:81:82:7f:bc:40:23:36:e9:42:1d:a9:
         55:3e:c7:ea:af:30:0d:71:2a:2e:f3:4a:78:2e:bf:47:2b:a1:
         58:2c:8b:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyfaG57pLvApJaY0K1X73oCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMjI3MTQwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDg5NTk0ZDA2ZTAwYzYyYzM2NzY0NzUzYWNmNzdhOWFjNWIyMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRNqww4iMDN/8J8uTHYJyqpwtTaQ
fc/XvVwnm/L+SkAmFebBpHyws7hj0GKzDu4yTs7BtVvcqyYTwJ9BIKOJoS39Ue/N
nvxjqMWT5f2Pn+BV7norDhsYN4e1jmVt8zt4z56bTGAS8IiM9fCP2tHamBFjvCk6
iGh0ljmY1Rq/bbsB5rOMMU3C29XB09IxePd13ENeIDqo75oHBklxsT3ng0wlr4Vj
WpEzw5R8B3UmuGBwpFgwc5OoBYbtcgP3kO1hy7mnaQPLM4dLo+tqbeydTjzCXPHT
d/HI0UQ5ESYXa4enrPPSM3WOpBPBrikJyLmSFlX/BvNNLVOmdJ/K+KQ8jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMSJWU0G4Axiw2dkdTrPd6msWyKVMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveElsWlRRYmdER0xEWjJSMU9zOTNxYXhiSXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky0tAwQB
welwMA0GCSqGSIb3DQEBCwUAA4IBAQBbJFKEUITMykR/aAfmmQgHLkpodEct0Idl
9Aa9k5gtuTcECpU7qmT8BEU4Z98K5/mGUGIPuc4cjMLu2KFzkC4wvLR0vb7Bm7qQ
/mqtPQ2pYG4iB9OCqU3aKhYzpWeLhjY4L78W/QOZ8NyVcd55yuiBF3lgUD6dL/Pk
vd8oefkloC0A+e7VgXLdccvphBf1as5TFNw/w1MPRfVZGVP+VnDvorSxOUr/g6AS
BJL1fBk10dHraqOrFpM0/kE8fbz8COXxVnCGXa7c6YWrUZKLDTks//JuEddnles3
F103LljjgYJ/vEAjNulCHalVPsfqrzANcSou80p4Lr9HK6FYLItB
-----END CERTIFICATE-----