Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1x5Ug6ge1BffbFsMdWueb1Zl8dg.roa
File:                     1x5Ug6ge1BffbFsMdWueb1Zl8dg.roa (raw, json)
Hash identifier:          UcMIeKBASp1DHEXzDXc6WYFOzC1K2w+q/4/TTkPBVX8=
Subject key identifier:   D7:1E:54:83:A8:1E:D4:17:DF:6C:5B:0C:75:6B:9E:6F:56:65:F1:D8
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019C237C8CABFC3EE9AE6EE032923E4CA2A7
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1x5Ug6ge1BffbFsMdWueb1Zl8dg.roa
Signing time:             Tue 03 Feb 2026 12:31:30 +0000
ROA not before:           Tue 03 Feb 2026 12:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60118
IP address blocks:        80.96.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:23:7c:8c:ab:fc:3e:e9:ae:6e:e0:32:92:3e:4c:a2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb  3 12:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d71e5483a81ed417df6c5b0c756b9e6f5665f1d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f6:8d:0a:a0:36:f3:99:26:e7:72:75:a7:bb:
                    24:3c:6b:e2:62:31:d0:14:f9:b3:82:fd:11:43:dc:
                    a9:d2:20:3c:bc:0a:5c:0b:13:12:e9:32:dd:1c:46:
                    53:5d:40:99:90:ca:d8:6e:84:5d:2e:9a:9d:cf:fc:
                    fa:16:0d:19:c6:79:3a:10:22:fb:66:fc:c6:2d:37:
                    13:ce:73:46:38:8e:22:17:98:a0:3a:d1:38:d4:70:
                    bb:17:54:3d:98:63:63:fc:85:d3:8d:c4:c7:e8:1f:
                    a2:ae:4a:13:06:7d:02:e1:67:57:22:d3:bb:95:5e:
                    ea:1d:1a:c8:b7:81:b9:56:0c:4c:46:f5:21:60:11:
                    bf:8d:43:1d:49:14:5c:ba:a9:a0:65:30:23:14:d4:
                    81:7a:51:0a:74:57:4e:e6:7a:16:fc:08:43:9f:b5:
                    99:5e:47:fe:b5:9b:11:0b:dc:f8:1f:23:c7:e6:e8:
                    63:54:73:19:dd:ff:7c:e6:21:bd:bc:99:bb:85:9b:
                    22:56:ef:d7:f9:c5:59:01:4e:88:eb:7e:89:aa:b8:
                    00:c1:a1:5f:94:7d:a4:06:94:aa:3b:5e:db:de:cf:
                    bd:1e:59:8b:c1:ff:b9:bd:8a:70:b5:8f:48:f4:a2:
                    97:c0:3d:1c:09:47:2a:42:c1:89:20:dc:b0:28:d3:
                    cf:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1E:54:83:A8:1E:D4:17:DF:6C:5B:0C:75:6B:9E:6F:56:65:F1:D8
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1x5Ug6ge1BffbFsMdWueb1Zl8dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:96:8a:c3:8f:7c:13:10:fc:82:3b:6f:e2:65:5c:18:d5:73:
         78:35:28:43:4b:1c:4e:fe:b6:09:02:41:fa:6b:ff:31:e9:ce:
         f8:1e:ad:3e:1e:6c:f3:b0:bb:4e:80:23:16:8c:a3:0e:74:98:
         00:a1:08:3d:11:40:54:7d:97:73:05:12:1c:6b:6d:ff:a1:1a:
         ec:98:0e:ec:dd:ab:fd:d5:77:d8:4f:9e:37:9b:d0:7b:b8:1b:
         51:b8:50:2e:84:5e:3e:a6:f4:55:d9:8e:2a:80:68:e3:c3:f4:
         c7:61:e3:44:ce:f7:db:0c:68:c7:87:eb:e1:7d:b9:75:e5:cd:
         b6:60:83:61:f0:57:d3:86:ba:72:85:55:e3:cb:36:42:ef:8f:
         a6:c3:2d:e0:25:0e:0f:41:00:f3:53:9b:2a:e5:8a:81:b3:7a:
         f6:26:6e:3a:6e:2c:b1:5d:98:92:1e:93:43:34:a0:28:6e:80:
         ab:90:44:9a:3a:f2:33:dd:07:8a:03:e5:5e:2b:9b:5c:ba:21:
         d4:4e:e9:b0:1a:79:49:47:dd:e5:7b:78:7a:33:dc:9e:7c:2b:
         2f:21:a1:27:d4:24:e4:6c:96:67:dc:fd:f8:41:a5:e8:2e:e2:
         67:90:e5:9c:6a:18:5c:2a:bf:5b:23:5a:b9:b4:21:9b:52:f8:
         ef:76:30:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwjfIyr/D7prm7gMpI+TKKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMjAzMTIzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzFlNTQ4M2E4MWVkNDE3ZGY2YzViMGM3NTZiOWU2ZjU2NjVmMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPaNCqA285km53J1p7skPGviYjHQ
FPmzgv0RQ9yp0iA8vApcCxMS6TLdHEZTXUCZkMrYboRdLpqdz/z6Fg0Zxnk6ECL7
ZvzGLTcTznNGOI4iF5igOtE41HC7F1Q9mGNj/IXTjcTH6B+irkoTBn0C4WdXItO7
lV7qHRrIt4G5VgxMRvUhYBG/jUMdSRRcuqmgZTAjFNSBelEKdFdO5noW/AhDn7WZ
Xkf+tZsRC9z4HyPH5uhjVHMZ3f985iG9vJm7hZsiVu/X+cVZAU6I636JqrgAwaFf
lH2kBpSqO17b3s+9HlmLwf+5vYpwtY9I9KKXwD0cCUcqQsGJINywKNPP2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNceVIOoHtQX32xbDHVrnm9WZfHYMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMXg1VWc2Z2UxQmZmYkZzTWRXdWViMVpsOGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUGCQMA0G
CSqGSIb3DQEBCwUAA4IBAQAHlorDj3wTEPyCO2/iZVwY1XN4NShDSxxO/rYJAkH6
a/8x6c74Hq0+HmzzsLtOgCMWjKMOdJgAoQg9EUBUfZdzBRIca23/oRrsmA7s3av9
1XfYT543m9B7uBtRuFAuhF4+pvRV2Y4qgGjjw/THYeNEzvfbDGjHh+vhfbl15c22
YINh8FfThrpyhVXjyzZC74+mwy3gJQ4PQQDzU5sq5YqBs3r2Jm46biyxXZiSHpND
NKAoboCrkESaOvIz3QeKA+VeK5tcuiHUTumwGnlJR93le3h6M9yefCsvIaEn1CTk
bJZn3P34QaXoLuJnkOWcahhcKr9bI1q5tCGbUvjvdjDM
-----END CERTIFICATE-----