Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ED9EhW3mpNgamBFWSlc6BOpQSzs.roa
File:                     ED9EhW3mpNgamBFWSlc6BOpQSzs.roa (raw, json)
Hash identifier:          DEXUhxRmVFuaqL00BnHCRwj5HnCR5dhUrWYcFp4b9Gs=
Subject key identifier:   10:3F:44:85:6D:E6:A4:D8:1A:98:11:56:4A:57:3A:04:EA:50:4B:3B
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019D959014EFED818338F8AD8EC43E023B2B
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ED9EhW3mpNgamBFWSlc6BOpQSzs.roa
Signing time:             Thu 16 Apr 2026 09:12:20 +0000
ROA not before:           Thu 16 Apr 2026 09:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203685
IP address blocks:        206.252.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:90:14:ef:ed:81:83:38:f8:ad:8e:c4:3e:02:3b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Apr 16 09:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=103f44856de6a4d81a9811564a573a04ea504b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:16:b5:a1:97:e0:0b:57:b2:66:77:62:ab:db:
                    55:16:fb:b4:47:ce:07:2a:96:1a:b4:15:66:c2:45:
                    88:87:48:c0:09:1c:c6:ea:6e:fb:55:7a:d2:90:81:
                    49:9f:c7:72:32:e8:0c:25:1b:ea:2d:40:47:7e:9d:
                    05:2e:2f:75:6c:04:09:60:89:34:38:58:e8:a3:f5:
                    ff:e5:02:30:e9:73:17:b5:3c:dd:35:15:2a:ff:3a:
                    5b:04:49:89:46:e0:a5:66:de:99:be:04:fc:28:eb:
                    9e:94:cb:1d:60:ea:6f:10:62:95:0d:76:b1:9e:32:
                    8b:af:c8:46:8c:cf:88:d0:d1:d9:13:48:d0:19:21:
                    05:3d:18:4c:72:26:f2:4c:ed:93:23:b9:3f:2f:3f:
                    37:51:0b:db:e3:5a:5b:f7:f0:21:3d:a0:37:36:02:
                    fc:f7:db:7c:63:cf:c8:b4:44:25:1d:32:55:20:dd:
                    22:5e:09:b0:6d:be:5d:e0:55:a2:c8:b8:42:c5:8d:
                    3a:c5:21:e3:d9:08:1a:28:85:4a:79:fc:c8:ce:74:
                    4e:04:89:af:74:a9:b8:c5:d9:5f:4b:d5:f8:20:1c:
                    d8:af:d7:d8:72:7f:a2:ac:ad:dd:04:0a:cb:ad:df:
                    71:c5:c2:43:04:ef:f0:ee:62:b0:f6:5a:6d:e5:e7:
                    a6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:3F:44:85:6D:E6:A4:D8:1A:98:11:56:4A:57:3A:04:EA:50:4B:3B
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ED9EhW3mpNgamBFWSlc6BOpQSzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.252.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:82:10:97:fb:bf:1b:61:6a:7b:3e:67:d7:a4:c5:bb:a7:25:
         03:73:8e:a8:30:61:1e:1d:8c:26:d2:52:cb:66:9e:10:74:91:
         90:3e:b1:df:f2:9b:ed:66:fa:ed:72:06:ce:48:3c:56:4b:14:
         14:5b:49:70:d0:56:af:0a:8d:3c:92:fa:57:0f:15:1e:e4:e1:
         40:a1:53:83:5a:1c:78:52:a1:25:eb:17:2d:8b:4c:31:f6:66:
         ca:e2:87:27:dc:1e:52:f5:83:92:82:39:7b:9f:c3:07:3b:bc:
         08:5b:25:35:76:79:db:92:98:68:39:a2:48:d8:ee:de:47:44:
         22:1f:0c:65:d2:1a:a3:48:fb:db:98:3e:69:8a:7c:45:93:4d:
         e0:61:63:e9:b6:16:1e:25:d5:37:a3:f0:30:43:d5:b9:ac:c3:
         80:6c:3c:cc:35:93:bc:13:db:bc:67:97:6d:d7:3e:8b:d0:bc:
         ed:31:34:9b:a0:96:38:bc:e8:8d:1b:f0:3e:d3:31:0e:46:f1:
         8c:da:29:31:8f:11:fa:7a:9a:64:f0:dd:e3:da:fa:40:21:3a:
         35:60:b6:b5:5d:fe:c4:f5:68:91:d9:b3:1e:de:01:ba:9c:b6:
         79:ac:22:05:cc:20:5d:5e:4e:ec:8d:d5:bd:27:d9:9d:1a:ce:
         96:2b:e4:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2VkBTv7YGDOPitjsQ+AjsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjYwNDE2MDkxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDNmNDQ4NTZkZTZhNGQ4MWE5ODExNTY0YTU3M2EwNGVhNTA0YjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRa1oZfgC1eyZndiq9tVFvu0R84H
KpYatBVmwkWIh0jACRzG6m77VXrSkIFJn8dyMugMJRvqLUBHfp0FLi91bAQJYIk0
OFjoo/X/5QIw6XMXtTzdNRUq/zpbBEmJRuClZt6ZvgT8KOuelMsdYOpvEGKVDXax
njKLr8hGjM+I0NHZE0jQGSEFPRhMcibyTO2TI7k/Lz83UQvb41pb9/AhPaA3NgL8
99t8Y8/ItEQlHTJVIN0iXgmwbb5d4FWiyLhCxY06xSHj2QgaKIVKefzIznROBImv
dKm4xdlfS9X4IBzYr9fYcn+irK3dBArLrd9xxcJDBO/w7mKw9lpt5eem8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBA/RIVt5qTYGpgRVkpXOgTqUEs7MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvRUQ5RWhXM21wTmdhbUJGV1NsYzZCT3BRU3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzvz5MA0G
CSqGSIb3DQEBCwUAA4IBAQAbghCX+78bYWp7PmfXpMW7pyUDc46oMGEeHYwm0lLL
Zp4QdJGQPrHf8pvtZvrtcgbOSDxWSxQUW0lw0FavCo08kvpXDxUe5OFAoVODWhx4
UqEl6xcti0wx9mbK4ocn3B5S9YOSgjl7n8MHO7wIWyU1dnnbkphoOaJI2O7eR0Qi
Hwxl0hqjSPvbmD5pinxFk03gYWPpthYeJdU3o/AwQ9W5rMOAbDzMNZO8E9u8Z5dt
1z6L0LztMTSboJY4vOiNG/A+0zEORvGM2ikxjxH6eppk8N3j2vpAITo1YLa1Xf7E
9WiR2bMe3gG6nLZ5rCIFzCBdXk7sjdW9J9mdGs6WK+Ri
-----END CERTIFICATE-----