Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/jZxaU0gUqcmTgelMnTTUvkNfM7g.roa
File:                     jZxaU0gUqcmTgelMnTTUvkNfM7g.roa (raw, json)
Hash identifier:          fm/mYWmhHVRNa3vFUylMM5LunZsCT8Akl9JuHlA1Fb8=
Subject key identifier:   8D:9C:5A:53:48:14:A9:C9:93:81:E9:4C:9D:34:D4:BE:43:5F:33:B8
Certificate issuer:       /CN=810cd50db437c789464cb64dfabfe405ca981b1a
Certificate serial:       019D48840976C9FFF8EA6C419C8610AEFC97
Authority key identifier: 81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/jZxaU0gUqcmTgelMnTTUvkNfM7g.roa
Signing time:             Wed 01 Apr 2026 10:08:25 +0000
ROA not before:           Wed 01 Apr 2026 10:08:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44999
IP address blocks:        93.188.120.0/21 maxlen: 24
                          176.62.216.0/21 maxlen: 24
                          176.62.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:84:09:76:c9:ff:f8:ea:6c:41:9c:86:10:ae:fc:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810cd50db437c789464cb64dfabfe405ca981b1a
        Validity
            Not Before: Apr  1 10:08:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d9c5a534814a9c99381e94c9d34d4be435f33b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:69:22:af:e0:9c:7d:69:10:15:f7:62:37:1e:
                    6b:a3:00:49:be:78:18:88:f5:b0:52:e4:1f:d6:db:
                    36:dd:e4:1e:5c:5c:1d:9e:b5:08:c3:ce:db:bc:42:
                    43:17:61:24:26:86:0f:4e:a4:a1:df:3a:3b:57:79:
                    23:54:7d:24:bd:b8:c1:c7:bd:6c:1a:ee:aa:e8:5f:
                    fb:25:d1:b1:ea:d5:2b:09:fd:66:75:f8:d6:8c:56:
                    8d:54:a4:51:df:f0:58:53:e5:ac:ee:e2:eb:b1:63:
                    a9:1f:5d:ef:04:dd:55:dd:ed:3c:d3:5b:fb:1e:c8:
                    17:5b:59:72:cd:87:70:c3:0b:a4:b6:68:9b:cf:1f:
                    60:98:0a:42:54:d8:5f:81:b3:d7:e0:ac:26:6d:c0:
                    68:93:67:f5:90:2d:c6:60:43:4d:bf:48:95:bb:8b:
                    be:2d:3f:84:d1:1c:8d:26:b8:ff:fb:24:51:e4:5a:
                    3f:51:7d:cd:4b:e2:4b:7c:96:0f:f8:20:90:b8:c3:
                    2c:ab:13:e5:aa:80:d6:5f:02:ed:da:cb:e7:3f:d9:
                    0b:0e:51:a8:22:47:5a:43:14:48:76:02:49:a6:61:
                    27:5e:37:23:85:b8:0a:f2:d8:70:fe:04:3d:ac:3b:
                    0d:9d:31:57:f3:ba:a6:1a:50:0e:02:34:18:72:d7:
                    eb:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:9C:5A:53:48:14:A9:C9:93:81:E9:4C:9D:34:D4:BE:43:5F:33:B8
            X509v3 Authority Key Identifier:
                keyid:81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/jZxaU0gUqcmTgelMnTTUvkNfM7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.120.0/21
                  176.62.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3b:9a:8a:be:87:b7:f6:43:77:0f:f6:6d:fa:d3:cf:28:0d:1b:
         64:a8:d7:68:b9:9b:d6:77:b3:78:1d:f8:c6:21:54:79:94:5e:
         04:54:ce:b5:45:1c:97:af:8c:c9:63:3e:26:4d:e1:c5:92:14:
         b6:39:4f:c4:56:46:64:56:b4:f6:ec:8d:72:44:76:be:70:89:
         64:60:a9:f5:76:3a:78:11:a6:25:f3:cf:fb:e0:70:61:42:be:
         5d:05:c6:3c:55:12:c7:c4:74:49:88:19:90:5f:62:40:26:d5:
         9a:38:ff:54:a4:20:dd:bd:ff:1d:50:b3:ec:00:4f:7e:da:55:
         fd:7e:24:00:4b:d2:b4:04:d3:dc:53:ff:a3:ed:13:fd:c7:13:
         ed:b2:dc:a4:db:09:97:d6:dc:73:b7:f3:90:1a:56:7f:8c:31:
         0b:60:68:05:95:97:f9:82:66:21:48:cf:64:a1:f2:ff:63:3d:
         f3:d3:f6:1c:27:d5:30:f3:6f:8c:5e:27:2b:75:e1:90:56:24:
         e7:e4:c8:fd:6d:b8:d7:37:ed:12:39:51:4b:eb:d2:f1:2f:66:
         3e:fc:8c:dc:06:29:3e:77:28:22:9a:f0:64:fa:1b:35:90:b5:
         dd:da:05:9c:20:41:dc:83:21:b3:1e:86:8b:94:3a:6f:9b:1b:
         4f:92:17:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1IhAl2yf/46mxBnIYQrvyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGNkNTBkYjQzN2M3ODk0NjRjYjY0ZGZhYmZlNDA1Y2E5
ODFiMWEwHhcNMjYwNDAxMTAwODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDljNWE1MzQ4MTRhOWM5OTM4MWU5NGM5ZDM0ZDRiZTQzNWYzM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWkir+CcfWkQFfdiNx5rowBJvngY
iPWwUuQf1ts23eQeXFwdnrUIw87bvEJDF2EkJoYPTqSh3zo7V3kjVH0kvbjBx71s
Gu6q6F/7JdGx6tUrCf1mdfjWjFaNVKRR3/BYU+Ws7uLrsWOpH13vBN1V3e0801v7
HsgXW1lyzYdwwwuktmibzx9gmApCVNhfgbPX4KwmbcBok2f1kC3GYENNv0iVu4u+
LT+E0RyNJrj/+yRR5Fo/UX3NS+JLfJYP+CCQuMMsqxPlqoDWXwLt2svnP9kLDlGo
IkdaQxRIdgJJpmEnXjcjhbgK8thw/gQ9rDsNnTFX87qmGlAOAjQYctfrowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI2cWlNIFKnJk4HpTJ001L5DXzO4MB8GA1UdIwQY
MBaAFIEM1Q20N8eJRky2Tfq/5AXKmBsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2Yt
NmI3NTk5ZmNkYzMzLzEvalp4YVUwZ1VxY21UZ2VsTW5UVFV2a05mTTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2YtNmI3NTk5ZmNkYzMz
LzEvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXbx4AwQD
sD7YMA0GCSqGSIb3DQEBCwUAA4IBAQA7moq+h7f2Q3cP9m36088oDRtkqNdouZvW
d7N4HfjGIVR5lF4EVM61RRyXr4zJYz4mTeHFkhS2OU/EVkZkVrT27I1yRHa+cIlk
YKn1djp4EaYl88/74HBhQr5dBcY8VRLHxHRJiBmQX2JAJtWaOP9UpCDdvf8dULPs
AE9+2lX9fiQAS9K0BNPcU/+j7RP9xxPtstyk2wmX1txzt/OQGlZ/jDELYGgFlZf5
gmYhSM9kofL/Yz3z0/YcJ9Uw82+MXicrdeGQViTn5Mj9bbjXN+0SOVFL69LxL2Y+
/IzcBik+dygimvBk+hs1kLXd2gWcIEHcgyGzHoaLlDpvmxtPkhcp
-----END CERTIFICATE-----