Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DlL96hxxwcy8Kwd8DQrZphzJ2xQ.roa
File:                     DlL96hxxwcy8Kwd8DQrZphzJ2xQ.roa (raw, json)
Hash identifier:          douTIG2rpH9W5IASQHZjad+O9ORB6/ZQHqnsPcQDa1Y=
Subject key identifier:   0E:52:FD:EA:1C:71:C1:CC:BC:2B:07:7C:0D:0A:D9:A6:1C:C9:DB:14
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019D9AD67B16C9B70B75CDE6B8621E361643
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DlL96hxxwcy8Kwd8DQrZphzJ2xQ.roa
Signing time:             Fri 17 Apr 2026 09:47:20 +0000
ROA not before:           Fri 17 Apr 2026 09:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        209.131.66.0/24 maxlen: 24
                          209.131.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:d6:7b:16:c9:b7:0b:75:cd:e6:b8:62:1e:36:16:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Apr 17 09:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e52fdea1c71c1ccbc2b077c0d0ad9a61cc9db14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:06:d4:3d:cd:fe:0f:90:a7:0c:71:77:ae:
                    61:06:b7:16:2d:95:97:35:7c:d1:39:cb:41:97:0b:
                    bb:2e:aa:cc:4d:32:67:13:37:e1:6e:47:32:9e:c1:
                    02:83:57:2d:6b:6b:96:b3:9a:03:3d:78:f0:e5:35:
                    9b:49:b9:ca:b3:4a:41:cf:dd:32:17:43:4f:92:4b:
                    cd:11:3e:5d:a3:e4:12:80:f4:a1:2c:9e:f7:a8:cb:
                    0e:a2:9b:19:0f:e8:3a:5d:db:1e:39:f9:be:d3:0f:
                    9e:65:fd:67:1c:c0:33:d4:86:ac:13:de:b1:6c:f1:
                    01:bf:c1:de:6f:a2:3f:a2:ce:a2:62:21:5d:5a:df:
                    fe:64:a3:ac:ec:95:4d:39:a5:fe:6a:3c:62:a0:31:
                    3d:9d:67:36:ad:3c:fb:2c:41:95:9a:41:6c:99:72:
                    10:22:e8:3e:5d:9f:ec:c1:01:05:c1:bf:f8:dc:7c:
                    fc:63:8e:f1:65:50:d6:ef:7c:9d:60:f3:78:ed:af:
                    c8:af:47:b8:1b:45:15:c0:da:d9:53:22:e9:90:50:
                    41:59:99:67:d0:64:99:d9:7c:b7:d0:fe:cf:4a:ee:
                    dd:34:1a:13:a9:7f:b7:6b:53:23:74:3d:03:53:bf:
                    24:c3:97:22:a3:b8:8c:9e:00:db:64:5b:ec:57:a7:
                    26:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:52:FD:EA:1C:71:C1:CC:BC:2B:07:7C:0D:0A:D9:A6:1C:C9:DB:14
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DlL96hxxwcy8Kwd8DQrZphzJ2xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.66.0/24
                  209.131.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:05:32:f5:c9:3e:95:62:c5:c1:de:e5:2f:cf:81:bd:d4:db:
         33:40:62:d6:0b:de:b0:5b:70:21:d8:e8:a9:30:29:cf:a3:af:
         2c:c5:0f:40:8a:c5:c7:92:a4:d8:26:13:4f:44:f2:56:44:1e:
         98:fb:74:96:9c:22:b8:de:4c:fe:58:f8:dc:1a:37:ad:e6:a2:
         90:77:be:9c:68:7c:a7:ae:67:46:9a:ee:a8:68:49:d9:ca:a7:
         1b:09:43:cf:35:64:14:2f:dd:ec:ab:23:cd:51:e4:3e:ec:15:
         73:06:6e:c2:de:07:40:a2:21:9d:ae:39:cf:12:23:ba:79:6e:
         ff:ba:d3:a4:f1:d0:33:c2:f4:43:49:6f:47:90:9b:78:84:91:
         7d:d3:fd:0b:0e:19:49:74:f1:bf:66:46:c4:21:c5:51:1a:5b:
         d0:d2:55:34:3b:29:93:2f:f7:28:c2:61:4f:fd:de:74:5b:62:
         08:e3:c2:37:45:43:09:9f:38:ca:c8:f3:50:2a:b0:cb:75:1d:
         42:ce:50:b4:99:e2:08:88:99:21:65:ed:d2:61:5c:f0:f6:34:
         e7:97:49:81:06:55:0b:18:0e:74:d0:b2:2a:7e:01:ef:76:82:
         bc:68:1c:2e:df:c9:b7:30:de:88:0d:d7:c9:97:08:7d:5f:d3:
         aa:5a:37:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2a1nsWybcLdc3muGIeNhZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNDE3MDk0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTUyZmRlYTFjNzFjMWNjYmMyYjA3N2MwZDBhZDlhNjFjYzlkYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9YG1D3N/g+Qpwxxd65hBrcWLZWX
NXzROctBlwu7LqrMTTJnEzfhbkcynsECg1cta2uWs5oDPXjw5TWbSbnKs0pBz90y
F0NPkkvNET5do+QSgPShLJ73qMsOopsZD+g6XdseOfm+0w+eZf1nHMAz1IasE96x
bPEBv8Heb6I/os6iYiFdWt/+ZKOs7JVNOaX+ajxioDE9nWc2rTz7LEGVmkFsmXIQ
Iug+XZ/swQEFwb/43Hz8Y47xZVDW73ydYPN47a/Ir0e4G0UVwNrZUyLpkFBBWZln
0GSZ2Xy30P7PSu7dNBoTqX+3a1MjdD0DU78kw5cio7iMngDbZFvsV6cmWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5S/eocccHMvCsHfA0K2aYcydsUMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvRGxMOTZoeHh3Y3k4S3dkOERRclpwaHpKMnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA0YNCAwQA
0YNHMA0GCSqGSIb3DQEBCwUAA4IBAQA4BTL1yT6VYsXB3uUvz4G91NszQGLWC96w
W3Ah2OipMCnPo68sxQ9AisXHkqTYJhNPRPJWRB6Y+3SWnCK43kz+WPjcGjet5qKQ
d76caHynrmdGmu6oaEnZyqcbCUPPNWQUL93sqyPNUeQ+7BVzBm7C3gdAoiGdrjnP
EiO6eW7/utOk8dAzwvRDSW9HkJt4hJF90/0LDhlJdPG/ZkbEIcVRGlvQ0lU0OymT
L/cowmFP/d50W2II48I3RUMJnzjKyPNQKrDLdR1CzlC0meIIiJkhZe3SYVzw9jTn
l0mBBlULGA500LIqfgHvdoK8aBwu38m3MN6IDdfJlwh9X9OqWjfJ
-----END CERTIFICATE-----