Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/12e7WnFZjJg5d5fvA7KK7iZMkcY.roa
File:                     12e7WnFZjJg5d5fvA7KK7iZMkcY.roa (raw, json)
Hash identifier:          X98CVhIUdgJwE//yVec86D5pD0Tnuzv1MB8J4RaBu5M=
Subject key identifier:   D7:67:BB:5A:71:59:8C:98:39:77:97:EF:03:B2:8A:EE:26:4C:91:C6
Certificate issuer:       /CN=1722e9678fb0d414d2ddfbd2420c4c748263f34b
Certificate serial:       019B7E3829B3963F6D618065918BEFFBC581
Authority key identifier: 17:22:E9:67:8F:B0:D4:14:D2:DD:FB:D2:42:0C:4C:74:82:63:F3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/12e7WnFZjJg5d5fvA7KK7iZMkcY.roa
Signing time:             Fri 02 Jan 2026 10:19:28 +0000
ROA not before:           Fri 02 Jan 2026 10:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210412
IP address blocks:        45.150.57.0/24 maxlen: 24
                          89.106.203.0/24 maxlen: 24
                          2a12:b380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:29:b3:96:3f:6d:61:80:65:91:8b:ef:fb:c5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1722e9678fb0d414d2ddfbd2420c4c748263f34b
        Validity
            Not Before: Jan  2 10:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d767bb5a71598c98397797ef03b28aee264c91c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6a:12:83:37:73:1a:ea:27:03:0a:7b:c0:4f:
                    60:df:26:1c:30:fa:a4:48:37:e6:55:47:c4:8a:7d:
                    cb:1d:e9:ed:5b:8c:e9:ee:c4:b2:2b:37:13:4f:ed:
                    9c:a3:49:30:69:af:12:08:1b:3a:0b:a3:40:d3:3b:
                    37:54:1c:31:e6:1e:d3:32:49:7e:60:b3:65:28:50:
                    49:31:94:09:7b:2a:b0:43:49:e8:99:38:33:6a:9f:
                    ce:12:bb:ba:a0:8e:18:74:f8:1c:91:64:a5:23:5b:
                    b3:27:fd:5b:46:d7:b8:c9:84:32:5a:41:d7:8a:76:
                    49:37:53:cb:62:a9:0d:4c:23:d7:14:0b:26:b0:db:
                    e2:55:53:8e:3c:37:cb:a3:de:0a:67:e5:cf:b0:7d:
                    de:94:a0:16:57:62:1f:db:f0:2d:cc:dd:15:e1:0b:
                    85:cf:ab:15:0a:54:0b:7c:01:5e:4e:03:29:6f:98:
                    0a:30:0a:bf:50:f2:85:65:ec:30:d2:19:5e:30:93:
                    8c:e6:ef:04:33:84:e5:ce:3c:8b:ff:a0:01:dd:cb:
                    50:7b:51:38:9f:8d:15:0c:ab:79:94:0f:6b:74:1f:
                    48:6d:05:0f:1d:35:d2:76:1e:b1:bb:22:e4:dc:ef:
                    39:d1:0a:b2:8f:4e:6b:cc:63:92:4a:4b:cf:8a:fb:
                    e5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:67:BB:5A:71:59:8C:98:39:77:97:EF:03:B2:8A:EE:26:4C:91:C6
            X509v3 Authority Key Identifier:
                keyid:17:22:E9:67:8F:B0:D4:14:D2:DD:FB:D2:42:0C:4C:74:82:63:F3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyLpZ4-w1BTS3fvSQgxMdIJj80s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/12e7WnFZjJg5d5fvA7KK7iZMkcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a6e1b5-e781-4018-960b-88c951cee784/1/FyLpZ4-w1BTS3fvSQgxMdIJj80s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.57.0/24
                  89.106.203.0/24
                IPv6:
                  2a12:b380::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:ea:b7:e1:25:96:36:f2:7b:ce:fd:17:a0:35:e3:b5:be:c6:
         ec:e5:b5:1c:e1:15:69:f9:94:cd:fc:e9:a1:dc:0f:41:0e:59:
         e7:65:34:6f:38:ca:2b:cf:1c:42:d0:3d:bf:b9:fb:3d:36:43:
         42:42:2d:d9:8b:d1:e5:b7:da:35:f0:51:24:a7:92:51:1d:50:
         8b:f3:ea:b5:12:05:d1:f7:8d:84:cc:fe:63:21:0f:92:6f:22:
         28:09:73:c9:29:f2:fb:c2:3f:38:af:69:49:fd:5a:f2:4e:80:
         32:af:32:0a:b4:7f:f3:46:2a:a3:6a:bc:fa:da:43:78:f9:79:
         80:aa:03:aa:58:2a:e0:09:33:d9:64:e2:38:10:43:59:db:99:
         c1:3b:9c:39:81:6a:69:8a:94:fc:18:de:ce:2a:04:95:5f:19:
         97:01:12:a6:4d:61:c0:c9:ca:56:58:b4:8d:8e:df:5d:a7:58:
         ab:ef:4f:2a:f4:46:ec:2c:0e:ae:d2:ae:79:13:c1:6e:91:bf:
         a6:60:58:cb:19:f0:79:13:6a:4f:52:26:21:cd:01:b7:e4:b7:
         cd:a6:2f:2b:a2:32:47:32:f0:21:6a:13:f9:15:99:b4:99:44:
         6f:c2:75:d0:ec:ee:61:5b:d9:93:97:60:d7:5c:de:c7:77:1e:
         1f:7e:78:d9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+OCmzlj9tYYBlkYvv+8WBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjJlOTY3OGZiMGQ0MTRkMmRkZmJkMjQyMGM0Yzc0ODI2
M2YzNGIwHhcNMjYwMTAyMTAxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzY3YmI1YTcxNTk4Yzk4Mzk3Nzk3ZWYwM2IyOGFlZTI2NGM5MWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmoSgzdzGuonAwp7wE9g3yYcMPqk
SDfmVUfEin3LHentW4zp7sSyKzcTT+2co0kwaa8SCBs6C6NA0zs3VBwx5h7TMkl+
YLNlKFBJMZQJeyqwQ0nomTgzap/OEru6oI4YdPgckWSlI1uzJ/1bRte4yYQyWkHX
inZJN1PLYqkNTCPXFAsmsNviVVOOPDfLo94KZ+XPsH3elKAWV2If2/AtzN0V4QuF
z6sVClQLfAFeTgMpb5gKMAq/UPKFZeww0hleMJOM5u8EM4TlzjyL/6AB3ctQe1E4
n40VDKt5lA9rdB9IbQUPHTXSdh6xuyLk3O850Qqyj05rzGOSSkvPivvlTQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNdnu1pxWYyYOXeX7wOyiu4mTJHGMB8GA1UdIwQY
MBaAFBci6WePsNQU0t370kIMTHSCY/NLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlMcFo0LXcxQlRTM2Z2U1FneE1kSUpqODBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hNmUxYjUtZTc4MS00MDE4LTk2MGIt
ODhjOTUxY2VlNzg0LzEvMTJlN1duRlpqSmc1ZDVmdkE3S0s3aVpNa2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hNmUxYjUtZTc4MS00MDE4LTk2MGItODhjOTUxY2VlNzg0
LzEvRnlMcFo0LXcxQlRTM2Z2U1FneE1kSUpqODBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALZY5AwQA
WWrLMA0EAgACMAcDBQMqErOAMA0GCSqGSIb3DQEBCwUAA4IBAQCf6rfhJZY28nvO
/RegNeO1vsbs5bUc4RVp+ZTN/Omh3A9BDlnnZTRvOMorzxxC0D2/ufs9NkNCQi3Z
i9Hlt9o18FEkp5JRHVCL8+q1EgXR942EzP5jIQ+SbyIoCXPJKfL7wj84r2lJ/Vry
ToAyrzIKtH/zRiqjarz62kN4+XmAqgOqWCrgCTPZZOI4EENZ25nBO5w5gWppipT8
GN7OKgSVXxmXARKmTWHAycpWWLSNjt9dp1ir708q9EbsLA6u0q55E8Fukb+mYFjL
GfB5E2pPUiYhzQG35LfNpi8rojJHMvAhahP5FZm0mURvwnXQ7O5hW9mTl2DXXN7H
dx4ffnjZ
-----END CERTIFICATE-----