Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/uIHF2AQ7vp5Pre5Cme0Crtl9d0U.roa
File:                     uIHF2AQ7vp5Pre5Cme0Crtl9d0U.roa (raw, json)
Hash identifier:          ubz0GfoUcPQy67DfcRHCrIrq2GX41LDxGEaEZ6xFYHU=
Subject key identifier:   B8:81:C5:D8:04:3B:BE:9E:4F:AD:EE:42:99:ED:02:AE:D9:7D:77:45
Certificate issuer:       /CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Certificate serial:       019D71A7429F20C8B76AAE878CB918B92B43
Authority key identifier: 43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/uIHF2AQ7vp5Pre5Cme0Crtl9d0U.roa
Signing time:             Thu 09 Apr 2026 09:51:20 +0000
ROA not before:           Thu 09 Apr 2026 09:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201875
IP address blocks:        185.58.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:a7:42:9f:20:c8:b7:6a:ae:87:8c:b9:18:b9:2b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
        Validity
            Not Before: Apr  9 09:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b881c5d8043bbe9e4fadee4299ed02aed97d7745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:68:99:de:3b:44:1c:1f:70:46:c1:d6:8f:7e:
                    0d:17:93:df:b9:77:23:7f:92:37:0c:ba:21:11:93:
                    5c:67:11:45:3b:f6:39:44:1e:3d:e8:40:ff:5d:53:
                    70:37:07:20:72:6c:2b:d6:a1:85:24:a0:16:2e:4d:
                    8b:0e:69:e0:62:b3:e3:04:e0:d5:52:69:a9:27:ec:
                    f6:e6:39:ea:d4:87:29:3a:ff:8d:d3:9a:91:b2:5b:
                    92:b2:6f:97:f2:69:ed:66:0d:81:22:f5:e6:d5:05:
                    2b:bf:70:24:cf:fc:44:5b:9a:19:66:7b:de:02:1a:
                    a8:80:a8:04:95:63:16:5e:96:ba:83:81:f9:46:36:
                    c1:22:c9:cf:15:6f:d9:14:ce:07:fa:77:77:ed:80:
                    39:4d:6a:32:e0:40:43:1c:c4:95:20:99:a3:25:1e:
                    36:f7:6c:9c:59:97:3c:3d:40:aa:4a:4f:e5:ce:b0:
                    83:3e:cb:46:75:4f:55:86:c5:4f:06:ae:d7:dc:a1:
                    22:17:77:13:29:08:ad:c8:ea:3d:31:db:18:48:67:
                    0b:a9:db:b1:a0:b8:13:21:77:c7:e5:3f:3a:49:cd:
                    6c:d9:4c:47:8f:91:7a:90:c4:12:07:4c:56:20:33:
                    a5:dc:64:fb:13:9f:a0:05:d7:d5:d2:37:43:98:07:
                    14:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:81:C5:D8:04:3B:BE:9E:4F:AD:EE:42:99:ED:02:AE:D9:7D:77:45
            X509v3 Authority Key Identifier:
                keyid:43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/uIHF2AQ7vp5Pre5Cme0Crtl9d0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:e6:8d:e9:82:4a:d0:8e:60:5f:64:4b:f7:60:73:c4:6d:2f:
         a3:9b:e8:9f:63:61:9e:2c:29:cd:74:15:8a:ed:cc:c2:28:e0:
         df:bf:bf:f9:0f:fe:75:83:d0:f0:f4:18:51:54:94:b1:e2:15:
         9c:88:93:f1:bd:8c:ed:bd:0e:db:b4:b3:bc:1a:e0:79:67:f8:
         14:23:19:d7:42:39:b8:3f:f2:09:c2:b0:12:49:2f:fc:06:65:
         aa:56:8d:a1:c3:a6:ed:6d:8d:36:d7:f6:e7:46:2b:8a:4d:d5:
         3a:f9:19:34:2f:af:50:e6:de:47:e1:b8:ba:41:68:50:6b:93:
         64:4a:fc:65:90:f7:c8:00:b3:11:19:21:c3:78:b8:b8:23:7f:
         da:54:1a:ab:1e:63:34:ed:2f:b3:96:36:e6:75:15:a6:68:fa:
         95:6e:3f:91:c0:f5:7c:d3:99:84:f8:43:91:f5:50:be:76:45:
         7a:36:b3:29:21:9f:ec:df:ad:08:6a:ee:55:f2:1a:1d:47:a3:
         71:7f:46:15:2d:4c:45:15:6d:cb:59:b4:b7:76:fa:c2:ae:69:
         5d:fe:0c:bd:c5:44:29:ee:24:f0:af:fe:6d:2e:95:48:4a:0c:
         6c:c8:ea:56:26:7b:d2:da:c2:ac:31:21:c2:32:49:01:54:55:
         92:99:fb:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xp0KfIMi3aq6HjLkYuStDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzY2E3ZjNmNjVkMjk0N2FmOTRmMzk4YmIzYzdjOWMzMjAw
MTkwODQwHhcNMjYwNDA5MDk1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODgxYzVkODA0M2JiZTllNGZhZGVlNDI5OWVkMDJhZWQ5N2Q3NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2iZ3jtEHB9wRsHWj34NF5PfuXcj
f5I3DLohEZNcZxFFO/Y5RB496ED/XVNwNwcgcmwr1qGFJKAWLk2LDmngYrPjBODV
UmmpJ+z25jnq1IcpOv+N05qRsluSsm+X8mntZg2BIvXm1QUrv3Akz/xEW5oZZnve
AhqogKgElWMWXpa6g4H5RjbBIsnPFW/ZFM4H+nd37YA5TWoy4EBDHMSVIJmjJR42
92ycWZc8PUCqSk/lzrCDPstGdU9VhsVPBq7X3KEiF3cTKQityOo9MdsYSGcLqdux
oLgTIXfH5T86Sc1s2UxHj5F6kMQSB0xWIDOl3GT7E5+gBdfV0jdDmAcUGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiBxdgEO76eT63uQpntAq7ZfXdFMB8GA1UdIwQY
MBaAFEPKfz9l0pR6+U85i7PHycMgAZCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzIt
ZDUzODExZmJkN2IwLzEvdUlIRjJBUTd2cDVQcmU1Q21lMENydGw5ZDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzItZDUzODExZmJkN2Iw
LzEvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTrsMA0G
CSqGSIb3DQEBCwUAA4IBAQAi5o3pgkrQjmBfZEv3YHPEbS+jm+ifY2GeLCnNdBWK
7czCKODfv7/5D/51g9Dw9BhRVJSx4hWciJPxvYztvQ7btLO8GuB5Z/gUIxnXQjm4
P/IJwrASSS/8BmWqVo2hw6btbY021/bnRiuKTdU6+Rk0L69Q5t5H4bi6QWhQa5Nk
SvxlkPfIALMRGSHDeLi4I3/aVBqrHmM07S+zljbmdRWmaPqVbj+RwPV805mE+EOR
9VC+dkV6NrMpIZ/s360Iau5V8hodR6Nxf0YVLUxFFW3LWbS3dvrCrmld/gy9xUQp
7iTwr/5tLpVISgxsyOpWJnvS2sKsMSHCMkkBVFWSmfu+
-----END CERTIFICATE-----