Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/9hTsswgUXOfKzK86jh8sw9PnVRQ.roa
File:                     9hTsswgUXOfKzK86jh8sw9PnVRQ.roa (raw, json)
Hash identifier:          VUMPgbx8iNcl27+3ad2ddOknvW8bTIH2c1IPAK3gQHk=
Subject key identifier:   F6:14:EC:B3:08:14:5C:E7:CA:CC:AF:3A:8E:1F:2C:C3:D3:E7:55:14
Certificate issuer:       /CN=b20663583a8189cbeaac88d438767997b1125549
Certificate serial:       019B7B369293719F03F8CEE6EB161DA42780
Authority key identifier: B2:06:63:58:3A:81:89:CB:EA:AC:88:D4:38:76:79:97:B1:12:55:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sgZjWDqBicvqrIjUOHZ5l7ESVUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/9hTsswgUXOfKzK86jh8sw9PnVRQ.roa
Signing time:             Thu 01 Jan 2026 20:18:52 +0000
ROA not before:           Thu 01 Jan 2026 20:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29438
IP address blocks:        213.225.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/sgZjWDqBicvqrIjUOHZ5l7ESVUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/sgZjWDqBicvqrIjUOHZ5l7ESVUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sgZjWDqBicvqrIjUOHZ5l7ESVUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:92:93:71:9f:03:f8:ce:e6:eb:16:1d:a4:27:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b20663583a8189cbeaac88d438767997b1125549
        Validity
            Not Before: Jan  1 20:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f614ecb308145ce7caccaf3a8e1f2cc3d3e75514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c9:3a:95:4f:db:7d:0b:b8:9e:6b:bd:0c:d1:
                    9f:2d:45:a1:56:09:b7:c9:05:98:f3:78:77:51:ba:
                    ac:6c:57:8d:fb:61:ad:03:4f:25:fa:d0:7b:88:0a:
                    c0:09:4a:ae:92:c9:58:31:36:79:55:ec:18:28:f0:
                    b4:32:fc:ea:7d:d5:ab:f8:2b:58:21:42:7b:53:c3:
                    95:be:14:b6:eb:a4:93:b5:08:d2:53:db:a3:be:6c:
                    3e:0d:d9:49:92:8a:6a:d8:c9:80:38:ac:25:ef:cd:
                    25:31:43:d4:09:a9:3c:5a:b2:64:74:48:06:16:81:
                    a6:65:6a:1f:73:d8:d8:03:7e:0d:96:77:8c:f2:05:
                    f5:42:f5:a3:de:50:e6:c8:84:7c:d7:1a:49:bb:43:
                    10:4d:60:be:37:e2:11:d0:e3:9b:a7:26:e0:6d:b8:
                    83:51:db:2b:49:4d:71:83:7d:c4:da:2c:c8:c0:77:
                    23:7f:a1:5d:24:ee:87:4f:19:a9:4c:78:ed:be:86:
                    2f:97:7a:72:b8:9e:84:c2:ae:e7:8c:d3:01:68:19:
                    98:da:a5:23:a6:f8:7c:c1:3c:84:42:60:5e:a8:29:
                    7e:ce:4b:c2:a2:59:85:7b:29:6b:36:c5:91:0e:77:
                    f6:e8:c6:80:d7:e6:0b:df:70:96:93:3e:bf:be:1c:
                    25:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:14:EC:B3:08:14:5C:E7:CA:CC:AF:3A:8E:1F:2C:C3:D3:E7:55:14
            X509v3 Authority Key Identifier:
                keyid:B2:06:63:58:3A:81:89:CB:EA:AC:88:D4:38:76:79:97:B1:12:55:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sgZjWDqBicvqrIjUOHZ5l7ESVUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/9hTsswgUXOfKzK86jh8sw9PnVRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ef6f1a-6dfc-494e-b85d-d18773e7bc47/1/sgZjWDqBicvqrIjUOHZ5l7ESVUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.225.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0b:65:d3:f3:a1:55:86:47:d9:e1:e8:e4:ff:e2:e8:27:65:e4:
         79:10:be:c4:d0:4b:9c:ee:30:72:38:c5:c5:66:93:be:13:c8:
         28:cd:f9:26:27:4a:7c:eb:44:f8:c3:4f:2a:3b:a7:13:9d:f3:
         a9:0b:57:b1:15:54:df:8d:29:27:b7:31:6a:5a:22:8d:5b:c8:
         61:2b:81:81:2d:bf:1b:b7:02:23:39:8e:0c:d5:cd:fa:7d:15:
         d9:37:11:c6:d9:cb:d3:09:19:d1:1a:40:15:54:18:4b:75:95:
         a5:88:2a:36:b6:1e:4f:1a:ee:45:09:9a:c4:3b:93:9d:12:f5:
         28:0c:bf:eb:05:64:fc:8f:4a:19:a3:da:0d:d9:2f:18:5a:97:
         2a:69:e9:b7:f2:a7:3e:16:60:66:0c:00:0c:0d:d5:90:81:22:
         34:1a:4c:fb:80:a1:cf:be:ed:aa:67:57:9b:8f:3c:eb:30:d3:
         d9:1d:ca:60:e9:84:b6:6c:34:f1:26:87:99:f9:ea:56:8f:6c:
         16:1f:51:e3:24:ca:cd:6e:0e:3f:2e:42:a8:0b:b8:9e:b3:f6:
         19:fc:7d:cd:85:9d:42:71:10:f8:bb:ba:73:84:da:a0:c7:ed:
         77:e9:40:7f:0b:25:21:0f:04:15:8c:db:16:17:24:6a:54:32:
         02:55:ca:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NpKTcZ8D+M7m6xYdpCeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMDY2MzU4M2E4MTg5Y2JlYWFjODhkNDM4NzY3OTk3YjEx
MjU1NDkwHhcNMjYwMTAxMjAxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE0ZWNiMzA4MTQ1Y2U3Y2FjY2FmM2E4ZTFmMmNjM2QzZTc1NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMk6lU/bfQu4nmu9DNGfLUWhVgm3
yQWY83h3UbqsbFeN+2GtA08l+tB7iArACUqukslYMTZ5VewYKPC0MvzqfdWr+CtY
IUJ7U8OVvhS266STtQjSU9ujvmw+DdlJkopq2MmAOKwl780lMUPUCak8WrJkdEgG
FoGmZWofc9jYA34NlneM8gX1QvWj3lDmyIR81xpJu0MQTWC+N+IR0OObpybgbbiD
UdsrSU1xg33E2izIwHcjf6FdJO6HTxmpTHjtvoYvl3pyuJ6Ewq7njNMBaBmY2qUj
pvh8wTyEQmBeqCl+zkvColmFeylrNsWRDnf26MaA1+YL33CWkz6/vhwleQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYU7LMIFFznysyvOo4fLMPT51UUMB8GA1UdIwQY
MBaAFLIGY1g6gYnL6qyI1Dh2eZexElVJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2daaldEcUJpY3ZxcklqVU9IWjVsN0VTVlVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lZjZmMWEtNmRmYy00OTRlLWI4NWQt
ZDE4NzczZTdiYzQ3LzEvOWhUc3N3Z1VYT2ZLeks4NmpoOHN3OVBuVlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lZjZmMWEtNmRmYy00OTRlLWI4NWQtZDE4NzczZTdiYzQ3
LzEvc2daaldEcUJpY3ZxcklqVU9IWjVsN0VTVlVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1eHAMA0G
CSqGSIb3DQEBCwUAA4IBAQALZdPzoVWGR9nh6OT/4ugnZeR5EL7E0Euc7jByOMXF
ZpO+E8gozfkmJ0p860T4w08qO6cTnfOpC1exFVTfjSkntzFqWiKNW8hhK4GBLb8b
twIjOY4M1c36fRXZNxHG2cvTCRnRGkAVVBhLdZWliCo2th5PGu5FCZrEO5OdEvUo
DL/rBWT8j0oZo9oN2S8YWpcqaem38qc+FmBmDAAMDdWQgSI0Gkz7gKHPvu2qZ1eb
jzzrMNPZHcpg6YS2bDTxJoeZ+epWj2wWH1HjJMrNbg4/LkKoC7ies/YZ/H3NhZ1C
cRD4u7pzhNqgx+136UB/CyUhDwQVjNsWFyRqVDICVcoG
-----END CERTIFICATE-----