Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/koZRtmLb4_DUwa_U7nVBEuXUaRc.roa
File:                     koZRtmLb4_DUwa_U7nVBEuXUaRc.roa (raw, json)
Hash identifier:          mypgm4qj0slTq4ehRTNQNBRP+7YNzHVM3OKXqObRrzY=
Subject key identifier:   92:86:51:B6:62:DB:E3:F0:D4:C1:AF:D4:EE:75:41:12:E5:D4:69:17
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019EAC2A463E93314A7111779DB83AD4BE6F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/koZRtmLb4_DUwa_U7nVBEuXUaRc.roa
Signing time:             Tue 09 Jun 2026 11:35:12 +0000
ROA not before:           Tue 09 Jun 2026 11:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33842
IP address blocks:        78.17.98.0/24 maxlen: 24
                          89.125.121.0/24 maxlen: 24
                          104.143.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:2a:46:3e:93:31:4a:71:11:77:9d:b8:3a:d4:be:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun  9 11:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=928651b662dbe3f0d4c1afd4ee754112e5d46917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:54:c2:60:e0:99:39:9e:d8:ea:bd:4a:7a:
                    ab:15:df:b9:fb:16:8c:84:06:82:8c:cc:20:48:2c:
                    9a:92:f8:ca:e2:40:db:92:8e:8d:8d:a1:d9:f6:67:
                    f8:3d:ea:b8:59:9b:ac:7a:cd:1e:f6:6b:40:ba:ee:
                    d3:33:76:23:04:b1:3e:de:a2:91:b9:4b:6b:45:53:
                    81:99:48:a7:2e:57:f1:d5:6f:7a:09:cb:ca:10:a6:
                    16:13:c0:9c:7b:00:cb:fe:3d:44:30:0a:e4:1d:2b:
                    b8:60:ce:f7:22:c2:05:f7:e1:4d:63:77:5b:05:9a:
                    8b:18:96:fc:dc:fd:e4:71:28:7a:ad:11:47:e7:dc:
                    5e:f0:c9:69:3f:b2:99:50:61:89:92:10:62:a2:45:
                    e1:b0:98:ac:e1:e7:5b:88:48:b7:b5:98:e1:3a:24:
                    e4:07:ac:02:cb:22:9e:38:77:ca:57:bb:5e:b9:27:
                    f4:9f:49:4c:43:d1:1d:fb:22:cb:98:78:ec:f5:ca:
                    fb:b0:9b:9d:fb:41:bc:fc:57:f2:2e:e0:2f:57:32:
                    3a:4d:ea:0c:88:91:c8:ee:b0:f0:b8:24:7e:dd:fb:
                    2e:0c:d7:82:ad:ab:70:9b:9f:00:86:e0:48:79:31:
                    91:14:3f:8f:1d:e1:16:e5:83:6b:ef:ea:de:44:b3:
                    09:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:86:51:B6:62:DB:E3:F0:D4:C1:AF:D4:EE:75:41:12:E5:D4:69:17
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/koZRtmLb4_DUwa_U7nVBEuXUaRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.98.0/24
                  89.125.121.0/24
                  104.143.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:53:3e:09:de:92:b6:70:fb:a4:e5:8a:e4:b4:c8:56:db:20:
         09:4f:5a:9d:f7:ac:0f:9a:b1:50:1b:dd:04:40:28:5b:a9:a5:
         be:30:45:4c:d8:7e:ee:72:45:be:28:f0:99:2c:f9:c3:b7:1f:
         e2:2d:87:d6:7d:5d:06:62:2a:ab:99:fa:4f:02:90:83:e9:88:
         28:71:d2:d2:1d:0c:f0:dc:e8:39:99:f0:42:ff:a0:60:21:4c:
         55:bd:9b:4c:06:2b:93:2f:c5:48:1d:4c:9d:5d:7f:4c:f4:90:
         3d:8a:2a:91:24:31:3c:ed:9d:34:d8:60:55:6d:60:ed:dd:a8:
         d6:60:e5:3d:b0:84:92:29:d6:85:dc:50:65:eb:27:17:0a:87:
         22:04:05:31:f3:96:e9:d7:4e:11:c2:42:f2:c8:cb:91:41:3e:
         01:6d:5e:b3:82:b1:c4:b7:41:68:78:0a:a3:d9:5a:0b:c2:9d:
         ec:fe:e0:d8:8c:23:e4:97:1b:68:5d:f5:c2:a0:64:d5:5c:00:
         b4:e9:a8:84:cb:2f:c2:40:28:0f:b8:b3:ac:17:99:cd:85:01:
         a9:29:98:8a:6f:b5:08:fd:02:52:e4:b4:2c:93:b9:88:0f:40:
         c9:6e:03:dd:ee:e2:f0:7a:65:61:34:77:6c:3e:4a:ff:98:e1:
         f2:85:f4:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6sKkY+kzFKcRF3nbg61L5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNjA5MTEzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjg2NTFiNjYyZGJlM2YwZDRjMWFmZDRlZTc1NDExMmU1ZDQ2OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbhUwmDgmTme2Oq9SnqrFd+5+xaM
hAaCjMwgSCyakvjK4kDbko6NjaHZ9mf4Peq4WZuses0e9mtAuu7TM3YjBLE+3qKR
uUtrRVOBmUinLlfx1W96CcvKEKYWE8CcewDL/j1EMArkHSu4YM73IsIF9+FNY3db
BZqLGJb83P3kcSh6rRFH59xe8MlpP7KZUGGJkhBiokXhsJis4edbiEi3tZjhOiTk
B6wCyyKeOHfKV7teuSf0n0lMQ9Ed+yLLmHjs9cr7sJud+0G8/FfyLuAvVzI6TeoM
iJHI7rDwuCR+3fsuDNeCratwm58AhuBIeTGRFD+PHeEW5YNr7+reRLMJ5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJKGUbZi2+Pw1MGv1O51QRLl1GkXMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEva29aUnRtTGI0X0RVd2FfVTduVkJFdVhVYVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAThFiAwQA
WX15AwQAaI/JMA0GCSqGSIb3DQEBCwUAA4IBAQB0Uz4J3pK2cPuk5YrktMhW2yAJ
T1qd96wPmrFQG90EQChbqaW+MEVM2H7uckW+KPCZLPnDtx/iLYfWfV0GYiqrmfpP
ApCD6YgocdLSHQzw3Og5mfBC/6BgIUxVvZtMBiuTL8VIHUydXX9M9JA9iiqRJDE8
7Z002GBVbWDt3ajWYOU9sISSKdaF3FBl6ycXCociBAUx85bp104RwkLyyMuRQT4B
bV6zgrHEt0FoeAqj2VoLwp3s/uDYjCPklxtoXfXCoGTVXAC06aiEyy/CQCgPuLOs
F5nNhQGpKZiKb7UI/QJS5LQsk7mID0DJbgPd7uLwemVhNHdsPkr/mOHyhfTW
-----END CERTIFICATE-----