Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/it1iOuAOKeXKmZIgToCf68n57w0.roa
File:                     it1iOuAOKeXKmZIgToCf68n57w0.roa (raw, json)
Hash identifier:          PtM4IHnPEqjx+3ydhNCTWVj93Z6VSaFfKrbJS1q5aFE=
Subject key identifier:   8A:DD:62:3A:E0:0E:29:E5:CA:99:92:20:4E:80:9F:EB:C9:F9:EF:0D
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019BF9544DF5ECF5B8BF2778F9B41F7F2250
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/it1iOuAOKeXKmZIgToCf68n57w0.roa
Signing time:             Mon 26 Jan 2026 08:03:30 +0000
ROA not before:           Mon 26 Jan 2026 08:03:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209207
IP address blocks:        185.112.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:54:4d:f5:ec:f5:b8:bf:27:78:f9:b4:1f:7f:22:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan 26 08:03:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8add623ae00e29e5ca9992204e809febc9f9ef0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:ea:a5:1c:19:6a:8f:c5:c2:67:fd:e0:f4:
                    b0:6d:ba:a0:83:51:82:df:8c:a9:bc:c2:25:d0:34:
                    03:a6:20:e1:19:cd:4f:db:d2:73:35:13:fb:84:14:
                    4a:ca:ba:6d:d8:fb:01:7a:53:9b:80:67:90:96:72:
                    60:07:ab:a3:fd:01:da:65:b3:b2:7a:f0:b0:df:09:
                    fd:70:be:04:81:d9:1a:6d:e2:21:3d:0e:71:4d:c0:
                    41:e6:a7:a1:c8:e4:81:6c:5e:7e:1b:26:f0:2f:cd:
                    6b:a0:ad:a9:e5:50:c1:ef:19:46:e9:eb:64:32:e6:
                    68:40:6a:d6:b6:ff:58:45:a5:3b:59:60:26:d7:a5:
                    2c:67:2f:98:95:5d:74:04:69:42:c0:7f:74:d1:37:
                    89:c8:95:6c:be:48:a5:0f:8f:8d:55:27:b5:93:19:
                    9d:7f:2d:e9:21:ba:77:8f:39:59:6c:93:97:b8:32:
                    f7:90:8b:1e:45:f3:c6:e2:02:94:d9:b6:4c:ba:8e:
                    02:ff:02:40:be:65:d9:f6:9f:1f:05:ab:2d:2a:a7:
                    f2:3b:fb:d6:03:4a:8e:a7:0e:16:68:52:f0:e7:dd:
                    e2:33:c6:b9:24:0c:fc:da:1d:4d:84:8a:c1:34:72:
                    20:ce:d0:d1:ba:c2:0d:2e:19:51:cf:75:35:bf:54:
                    66:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:DD:62:3A:E0:0E:29:E5:CA:99:92:20:4E:80:9F:EB:C9:F9:EF:0D
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/it1iOuAOKeXKmZIgToCf68n57w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ce:5c:c0:01:0a:a6:4f:0b:27:e8:98:a5:ef:07:ce:f2:07:
         86:7f:58:61:75:87:c7:db:f6:53:bc:56:7a:27:a5:fd:d9:7d:
         16:9f:37:43:07:8c:08:b6:0b:25:fb:71:19:68:13:1c:b5:3e:
         43:66:93:c5:f5:19:34:ad:6e:47:5f:ed:99:ff:42:a8:49:57:
         ed:39:68:a1:3b:d2:77:7a:98:17:b0:78:31:70:4e:32:c2:93:
         11:13:64:db:02:62:3a:f5:4b:60:ea:3b:f2:4c:1d:32:11:9a:
         8d:54:9e:81:5e:be:1d:c7:b5:c1:1b:e9:36:a4:ee:72:c6:7c:
         79:29:d2:a3:b1:21:5c:7f:23:e5:07:78:af:5d:75:f0:e0:1c:
         b2:ba:9d:ec:eb:c0:f4:0b:e6:fc:79:42:ce:a6:14:3c:c7:07:
         20:8b:38:c5:79:09:94:59:47:40:12:0f:45:16:ff:6c:ce:e3:
         ee:4b:cb:7b:29:de:04:cc:5c:cb:1c:34:7e:19:09:9d:30:63:
         5e:9f:44:28:0e:14:50:ea:34:e7:c4:44:ed:c1:2f:bb:01:9b:
         71:63:19:8d:2d:99:89:fd:51:9e:27:00:f0:d2:7b:ff:dc:e4:
         bc:4a:66:a8:e8:24:ea:60:d4:27:17:5e:0c:8f:88:40:cb:82:
         15:7b:61:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5VE317PW4vyd4+bQffyJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjYwMTI2MDgwMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWRkNjIzYWUwMGUyOWU1Y2E5OTkyMjA0ZTgwOWZlYmM5ZjllZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGHqpRwZao/Fwmf94PSwbbqgg1GC
34ypvMIl0DQDpiDhGc1P29JzNRP7hBRKyrpt2PsBelObgGeQlnJgB6uj/QHaZbOy
evCw3wn9cL4EgdkabeIhPQ5xTcBB5qehyOSBbF5+GybwL81roK2p5VDB7xlG6etk
MuZoQGrWtv9YRaU7WWAm16UsZy+YlV10BGlCwH900TeJyJVsvkilD4+NVSe1kxmd
fy3pIbp3jzlZbJOXuDL3kIseRfPG4gKU2bZMuo4C/wJAvmXZ9p8fBastKqfyO/vW
A0qOpw4WaFLw593iM8a5JAz82h1NhIrBNHIgztDRusINLhlRz3U1v1RmEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrdYjrgDinlypmSIE6An+vJ+e8NMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvaXQxaU91QU9LZVhLbVpJZ1RvQ2Y2OG41N3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXA7MA0G
CSqGSIb3DQEBCwUAA4IBAQBpzlzAAQqmTwsn6Jil7wfO8geGf1hhdYfH2/ZTvFZ6
J6X92X0WnzdDB4wItgsl+3EZaBMctT5DZpPF9Rk0rW5HX+2Z/0KoSVftOWihO9J3
epgXsHgxcE4ywpMRE2TbAmI69Utg6jvyTB0yEZqNVJ6BXr4dx7XBG+k2pO5yxnx5
KdKjsSFcfyPlB3ivXXXw4Byyup3s68D0C+b8eULOphQ8xwcgizjFeQmUWUdAEg9F
Fv9szuPuS8t7Kd4EzFzLHDR+GQmdMGNen0QoDhRQ6jTnxETtwS+7AZtxYxmNLZmJ
/VGeJwDw0nv/3OS8Smao6CTqYNQnF14Mj4hAy4IVe2EK
-----END CERTIFICATE-----