Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/2H14aLA4Cp324rBqEO8djM07PBg.roa
File:                     2H14aLA4Cp324rBqEO8djM07PBg.roa (raw, json)
Hash identifier:          AyLJeaWqYxVRZJAqZbG+ccG5qtic1hAj5FwGn1wevMA=
Subject key identifier:   D8:7D:78:68:B0:38:0A:9D:F6:E2:B0:6A:10:EF:1D:8C:CD:3B:3C:18
Certificate issuer:       /CN=bbb314d7e36901f6dea7c0291a51533bb224f3b3
Certificate serial:       019B76EB561D29CAEF0B2F3C2C230BAC5B29
Authority key identifier: BB:B3:14:D7:E3:69:01:F6:DE:A7:C0:29:1A:51:53:3B:B2:24:F3:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/2H14aLA4Cp324rBqEO8djM07PBg.roa
Signing time:             Thu 01 Jan 2026 00:18:12 +0000
ROA not before:           Thu 01 Jan 2026 00:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200157
IP address blocks:        185.159.190.0/24 maxlen: 24
                          2a12:86c0::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:56:1d:29:ca:ef:0b:2f:3c:2c:23:0b:ac:5b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbb314d7e36901f6dea7c0291a51533bb224f3b3
        Validity
            Not Before: Jan  1 00:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d87d7868b0380a9df6e2b06a10ef1d8ccd3b3c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f7:5a:da:24:f5:42:33:e9:c5:48:bc:9a:74:
                    c7:d6:f2:48:3c:b0:58:1c:26:a8:de:88:17:26:f3:
                    dc:22:aa:08:96:cd:b7:b8:28:5e:6d:8b:e3:03:0c:
                    d7:af:96:01:07:9d:a5:c5:fa:f2:de:fb:df:4e:f8:
                    4d:53:15:44:be:f9:c2:a2:48:8b:e4:01:56:e3:b6:
                    3f:48:70:b1:41:18:ca:1a:a6:d7:ec:07:ff:40:72:
                    8c:cf:bf:e0:69:b2:fc:d1:9a:ca:25:a2:74:40:14:
                    cd:74:ef:63:92:11:1d:b3:82:b8:de:dc:8c:da:23:
                    bb:cd:03:8b:f1:bb:42:4c:25:8f:18:f4:7d:ed:12:
                    a8:d6:4e:38:8c:54:05:d7:f0:5d:d0:ef:ef:99:2d:
                    f2:09:98:55:a5:c8:20:34:43:9c:70:4f:09:02:27:
                    ab:a6:c3:67:85:ee:f4:b3:c9:3d:e4:db:4f:5f:31:
                    cb:0c:c7:e6:e8:67:67:b2:be:5f:d2:24:a7:7d:b0:
                    e1:97:6d:ef:1d:88:cc:8e:c1:45:bc:57:0a:c9:b4:
                    4b:ae:ad:f8:bc:9d:b5:29:bf:53:65:7d:94:99:4f:
                    f4:18:45:d5:95:35:78:31:c4:fd:16:a6:da:86:25:
                    5b:08:e9:23:0a:c7:8a:da:43:50:8b:e3:e7:fd:79:
                    46:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7D:78:68:B0:38:0A:9D:F6:E2:B0:6A:10:EF:1D:8C:CD:3B:3C:18
            X509v3 Authority Key Identifier:
                keyid:BB:B3:14:D7:E3:69:01:F6:DE:A7:C0:29:1A:51:53:3B:B2:24:F3:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/2H14aLA4Cp324rBqEO8djM07PBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.190.0/24
                IPv6:
                  2a12:86c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:59:64:c5:8f:8f:bf:6a:14:91:b1:a4:95:59:3b:18:bb:81:
         01:54:37:2a:84:d4:9f:f2:91:ed:92:c3:67:8a:ea:79:87:f8:
         c5:8f:48:f9:80:6a:03:6e:73:94:c2:45:86:a7:8f:f4:22:17:
         ad:71:56:bd:3f:84:cd:25:6b:6c:a9:19:a0:f6:35:56:1d:2e:
         02:fe:c8:8f:49:21:41:89:82:79:6e:75:9b:9a:71:e8:41:a9:
         97:90:0e:9b:cb:8c:e4:4e:5a:db:8d:92:c9:6a:72:b7:ab:3f:
         57:8d:d1:b8:b8:b4:33:d4:cb:8a:65:a1:d0:55:38:43:8e:d0:
         7e:8a:30:56:e2:2d:d3:72:90:0d:d7:23:0f:c7:5b:87:f1:25:
         1d:fa:dd:a9:c9:1d:20:ae:ea:dd:01:e4:27:cf:37:22:ea:14:
         05:5d:e2:f9:7d:33:dd:e9:d1:70:af:a2:3e:0f:60:56:68:d7:
         30:66:47:7d:f9:42:fb:b3:a8:e5:24:3f:47:ab:fb:a3:c4:a8:
         39:69:57:86:a1:8c:23:d2:ec:8d:66:21:be:68:a8:7f:d6:53:
         4a:27:ec:cd:b0:28:e3:e3:ed:d1:8f:b8:3b:c7:9f:71:cb:35:
         50:b6:43:7a:f1:1c:26:07:e4:3d:72:e0:d6:90:ec:c4:ce:fa:
         b2:38:9f:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt261YdKcrvCy88LCMLrFspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYjMxNGQ3ZTM2OTAxZjZkZWE3YzAyOTFhNTE1MzNiYjIy
NGYzYjMwHhcNMjYwMTAxMDAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdkNzg2OGIwMzgwYTlkZjZlMmIwNmExMGVmMWQ4Y2NkM2IzYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPda2iT1QjPpxUi8mnTH1vJIPLBY
HCao3ogXJvPcIqoIls23uChebYvjAwzXr5YBB52lxfry3vvfTvhNUxVEvvnCokiL
5AFW47Y/SHCxQRjKGqbX7Af/QHKMz7/gabL80ZrKJaJ0QBTNdO9jkhEds4K43tyM
2iO7zQOL8btCTCWPGPR97RKo1k44jFQF1/Bd0O/vmS3yCZhVpcggNEOccE8JAier
psNnhe70s8k95NtPXzHLDMfm6Gdnsr5f0iSnfbDhl23vHYjMjsFFvFcKybRLrq34
vJ21Kb9TZX2UmU/0GEXVlTV4McT9FqbahiVbCOkjCseK2kNQi+Pn/XlGnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNh9eGiwOAqd9uKwahDvHYzNOzwYMB8GA1UdIwQY
MBaAFLuzFNfjaQH23qfAKRpRUzuyJPOzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTdNVTEtTnBBZmJlcDhBcEdsRlRPN0lrODdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83YWMzN2ItMDIwYi00OWFlLWFjOWIt
Zjk4ZWM3NGFiZmQ1LzEvMkgxNGFMQTRDcDMyNHJCcUVPOGRqTTA3UEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83YWMzN2ItMDIwYi00OWFlLWFjOWItZjk4ZWM3NGFiZmQ1
LzEvdTdNVTEtTnBBZmJlcDhBcEdsRlRPN0lrODdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZ++MA0E
AgACMAcDBQAqEobAMA0GCSqGSIb3DQEBCwUAA4IBAQCIWWTFj4+/ahSRsaSVWTsY
u4EBVDcqhNSf8pHtksNniup5h/jFj0j5gGoDbnOUwkWGp4/0IhetcVa9P4TNJWts
qRmg9jVWHS4C/siPSSFBiYJ5bnWbmnHoQamXkA6by4zkTlrbjZLJanK3qz9XjdG4
uLQz1MuKZaHQVThDjtB+ijBW4i3TcpAN1yMPx1uH8SUd+t2pyR0grurdAeQnzzci
6hQFXeL5fTPd6dFwr6I+D2BWaNcwZkd9+UL7s6jlJD9Hq/ujxKg5aVeGoYwj0uyN
ZiG+aKh/1lNKJ+zNsCjj4+3Rj7g7x59xyzVQtkN68RwmB+Q9cuDWkOzEzvqyOJ96
-----END CERTIFICATE-----