Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1Y-EkJCfFjGX2xGzmKkkRqmeiw4.roa
File:                     1Y-EkJCfFjGX2xGzmKkkRqmeiw4.roa (raw, json)
Hash identifier:          +CbxenDR9qnn+vvlUvs6iYtvWNFBwBZeBWN2Ah+h/54=
Subject key identifier:   D5:8F:84:90:90:9F:16:31:97:DB:11:B3:98:A9:24:46:A9:9E:8B:0E
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019EBB0ADC9B64265C16C7F2C660879A9987
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1Y-EkJCfFjGX2xGzmKkkRqmeiw4.roa
Signing time:             Fri 12 Jun 2026 08:55:11 +0000
ROA not before:           Fri 12 Jun 2026 08:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212150
IP address blocks:        185.115.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:0a:dc:9b:64:26:5c:16:c7:f2:c6:60:87:9a:99:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun 12 08:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d58f8490909f163197db11b398a92446a99e8b0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:66:c8:21:07:6a:6b:24:de:96:e8:02:13:08:
                    af:e1:77:98:9f:5b:ee:34:a7:a0:1d:9b:51:3d:2b:
                    39:00:14:43:83:04:0f:20:06:5c:da:28:17:fb:55:
                    70:00:e8:0e:6e:63:df:5d:cf:47:26:24:f6:00:42:
                    0a:c3:85:2f:8e:9e:29:1c:f9:54:4b:47:19:1c:41:
                    83:f1:e2:47:86:97:f3:68:5e:ff:21:74:88:d2:b6:
                    78:27:d3:f5:98:be:3e:63:29:e6:d8:11:d2:3c:9d:
                    9c:a4:57:ad:c3:87:86:43:48:45:d4:c7:17:08:f2:
                    74:8c:74:35:e3:8c:5e:44:10:1b:3f:92:d4:5b:5e:
                    af:6f:12:6b:fe:68:92:d2:75:13:8e:12:c9:0e:18:
                    a9:fd:ae:f4:1c:90:8c:24:19:0f:95:c2:7b:f6:8b:
                    17:0c:dc:3f:08:f1:a6:62:e0:78:cd:df:90:c0:23:
                    86:74:48:19:60:8e:d1:81:bf:4a:12:a4:ec:4d:69:
                    07:78:ab:d1:8b:98:e5:29:43:77:4b:cb:e4:e6:fc:
                    89:cd:42:ef:39:4b:e8:fb:c6:de:09:88:51:4e:fa:
                    e1:51:bd:0d:5a:6c:71:93:53:85:d7:98:2c:84:41:
                    bb:61:be:aa:8b:37:3b:35:c9:68:ce:ba:4f:ab:03:
                    30:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:8F:84:90:90:9F:16:31:97:DB:11:B3:98:A9:24:46:A9:9E:8B:0E
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/1Y-EkJCfFjGX2xGzmKkkRqmeiw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c1:0f:9e:d2:e0:59:40:bf:8d:4d:32:79:ae:22:59:9f:aa:
         de:2e:01:0e:3f:18:21:da:99:71:2e:a3:84:8f:35:f9:2b:b4:
         59:d6:47:3d:d9:55:8f:26:65:e2:8d:53:4c:34:23:c1:d7:8d:
         e5:62:de:ac:51:ee:11:c4:56:a6:55:39:eb:3f:14:4b:91:e3:
         72:33:70:48:53:74:f9:cb:e8:0a:18:c2:cb:ad:da:14:f3:af:
         23:67:bc:60:a3:a9:74:86:dc:0e:79:76:38:66:5d:2b:5d:5f:
         d7:4a:84:9e:e4:96:3d:21:70:9d:10:5e:23:fd:52:12:78:5b:
         31:3c:15:ea:b5:4c:ad:57:9b:7e:43:43:aa:11:0e:ec:35:2c:
         6c:75:3d:e5:d8:9f:5d:3a:3f:76:7e:de:a8:7d:4d:68:c2:9e:
         3b:15:51:b7:88:17:a0:1e:58:b3:1d:30:ca:84:cf:33:f1:d2:
         61:7b:b6:fb:f5:56:b4:4b:1d:8f:f7:ed:12:fb:8b:73:7f:2f:
         14:f2:62:10:a6:5b:9b:29:25:87:b6:03:02:a9:c2:c3:91:06:
         1c:68:1c:cf:c5:f8:8c:18:32:6b:86:d0:4b:02:d2:cd:af:6f:
         d3:06:ce:89:fd:83:52:14:b9:75:94:f9:9b:cc:76:6c:b8:f9:
         de:7d:ad:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ67CtybZCZcFsfyxmCHmpmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNjEyMDg1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNThmODQ5MDkwOWYxNjMxOTdkYjExYjM5OGE5MjQ0NmE5OWU4YjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2bIIQdqayTelugCEwiv4XeYn1vu
NKegHZtRPSs5ABRDgwQPIAZc2igX+1VwAOgObmPfXc9HJiT2AEIKw4Uvjp4pHPlU
S0cZHEGD8eJHhpfzaF7/IXSI0rZ4J9P1mL4+Yynm2BHSPJ2cpFetw4eGQ0hF1McX
CPJ0jHQ144xeRBAbP5LUW16vbxJr/miS0nUTjhLJDhip/a70HJCMJBkPlcJ79osX
DNw/CPGmYuB4zd+QwCOGdEgZYI7Rgb9KEqTsTWkHeKvRi5jlKUN3S8vk5vyJzULv
OUvo+8beCYhRTvrhUb0NWmxxk1OF15gshEG7Yb6qizc7NclozrpPqwMwlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWPhJCQnxYxl9sRs5ipJEapnosOMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvMVktRWtKQ2ZGakdYMnhHem1La2tScW1laXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOgMA0G
CSqGSIb3DQEBCwUAA4IBAQAzwQ+e0uBZQL+NTTJ5riJZn6reLgEOPxgh2plxLqOE
jzX5K7RZ1kc92VWPJmXijVNMNCPB143lYt6sUe4RxFamVTnrPxRLkeNyM3BIU3T5
y+gKGMLLrdoU868jZ7xgo6l0htwOeXY4Zl0rXV/XSoSe5JY9IXCdEF4j/VISeFsx
PBXqtUytV5t+Q0OqEQ7sNSxsdT3l2J9dOj92ft6ofU1owp47FVG3iBegHlizHTDK
hM8z8dJhe7b79Va0Sx2P9+0S+4tzfy8U8mIQplubKSWHtgMCqcLDkQYcaBzPxfiM
GDJrhtBLAtLNr2/TBs6J/YNSFLl1lPmbzHZsuPnefa0J
-----END CERTIFICATE-----