Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/7pVh0pZTEc1E6xJL3InhvltDz2s.roa
File:                     7pVh0pZTEc1E6xJL3InhvltDz2s.roa (raw, json)
Hash identifier:          MmrKH/vPG61mnh+lBIkFizSc2omHNbwFSetlTBexxRo=
Subject key identifier:   EE:95:61:D2:96:53:11:CD:44:EB:12:4B:DC:89:E1:BE:5B:43:CF:6B
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       019CAE0545EBC85811B1F909C97797E59048
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/7pVh0pZTEc1E6xJL3InhvltDz2s.roa
Signing time:             Mon 02 Mar 2026 10:08:27 +0000
ROA not before:           Mon 02 Mar 2026 10:08:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        85.203.20.0/24 maxlen: 24
                          85.203.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:08:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:05:45:eb:c8:58:11:b1:f9:09:c9:77:97:e5:90:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Mar  2 10:08:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee9561d2965311cd44eb124bdc89e1be5b43cf6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:ce:97:9c:7b:54:90:5c:8b:69:12:fa:3f:
                    9f:91:9e:2f:f3:d3:c1:f6:35:13:83:d1:13:65:b1:
                    7b:4e:c6:66:66:27:93:7d:59:dd:5e:9a:c8:55:75:
                    57:dc:d4:f3:c4:31:db:af:55:e0:95:d2:5b:4f:d1:
                    58:72:c8:bf:57:41:0d:1c:8a:08:2f:11:4c:f2:6c:
                    54:66:38:39:18:7f:a5:87:46:b0:a2:f4:0a:46:81:
                    26:33:44:44:cf:73:cf:e9:d0:74:97:bb:58:56:a4:
                    2b:a2:01:50:bd:90:fb:59:2f:db:bc:89:89:55:7b:
                    c9:43:29:9a:84:c0:26:cb:72:38:7c:bb:a8:59:da:
                    b3:bd:39:08:9c:4e:38:8d:a0:05:a7:3e:56:af:d0:
                    f3:35:15:a1:7f:c9:f0:e3:af:6c:f1:fe:a1:6c:cd:
                    29:a4:1c:81:75:36:cc:3e:ab:1a:97:9f:61:e2:ca:
                    c7:f1:25:42:55:89:f0:b0:91:8d:ad:63:42:ff:ec:
                    cf:5c:9d:11:e2:6f:c0:1f:d0:64:76:2e:3e:58:f2:
                    ce:22:d1:58:08:e2:44:84:8b:db:2c:50:d5:a0:30:
                    6e:06:3a:f4:5b:aa:83:59:26:c5:81:5e:9d:b9:74:
                    62:a7:a8:a6:fc:c9:7a:90:b2:4d:72:a9:f1:33:d3:
                    5a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:95:61:D2:96:53:11:CD:44:EB:12:4B:DC:89:E1:BE:5B:43:CF:6B
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/7pVh0pZTEc1E6xJL3InhvltDz2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.20.0/24
                  85.203.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:40:d9:e8:0b:dc:cf:40:e9:28:80:d1:12:2b:c8:a3:84:d7:
         c2:a1:c9:18:b5:2f:62:37:e5:78:85:39:99:e9:dd:0e:4f:1a:
         43:fb:79:ff:01:29:62:d4:1f:b0:a0:44:80:4a:da:d3:85:73:
         2b:86:ed:57:d6:ff:ed:81:8a:d5:ad:7c:53:fb:32:ee:20:14:
         82:eb:58:c6:db:c0:4d:0c:c1:62:b0:60:dc:24:37:0b:50:52:
         03:d9:a5:3b:57:2e:93:ea:72:7f:2a:55:5c:ff:fb:65:55:e5:
         71:fd:42:e9:cc:fc:54:df:b3:45:84:d6:d5:f5:5f:05:30:3d:
         e0:06:64:86:f6:1a:12:99:90:3d:78:a2:6d:c3:cb:df:97:e2:
         23:df:43:59:08:ad:e4:e3:8d:ed:6c:49:18:04:62:bb:a2:14:
         4a:64:39:aa:35:15:da:63:be:fc:88:6a:8d:e4:a0:f2:48:e2:
         63:25:05:8b:a6:fd:25:66:cf:ed:a0:ad:a0:2e:ff:ab:23:13:
         23:97:76:34:45:59:10:30:73:d4:44:ef:e2:8e:23:18:80:72:
         b6:55:00:4e:d8:fe:78:af:5c:e6:95:fe:f4:8b:df:49:5b:d4:
         80:4e:76:90:52:74:80:cc:c1:c9:1f:5b:1b:db:24:ad:a8:86:
         13:a7:3d:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyuBUXryFgRsfkJyXeX5ZBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjYwMzAyMTAwODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTk1NjFkMjk2NTMxMWNkNDRlYjEyNGJkYzg5ZTFiZTViNDNjZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaXOl5x7VJBci2kS+j+fkZ4v89PB
9jUTg9ETZbF7TsZmZieTfVndXprIVXVX3NTzxDHbr1XgldJbT9FYcsi/V0ENHIoI
LxFM8mxUZjg5GH+lh0awovQKRoEmM0REz3PP6dB0l7tYVqQrogFQvZD7WS/bvImJ
VXvJQymahMAmy3I4fLuoWdqzvTkInE44jaAFpz5Wr9DzNRWhf8nw469s8f6hbM0p
pByBdTbMPqsal59h4srH8SVCVYnwsJGNrWNC/+zPXJ0R4m/AH9Bkdi4+WPLOItFY
COJEhIvbLFDVoDBuBjr0W6qDWSbFgV6duXRip6im/Ml6kLJNcqnxM9NaSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO6VYdKWUxHNROsSS9yJ4b5bQ89rMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvN3BWaDBwWlRFYzFFNnhKTDNJbmh2bHREejJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcsUAwQA
VcsuMA0GCSqGSIb3DQEBCwUAA4IBAQAFQNnoC9zPQOkogNESK8ijhNfCockYtS9i
N+V4hTmZ6d0OTxpD+3n/ASli1B+woESAStrThXMrhu1X1v/tgYrVrXxT+zLuIBSC
61jG28BNDMFisGDcJDcLUFID2aU7Vy6T6nJ/KlVc//tlVeVx/ULpzPxU37NFhNbV
9V8FMD3gBmSG9hoSmZA9eKJtw8vfl+Ij30NZCK3k443tbEkYBGK7ohRKZDmqNRXa
Y778iGqN5KDySOJjJQWLpv0lZs/toK2gLv+rIxMjl3Y0RVkQMHPURO/ijiMYgHK2
VQBO2P54r1zmlf70i99JW9SATnaQUnSAzMHJH1sb2yStqIYTpz0l
-----END CERTIFICATE-----