Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/Brn5F-40eNSDCLE6aqDrMS-dwhw.roa
File:                     Brn5F-40eNSDCLE6aqDrMS-dwhw.roa (raw, json)
Hash identifier:          1hN4iJehl+TMTpHf+NBH4j/ePoO90lU+U2xkIaHpESE=
Subject key identifier:   06:B9:F9:17:EE:34:78:D4:83:08:B1:3A:6A:A0:EB:31:2F:9D:C2:1C
Certificate issuer:       /CN=3722b2f090a967e0bcacd19f39ad2a887263b524
Certificate serial:       019B7CEE165448DD971FA2562887D140A397
Authority key identifier: 37:22:B2:F0:90:A9:67:E0:BC:AC:D1:9F:39:AD:2A:88:72:63:B5:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/Brn5F-40eNSDCLE6aqDrMS-dwhw.roa
Signing time:             Fri 02 Jan 2026 04:18:56 +0000
ROA not before:           Fri 02 Jan 2026 04:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49139
IP address blocks:        91.212.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:16:54:48:dd:97:1f:a2:56:28:87:d1:40:a3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3722b2f090a967e0bcacd19f39ad2a887263b524
        Validity
            Not Before: Jan  2 04:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06b9f917ee3478d48308b13a6aa0eb312f9dc21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:60:c5:a7:51:56:3f:28:c9:e5:76:0e:ec:39:
                    8e:38:2b:dc:ff:ed:d5:1b:6b:7e:12:ba:34:72:85:
                    c0:0c:88:ba:e8:2f:c3:6b:08:c4:ea:04:12:ee:2b:
                    1d:50:d8:d1:a4:da:40:d9:a8:dd:75:6f:32:a9:e0:
                    3b:d2:4f:ba:71:59:d0:b7:85:df:ba:e7:28:af:b4:
                    ab:40:57:dd:bc:d2:51:7c:02:0e:dc:ff:23:b9:0b:
                    6c:89:fd:c9:b8:68:07:cf:05:ba:db:23:0c:9b:97:
                    db:b3:30:05:cf:a9:70:23:5d:12:fc:c9:0a:56:9b:
                    9d:c9:75:60:5e:c1:5d:0f:b7:2e:8b:e3:6f:de:73:
                    ef:e6:43:69:ab:1d:bd:c0:65:66:be:5e:71:d0:21:
                    39:ee:58:d0:66:b9:17:b1:13:a9:e8:11:e3:66:da:
                    e3:80:37:51:05:44:48:c7:5e:b8:79:23:47:a8:3d:
                    2b:73:82:33:10:98:e7:5a:42:f4:bd:0d:21:b6:33:
                    15:35:3b:cf:36:73:1e:13:26:4b:68:51:16:a1:80:
                    00:10:38:db:77:cd:c4:fd:7e:9b:f8:25:08:0f:a9:
                    a1:59:33:c9:56:50:ce:5f:a6:8c:e3:38:bc:46:2f:
                    d3:b7:4e:41:af:5e:e3:25:7d:02:f8:20:7e:10:ef:
                    40:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B9:F9:17:EE:34:78:D4:83:08:B1:3A:6A:A0:EB:31:2F:9D:C2:1C
            X509v3 Authority Key Identifier:
                keyid:37:22:B2:F0:90:A9:67:E0:BC:AC:D1:9F:39:AD:2A:88:72:63:B5:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/Brn5F-40eNSDCLE6aqDrMS-dwhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ae:cc:8c:4f:32:14:c9:cf:5c:4c:b2:e2:b8:fe:c3:ef:7d:
         ae:56:c3:98:e6:17:4e:f1:e6:a8:ab:8e:79:65:6a:fd:d5:94:
         66:b4:59:f3:7a:d2:d9:75:4c:ab:8c:21:23:30:50:bf:ba:75:
         95:da:32:e6:8b:53:ea:21:ff:1e:ea:95:d9:fd:56:3f:c7:8e:
         76:64:85:9d:8d:d6:0a:e7:92:30:8d:f5:0c:22:2e:85:58:8e:
         03:a3:54:46:9e:61:0f:27:d0:e7:2d:12:1c:8f:21:56:57:0c:
         2e:ca:e9:48:f8:77:79:65:a3:a4:19:c2:c9:4b:4a:cd:b9:ff:
         e6:cf:29:7e:66:51:a4:98:3a:60:41:9f:8f:23:3a:e5:bf:3e:
         ae:e0:60:ac:35:c5:08:d8:2f:a8:12:74:7c:00:ca:f7:fa:06:
         99:3b:2b:fe:f1:8d:a3:46:b8:92:5b:89:b6:3a:9d:61:24:f9:
         a4:55:95:06:ca:29:68:d1:84:20:2c:65:d6:d4:44:a3:e1:b8:
         26:30:b5:83:f4:36:d4:4a:2a:81:5a:ff:53:0d:14:b9:a0:ae:
         78:ff:cc:41:33:64:da:b9:ff:13:2b:98:75:2e:fa:7d:05:ba:
         08:3e:ba:e5:c2:70:4c:38:c2:9b:80:2f:5b:e9:e3:03:4a:d4:
         52:13:69:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87hZUSN2XH6JWKIfRQKOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjJiMmYwOTBhOTY3ZTBiY2FjZDE5ZjM5YWQyYTg4NzI2
M2I1MjQwHhcNMjYwMTAyMDQxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI5ZjkxN2VlMzQ3OGQ0ODMwOGIxM2E2YWEwZWIzMTJmOWRjMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WDFp1FWPyjJ5XYO7DmOOCvc/+3V
G2t+Ero0coXADIi66C/DawjE6gQS7isdUNjRpNpA2ajddW8yqeA70k+6cVnQt4Xf
uucor7SrQFfdvNJRfAIO3P8juQtsif3JuGgHzwW62yMMm5fbszAFz6lwI10S/MkK
VpudyXVgXsFdD7cui+Nv3nPv5kNpqx29wGVmvl5x0CE57ljQZrkXsROp6BHjZtrj
gDdRBURIx164eSNHqD0rc4IzEJjnWkL0vQ0htjMVNTvPNnMeEyZLaFEWoYAAEDjb
d83E/X6b+CUID6mhWTPJVlDOX6aM4zi8Ri/Tt05Br17jJX0C+CB+EO9A3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa5+RfuNHjUgwixOmqg6zEvncIcMB8GA1UdIwQY
MBaAFDcisvCQqWfgvKzRnzmtKohyY7UkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlLeThKQ3BaLUM4ck5HZk9hMHFpSEpqdFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82MGRlNDYtNTk3NC00YzQ1LWJlMzYt
OGRjZGI5OThmZDVhLzEvQnJuNUYtNDBlTlNEQ0xFNmFxRHJNUy1kd2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82MGRlNDYtNTk3NC00YzQ1LWJlMzYtOGRjZGI5OThmZDVh
LzEvTnlLeThKQ3BaLUM4ck5HZk9hMHFpSEpqdFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SaMA0G
CSqGSIb3DQEBCwUAA4IBAQBDrsyMTzIUyc9cTLLiuP7D732uVsOY5hdO8eaoq455
ZWr91ZRmtFnzetLZdUyrjCEjMFC/unWV2jLmi1PqIf8e6pXZ/VY/x452ZIWdjdYK
55IwjfUMIi6FWI4Do1RGnmEPJ9DnLRIcjyFWVwwuyulI+Hd5ZaOkGcLJS0rNuf/m
zyl+ZlGkmDpgQZ+PIzrlvz6u4GCsNcUI2C+oEnR8AMr3+gaZOyv+8Y2jRriSW4m2
Op1hJPmkVZUGyilo0YQgLGXW1ESj4bgmMLWD9DbUSiqBWv9TDRS5oK54/8xBM2Ta
uf8TK5h1Lvp9BboIPrrlwnBMOMKbgC9b6eMDStRSE2nS
-----END CERTIFICATE-----