Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/MCbnv8KJAY7dWm0UH6ulCMh-Zxc.roa
File:                     MCbnv8KJAY7dWm0UH6ulCMh-Zxc.roa (raw, json)
Hash identifier:          0xuvAxTJi/9kYRQK87s4orh7y9pLCa7vkuXPG3p7G24=
Subject key identifier:   30:26:E7:BF:C2:89:01:8E:DD:5A:6D:14:1F:AB:A5:08:C8:7E:67:17
Certificate issuer:       /CN=8c32a6e57ec81cc5cb43bb503749b360f2b05c3b
Certificate serial:       019B7F15274123670D8339AA13B53F17C31A
Authority key identifier: 8C:32:A6:E5:7E:C8:1C:C5:CB:43:BB:50:37:49:B3:60:F2:B0:5C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/MCbnv8KJAY7dWm0UH6ulCMh-Zxc.roa
Signing time:             Fri 02 Jan 2026 14:20:51 +0000
ROA not before:           Fri 02 Jan 2026 14:20:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203797
IP address blocks:        185.123.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:27:41:23:67:0d:83:39:aa:13:b5:3f:17:c3:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c32a6e57ec81cc5cb43bb503749b360f2b05c3b
        Validity
            Not Before: Jan  2 14:20:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3026e7bfc289018edd5a6d141faba508c87e6717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ca:fa:ba:a2:bb:36:f8:3f:18:7e:07:88:5b:
                    45:5a:2f:3c:fe:4d:ce:f3:6d:22:51:9f:aa:f3:66:
                    28:91:97:0a:e4:47:d9:0c:a3:e1:01:99:b5:50:4f:
                    60:75:52:f5:1a:1c:7a:0b:09:4f:7d:ff:7f:2c:17:
                    4b:bb:26:54:20:74:c6:0a:56:f3:0a:f6:96:ed:0d:
                    dc:e2:5c:c0:0c:0c:d3:76:d0:bb:b4:f9:86:51:2b:
                    10:f8:2a:7f:76:37:14:1f:78:26:04:c9:4a:a7:9b:
                    6c:f3:b6:b7:be:88:90:8a:31:b8:18:ec:52:e0:97:
                    73:4c:29:ea:bd:96:f4:91:67:24:8d:8d:c0:e5:09:
                    f4:b9:3f:97:a7:ea:17:98:05:1d:9e:4a:76:08:08:
                    0e:cf:df:f0:c2:d9:37:ee:87:dd:33:6e:ec:37:3e:
                    90:02:c2:4c:f4:8d:f2:98:b0:ad:ca:03:fa:e7:cd:
                    44:5c:e5:17:49:09:8f:92:30:8d:bc:c6:44:c8:07:
                    4e:37:fc:20:32:0b:34:c0:a6:e3:d7:85:11:8d:f9:
                    0e:21:3e:47:fb:99:df:8e:af:e0:a5:40:d8:74:ab:
                    ae:03:24:f0:3c:c8:5f:48:5c:a4:51:d5:5b:e6:9c:
                    af:10:a6:29:37:60:8b:77:47:9c:d5:51:5e:67:72:
                    26:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:26:E7:BF:C2:89:01:8E:DD:5A:6D:14:1F:AB:A5:08:C8:7E:67:17
            X509v3 Authority Key Identifier:
                keyid:8C:32:A6:E5:7E:C8:1C:C5:CB:43:BB:50:37:49:B3:60:F2:B0:5C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/MCbnv8KJAY7dWm0UH6ulCMh-Zxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:d8:f4:7f:3a:3e:b9:f3:86:ca:34:fd:6b:ef:2e:71:bb:df:
         41:fc:52:f3:93:9c:07:22:1c:be:d9:ab:59:cd:18:9e:2a:65:
         70:33:25:41:4b:69:b8:bb:59:b4:2b:de:76:95:16:02:c8:b6:
         61:d4:8b:c1:de:52:60:17:6a:54:31:18:57:32:f9:14:a6:ae:
         64:04:08:01:73:cf:6f:b7:c7:95:de:30:db:2b:55:d1:92:f6:
         9d:e7:98:1c:37:cb:06:95:eb:77:96:a5:50:1b:0d:52:8d:80:
         94:3f:de:1c:ef:0a:59:88:18:09:e5:94:e4:bf:9d:7e:3c:39:
         fe:a5:07:a0:ca:c8:b7:2f:07:28:3a:6f:2b:db:0e:e0:6f:25:
         42:de:aa:93:23:a2:e8:07:4e:f1:f3:f8:da:4a:a0:a9:73:4d:
         10:8f:a3:f2:ad:ca:b4:09:9f:87:1a:7c:32:2b:46:cd:41:2c:
         62:46:01:af:26:45:73:65:a4:30:8c:4b:7c:6a:c3:01:cf:0e:
         d3:3b:00:61:ed:e6:b8:48:cb:d9:6d:ec:f9:fd:34:c1:c6:59:
         16:db:64:32:3e:89:09:76:8b:ce:99:40:98:bf:48:e1:26:15:
         2c:28:f9:99:16:71:8b:bd:98:52:07:20:ef:cb:19:5f:90:6a:
         c5:df:6f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FSdBI2cNgzmqE7U/F8MaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzJhNmU1N2VjODFjYzVjYjQzYmI1MDM3NDliMzYwZjJi
MDVjM2IwHhcNMjYwMTAyMTQyMDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI2ZTdiZmMyODkwMThlZGQ1YTZkMTQxZmFiYTUwOGM4N2U2NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcr6uqK7Nvg/GH4HiFtFWi88/k3O
820iUZ+q82YokZcK5EfZDKPhAZm1UE9gdVL1Ghx6CwlPff9/LBdLuyZUIHTGClbz
CvaW7Q3c4lzADAzTdtC7tPmGUSsQ+Cp/djcUH3gmBMlKp5ts87a3voiQijG4GOxS
4JdzTCnqvZb0kWckjY3A5Qn0uT+Xp+oXmAUdnkp2CAgOz9/wwtk37ofdM27sNz6Q
AsJM9I3ymLCtygP6581EXOUXSQmPkjCNvMZEyAdON/wgMgs0wKbj14URjfkOIT5H
+5nfjq/gpUDYdKuuAyTwPMhfSFykUdVb5pyvEKYpN2CLd0ec1VFeZ3ImmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAm57/CiQGO3VptFB+rpQjIfmcXMB8GA1UdIwQY
MBaAFIwypuV+yBzFy0O7UDdJs2DysFw7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakRLbTVYN0lITVhMUTd0UU4wbXpZUEt3WERzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC82ZTBjZmEtMjA1ZS00ZDY2LWFlM2Et
Yzc0M2Q3YzBiYjIyLzEvTUNibnY4S0pBWTdkV20wVUg2dWxDTWgtWnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC82ZTBjZmEtMjA1ZS00ZDY2LWFlM2EtYzc0M2Q3YzBiYjIy
LzEvakRLbTVYN0lITVhMUTd0UU4wbXpZUEt3WERzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXtIMA0G
CSqGSIb3DQEBCwUAA4IBAQCy2PR/Oj6584bKNP1r7y5xu99B/FLzk5wHIhy+2atZ
zRieKmVwMyVBS2m4u1m0K952lRYCyLZh1IvB3lJgF2pUMRhXMvkUpq5kBAgBc89v
t8eV3jDbK1XRkvad55gcN8sGlet3lqVQGw1SjYCUP94c7wpZiBgJ5ZTkv51+PDn+
pQegysi3LwcoOm8r2w7gbyVC3qqTI6LoB07x8/jaSqCpc00Qj6Pyrcq0CZ+HGnwy
K0bNQSxiRgGvJkVzZaQwjEt8asMBzw7TOwBh7ea4SMvZbez5/TTBxlkW22QyPokJ
dovOmUCYv0jhJhUsKPmZFnGLvZhSByDvyxlfkGrF328D
-----END CERTIFICATE-----