Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/8C1K16ZGwKT5NIjvKN-j0pcnQo8.roa
File:                     8C1K16ZGwKT5NIjvKN-j0pcnQo8.roa (raw, json)
Hash identifier:          YQmdPGmVBm9p8CaMLz35kp3pJmtJoGvCw4DVTiii/j8=
Subject key identifier:   F0:2D:4A:D7:A6:46:C0:A4:F9:34:88:EF:28:DF:A3:D2:97:27:42:8F
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019EBB6D2E32BD7964C6339F2F8373BA67C9
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/8C1K16ZGwKT5NIjvKN-j0pcnQo8.roa
Signing time:             Fri 12 Jun 2026 10:42:35 +0000
ROA not before:           Fri 12 Jun 2026 10:42:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     132359
IP address blocks:        84.247.75.0/24 maxlen: 24
                          84.247.114.0/24 maxlen: 24
                          89.149.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:6d:2e:32:bd:79:64:c6:33:9f:2f:83:73:ba:67:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Jun 12 10:42:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f02d4ad7a646c0a4f93488ef28dfa3d29727428f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d2:cc:7d:92:78:cc:ac:70:c4:53:5c:fd:a8:
                    bd:34:64:a2:99:05:ee:80:01:6c:a4:99:5e:7d:c7:
                    41:d7:a7:f8:73:37:6e:5b:09:e9:cc:8e:2a:b2:73:
                    6f:f0:90:b0:24:3b:c3:53:9e:f1:df:13:b4:2b:58:
                    41:0c:ca:ef:af:36:05:47:f9:14:40:92:10:92:94:
                    fb:e5:83:ed:43:d3:88:14:da:61:35:77:1c:90:a4:
                    ad:77:ea:5d:4c:0a:33:d2:73:e3:fa:c4:55:0f:70:
                    ad:16:7e:b3:19:58:5d:af:82:a3:d3:3b:8d:72:55:
                    be:a6:bf:15:1f:c1:99:a5:bc:99:3a:3f:af:e0:d7:
                    b8:92:ae:1b:10:d8:35:c2:44:39:38:ac:83:ce:cf:
                    f4:4a:cc:c1:75:6f:ce:52:3c:6b:2e:76:46:ae:3a:
                    8b:0d:8a:47:84:21:1f:37:a0:2d:e2:06:4e:d7:01:
                    d1:1b:9c:5a:7f:d4:b1:d2:21:64:63:7e:7a:59:11:
                    3a:6f:7e:d5:fa:fe:d8:be:11:79:6a:69:d5:de:31:
                    3d:f1:08:a6:a3:d1:98:fe:a4:a7:e2:dc:61:f9:ff:
                    a1:28:c9:b4:3e:37:3a:5a:8e:64:15:d6:aa:f3:b1:
                    52:60:de:06:bd:0c:6d:99:0d:14:2b:a4:a3:2e:bb:
                    d6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:2D:4A:D7:A6:46:C0:A4:F9:34:88:EF:28:DF:A3:D2:97:27:42:8F
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/8C1K16ZGwKT5NIjvKN-j0pcnQo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.75.0/24
                  84.247.114.0/24
                  89.149.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a6:b6:40:b2:02:0c:f2:ce:cd:e0:dd:00:06:07:6a:75:83:
         73:94:c5:99:ed:97:2c:cd:46:77:6f:d4:d3:65:01:7d:a6:83:
         13:8c:fd:39:9b:da:0c:90:03:08:29:6e:02:97:5b:09:48:8b:
         0a:99:c4:67:f3:d6:62:15:d4:09:e8:92:49:fd:b4:de:8a:04:
         f9:96:73:1e:49:4e:70:c2:2e:d0:52:54:07:a8:e0:88:26:a5:
         eb:68:da:16:e3:18:97:c8:3d:8d:f2:bd:c0:c7:94:11:61:1d:
         3f:73:6d:58:b1:7b:f7:35:18:aa:38:47:0a:29:b5:82:93:31:
         ee:7f:37:f1:9e:98:6f:9a:4b:2d:f2:ad:b0:81:32:a9:5f:08:
         48:ac:85:28:75:d3:0a:e8:6a:5b:2f:65:19:f8:9f:ce:cf:84:
         3b:dc:b5:87:22:1c:f8:17:26:f3:b6:84:98:a5:8b:ec:31:42:
         c8:39:01:91:1a:90:6a:43:b5:5c:8a:72:da:20:93:d8:c4:0c:
         e5:27:a9:98:5c:cd:6d:a7:87:59:d7:f4:87:46:e1:df:b7:54:
         06:21:47:d2:19:11:0a:3f:b4:4f:aa:5f:d6:43:f4:e6:d2:ec:
         51:0d:b7:c8:6b:5c:74:89:5b:1c:c7:98:6d:7b:13:ef:6b:35:
         ed:cb:46:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ67bS4yvXlkxjOfL4NzumfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjYwNjEyMTA0MjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDJkNGFkN2E2NDZjMGE0ZjkzNDg4ZWYyOGRmYTNkMjk3Mjc0MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtLMfZJ4zKxwxFNc/ai9NGSimQXu
gAFspJlefcdB16f4czduWwnpzI4qsnNv8JCwJDvDU57x3xO0K1hBDMrvrzYFR/kU
QJIQkpT75YPtQ9OIFNphNXcckKStd+pdTAoz0nPj+sRVD3CtFn6zGVhdr4Kj0zuN
clW+pr8VH8GZpbyZOj+v4Ne4kq4bENg1wkQ5OKyDzs/0SszBdW/OUjxrLnZGrjqL
DYpHhCEfN6At4gZO1wHRG5xaf9Sx0iFkY356WRE6b37V+v7YvhF5amnV3jE98Qim
o9GY/qSn4txh+f+hKMm0Pjc6Wo5kFdaq87FSYN4GvQxtmQ0UK6SjLrvW6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPAtStemRsCk+TSI7yjfo9KXJ0KPMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvOEMxSzE2Wkd3S1Q1TklqdktOLWowcGNuUW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVPdLAwQA
VPdyAwQAWZURMA0GCSqGSIb3DQEBCwUAA4IBAQAmprZAsgIM8s7N4N0ABgdqdYNz
lMWZ7ZcszUZ3b9TTZQF9poMTjP05m9oMkAMIKW4Cl1sJSIsKmcRn89ZiFdQJ6JJJ
/bTeigT5lnMeSU5wwi7QUlQHqOCIJqXraNoW4xiXyD2N8r3Ax5QRYR0/c21YsXv3
NRiqOEcKKbWCkzHufzfxnphvmkst8q2wgTKpXwhIrIUoddMK6GpbL2UZ+J/Oz4Q7
3LWHIhz4FybztoSYpYvsMULIOQGRGpBqQ7VcinLaIJPYxAzlJ6mYXM1tp4dZ1/SH
RuHft1QGIUfSGREKP7RPql/WQ/Tm0uxRDbfIa1x0iVscx5htexPvazXty0Zw
-----END CERTIFICATE-----