Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ApOQvOfJC5rOS-rpG6f9q5KECxc.roa
File:                     ApOQvOfJC5rOS-rpG6f9q5KECxc.roa (raw, json)
Hash identifier:          0QtUwVSXNe9EIAXokncO4ksk5FUx6ofCfZxnSuPDASU=
Subject key identifier:   02:93:90:BC:E7:C9:0B:9A:CE:4B:EA:E9:1B:A7:FD:AB:92:84:0B:17
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019C8FED1C5E5241BE2C6473F092F725B03D
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ApOQvOfJC5rOS-rpG6f9q5KECxc.roa
Signing time:             Tue 24 Feb 2026 13:53:26 +0000
ROA not before:           Tue 24 Feb 2026 13:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        195.216.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:ed:1c:5e:52:41:be:2c:64:73:f0:92:f7:25:b0:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Feb 24 13:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=029390bce7c90b9ace4beae91ba7fdab92840b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d7:0b:72:20:1f:d4:12:84:30:7c:cb:33:d1:
                    ae:4f:95:d7:61:a6:27:dd:d2:8e:fe:fa:11:38:de:
                    b4:b6:68:d3:4c:aa:5b:bb:92:89:30:eb:98:d1:19:
                    93:6c:ac:65:4e:eb:62:5d:53:ed:18:9c:4e:e1:9a:
                    cd:71:00:ab:35:3f:09:8c:9a:c4:c7:46:ef:71:90:
                    55:1d:8f:16:c9:de:c4:ee:9c:aa:73:3d:80:97:15:
                    e3:5d:42:4b:e7:72:25:2a:e2:f9:84:eb:28:ee:17:
                    40:78:78:ff:63:84:12:ea:b5:7c:a3:fa:cf:7d:61:
                    05:ec:ed:93:db:40:56:d2:47:b6:51:0d:a6:02:d3:
                    fd:32:1f:d1:3c:ca:3c:9d:8e:c4:05:42:be:5b:8f:
                    b6:72:24:cb:8e:ad:6d:08:22:17:b5:01:19:70:b0:
                    cf:e8:82:c0:83:f1:91:73:82:b6:86:15:5a:84:3d:
                    0b:73:30:19:68:73:50:ec:7b:4a:29:f1:a8:58:cb:
                    0a:f9:39:8b:a2:03:17:0e:3d:7b:ca:9e:e3:d9:89:
                    00:5b:b9:69:59:f4:96:d3:82:53:c7:cb:b1:0a:47:
                    fb:d9:ac:36:7d:a8:ee:a8:14:07:aa:a9:51:58:c8:
                    62:be:96:89:14:00:2b:53:b6:4c:4f:79:c1:6f:6a:
                    5a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:93:90:BC:E7:C9:0B:9A:CE:4B:EA:E9:1B:A7:FD:AB:92:84:0B:17
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ApOQvOfJC5rOS-rpG6f9q5KECxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:5b:4f:ca:b0:c1:97:28:ad:8c:4c:41:da:2e:81:fc:a7:4f:
         85:dc:d4:76:39:78:5d:bb:b4:c5:c2:5c:77:71:46:76:3f:b0:
         33:e5:aa:c2:0b:61:9b:40:f9:56:12:16:ac:4a:03:82:36:85:
         a7:c2:eb:d3:1f:f2:1b:09:0a:e7:02:06:00:ff:94:21:a3:4e:
         61:70:ad:9b:b2:cb:f0:07:d5:9c:69:06:e2:09:24:bf:f9:a4:
         6a:2e:4c:eb:06:89:0a:8b:41:ed:d5:fe:d5:38:28:80:b2:6c:
         b9:f4:5c:ab:c5:5d:29:2e:0f:cd:a3:00:5a:3c:59:44:cb:80:
         21:9a:4f:ad:ae:c4:97:0b:bb:81:f4:2d:e0:93:5e:55:cf:c9:
         fd:bf:c7:3d:72:25:87:bb:6e:e7:7a:88:e0:d2:5e:b9:ed:e6:
         76:73:25:6a:8f:99:fb:c8:05:b8:d3:ae:6e:f5:8c:14:18:7c:
         dd:93:4f:6a:fc:36:ab:fb:55:62:db:2a:b0:04:5f:a8:cc:0a:
         42:96:c1:fa:00:1e:0c:eb:e3:46:9f:77:79:99:df:3f:94:90:
         db:87:02:2f:be:79:b1:b1:68:78:4d:93:fc:2b:9d:a9:5b:c8:
         e7:fa:ea:e5:99:a2:32:07:53:67:6b:ea:17:20:b1:7d:db:eb:
         c3:64:f7:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyP7RxeUkG+LGRz8JL3JbA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwMjI0MTM1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjkzOTBiY2U3YzkwYjlhY2U0YmVhZTkxYmE3ZmRhYjkyODQwYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dcLciAf1BKEMHzLM9GuT5XXYaYn
3dKO/voRON60tmjTTKpbu5KJMOuY0RmTbKxlTutiXVPtGJxO4ZrNcQCrNT8JjJrE
x0bvcZBVHY8Wyd7E7pyqcz2AlxXjXUJL53IlKuL5hOso7hdAeHj/Y4QS6rV8o/rP
fWEF7O2T20BW0ke2UQ2mAtP9Mh/RPMo8nY7EBUK+W4+2ciTLjq1tCCIXtQEZcLDP
6ILAg/GRc4K2hhVahD0LczAZaHNQ7HtKKfGoWMsK+TmLogMXDj17yp7j2YkAW7lp
WfSW04JTx8uxCkf72aw2fajuqBQHqqlRWMhivpaJFAArU7ZMT3nBb2paOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKTkLznyQuazkvq6Run/auShAsXMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvQXBPUXZPZkpDNXJPUy1ycEc2ZjlxNUtFQ3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i8MA0G
CSqGSIb3DQEBCwUAA4IBAQBbW0/KsMGXKK2MTEHaLoH8p0+F3NR2OXhdu7TFwlx3
cUZ2P7Az5arCC2GbQPlWEhasSgOCNoWnwuvTH/IbCQrnAgYA/5Qho05hcK2bssvw
B9WcaQbiCSS/+aRqLkzrBokKi0Ht1f7VOCiAsmy59FyrxV0pLg/NowBaPFlEy4Ah
mk+trsSXC7uB9C3gk15Vz8n9v8c9ciWHu27neojg0l657eZ2cyVqj5n7yAW4065u
9YwUGHzdk09q/Dar+1Vi2yqwBF+ozApClsH6AB4M6+NGn3d5md8/lJDbhwIvvnmx
sWh4TZP8K52pW8jn+urlmaIyB1Nna+oXILF92+vDZPfb
-----END CERTIFICATE-----