Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7cS1vrrip7RqAd0AkUrtYA7IeIw.roa
File:                     7cS1vrrip7RqAd0AkUrtYA7IeIw.roa (raw, json)
Hash identifier:          AORJ/CLjD8CBHWJjR9FUVymidmXn3dybOFBds+6vy3Y=
Subject key identifier:   ED:C4:B5:BE:BA:E2:A7:B4:6A:01:DD:00:91:4A:ED:60:0E:C8:78:8C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019C3C5F6E676B9669F8E7D7CB2515431659
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7cS1vrrip7RqAd0AkUrtYA7IeIw.roa
Signing time:             Sun 08 Feb 2026 08:30:13 +0000
ROA not before:           Sun 08 Feb 2026 08:30:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213644
IP address blocks:        178.239.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:3c:5f:6e:67:6b:96:69:f8:e7:d7:cb:25:15:43:16:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Feb  8 08:30:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edc4b5bebae2a7b46a01dd00914aed600ec8788c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ae:04:16:1b:cb:06:33:dd:1f:a2:c0:69:4b:
                    26:45:d9:e6:42:7b:9b:cf:ef:db:c2:d2:4d:a2:3a:
                    58:77:27:ed:a2:50:d3:5c:b7:61:42:90:6b:2c:85:
                    f2:6f:2a:cb:10:fc:40:2f:89:f9:00:93:dd:dd:f9:
                    be:54:5f:fe:16:8c:9e:a8:04:0b:aa:20:fc:7f:97:
                    51:44:0f:36:aa:cf:75:5d:15:11:f4:76:17:a4:b8:
                    a5:ac:a6:6b:39:24:92:76:f9:1c:38:22:fc:a4:de:
                    82:83:c2:ec:8c:92:75:52:87:a9:85:b2:8d:42:84:
                    94:b7:f9:dc:12:5c:02:fa:4d:3c:c8:29:34:d5:82:
                    ed:d8:dc:8b:65:39:79:4d:95:2c:0e:fc:51:31:e8:
                    47:e9:1a:d2:25:a6:32:dc:62:6f:bf:eb:b4:1a:9e:
                    3e:07:f4:2f:7f:58:d2:80:b8:ca:e1:b6:7e:d1:78:
                    a2:ba:6f:e7:bd:25:79:86:36:50:a8:13:5b:43:85:
                    56:60:7a:1e:ac:92:96:66:33:7a:67:39:bf:a8:41:
                    89:5b:63:85:b1:a0:ae:41:8d:45:2f:6f:bb:1d:cf:
                    8f:82:69:84:c2:86:69:1f:02:44:fe:da:e0:20:06:
                    92:b5:e7:fd:11:23:3b:3d:b5:4f:cc:06:2d:b8:e7:
                    c1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C4:B5:BE:BA:E2:A7:B4:6A:01:DD:00:91:4A:ED:60:0E:C8:78:8C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7cS1vrrip7RqAd0AkUrtYA7IeIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:e8:e7:ca:60:6b:49:00:53:b0:3d:df:4d:29:cb:75:10:16:
         b3:17:b6:d0:70:53:73:8a:92:f3:67:75:4a:e3:a0:b5:da:52:
         4e:56:b9:1e:c4:ff:15:04:6e:4b:0f:1d:d4:bb:c3:8f:15:9d:
         f0:cb:51:c7:60:d6:b1:52:c9:9a:6b:9f:fa:b1:20:da:f8:1d:
         94:18:eb:d8:ef:f9:8a:1a:f1:e3:9f:d7:c0:ce:72:a3:1d:71:
         3f:f4:46:1f:4c:80:b9:c1:32:7c:3e:aa:1c:6c:bf:a0:f4:a8:
         ac:0a:29:63:8c:f5:ff:d8:0f:9c:77:d7:1c:0a:8d:41:eb:8e:
         20:af:76:91:a0:61:75:8c:c4:89:c7:18:d9:82:e0:4c:91:d4:
         45:53:97:98:b6:d1:84:d8:76:1c:db:76:a7:b8:b3:55:f8:91:
         25:9c:fb:fd:32:93:67:18:88:70:8d:60:04:31:75:04:17:3e:
         03:ce:3e:6e:5d:ff:7b:6f:3e:93:84:6b:1b:c4:25:52:16:25:
         88:a4:1d:7d:e8:13:97:d4:ea:35:d8:e9:ea:76:2e:ae:ec:51:
         5f:9a:ae:23:8d:f3:3f:78:8e:ea:12:f0:52:de:f7:2a:d3:42:
         31:67:fa:97:e1:3b:c3:3f:a4:58:00:7c:32:02:95:57:d7:1e:
         62:9d:99:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZw8X25na5Zp+OfXyyUVQxZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMjA4MDgzMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM0YjViZWJhZTJhN2I0NmEwMWRkMDA5MTRhZWQ2MDBlYzg3ODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1K4EFhvLBjPdH6LAaUsmRdnmQnub
z+/bwtJNojpYdyftolDTXLdhQpBrLIXybyrLEPxAL4n5AJPd3fm+VF/+FoyeqAQL
qiD8f5dRRA82qs91XRUR9HYXpLilrKZrOSSSdvkcOCL8pN6Cg8LsjJJ1UoephbKN
QoSUt/ncElwC+k08yCk01YLt2NyLZTl5TZUsDvxRMehH6RrSJaYy3GJvv+u0Gp4+
B/Qvf1jSgLjK4bZ+0Xiium/nvSV5hjZQqBNbQ4VWYHoerJKWZjN6Zzm/qEGJW2OF
saCuQY1FL2+7Hc+PgmmEwoZpHwJE/trgIAaStef9ESM7PbVPzAYtuOfBnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3Etb664qe0agHdAJFK7WAOyHiMMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvN2NTMXZycmlwN1JxQWQwQWtVcnRZQTdJZUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+WMA0G
CSqGSIb3DQEBCwUAA4IBAQDG6OfKYGtJAFOwPd9NKct1EBazF7bQcFNzipLzZ3VK
46C12lJOVrkexP8VBG5LDx3Uu8OPFZ3wy1HHYNaxUsmaa5/6sSDa+B2UGOvY7/mK
GvHjn9fAznKjHXE/9EYfTIC5wTJ8PqocbL+g9KisCiljjPX/2A+cd9ccCo1B644g
r3aRoGF1jMSJxxjZguBMkdRFU5eYttGE2HYc23anuLNV+JElnPv9MpNnGIhwjWAE
MXUEFz4Dzj5uXf97bz6ThGsbxCVSFiWIpB196BOX1Oo12Onqdi6u7FFfmq4jjfM/
eI7qEvBS3vcq00IxZ/qX4TvDP6RYAHwyApVX1x5inZke
-----END CERTIFICATE-----