Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/rVOox5dPkR2CoxnWpLrFqt5-ty4.roa
File:                     rVOox5dPkR2CoxnWpLrFqt5-ty4.roa (raw, json)
Hash identifier:          rByt/VY+jKmLbOAYRP4mcgPGysuMY2q4MeT7LbpcziI=
Subject key identifier:   AD:53:A8:C7:97:4F:91:1D:82:A3:19:D6:A4:BA:C5:AA:DE:7E:B7:2E
Certificate issuer:       /CN=6f108bd5addfabf151d9079e3d3d341269666fa7
Certificate serial:       019B7EA576A9E92B0107C0AB6CD9A45346BD
Authority key identifier: 6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/rVOox5dPkR2CoxnWpLrFqt5-ty4.roa
Signing time:             Fri 02 Jan 2026 12:18:51 +0000
ROA not before:           Fri 02 Jan 2026 12:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215217
IP address blocks:        89.34.124.0/23 maxlen: 24
                          89.150.55.0/24 maxlen: 24
                          2a0f:ac80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:76:a9:e9:2b:01:07:c0:ab:6c:d9:a4:53:46:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f108bd5addfabf151d9079e3d3d341269666fa7
        Validity
            Not Before: Jan  2 12:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad53a8c7974f911d82a319d6a4bac5aade7eb72e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d6:eb:6d:0c:6e:fe:00:51:30:f7:2c:8f:79:
                    a4:6e:3e:b8:65:83:46:9c:5b:f9:ee:ce:50:b5:a8:
                    14:f3:1b:06:66:65:13:63:67:e9:17:a5:c0:44:58:
                    2c:16:aa:d0:62:67:d3:67:b4:52:44:6c:51:f5:c1:
                    33:d0:63:f0:35:32:fe:60:be:c8:ab:45:26:62:17:
                    ee:a2:ea:16:a6:a6:eb:33:89:fe:c4:c4:6c:5c:f4:
                    c1:d0:25:dc:26:43:05:e6:ca:c6:ce:a4:e6:40:12:
                    21:55:c9:5e:ed:9f:80:e7:09:6e:3f:fd:73:e4:d1:
                    ff:25:74:c1:90:20:e8:51:5e:5c:61:07:b4:2e:c7:
                    3d:bd:2e:db:24:41:35:e4:7f:6b:35:70:55:64:81:
                    dc:32:e5:e5:d6:c6:bc:a3:69:4d:7b:9d:25:05:95:
                    49:4b:ca:92:f2:e3:52:75:fd:f8:9e:11:4c:12:e8:
                    e9:75:3b:54:ed:ba:4f:b8:83:70:57:b2:1d:3c:7e:
                    fd:e3:a2:2a:ff:d1:66:fb:be:2c:87:98:16:e3:02:
                    99:8c:3d:c6:81:62:20:2c:ea:1a:54:39:bd:54:00:
                    94:5b:a5:a7:eb:62:0f:d9:e4:37:9b:d7:89:f1:a5:
                    35:45:1c:3b:ec:77:ba:4a:46:64:2c:14:8e:aa:b6:
                    dc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:53:A8:C7:97:4F:91:1D:82:A3:19:D6:A4:BA:C5:AA:DE:7E:B7:2E
            X509v3 Authority Key Identifier:
                keyid:6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/rVOox5dPkR2CoxnWpLrFqt5-ty4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.124.0/23
                  89.150.55.0/24
                IPv6:
                  2a0f:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:5e:cf:a7:66:1e:10:79:82:d1:81:75:fc:6a:e8:ed:6f:76:
         76:ae:a7:75:c3:e6:16:a3:25:bc:e4:0f:0b:9b:a4:dc:f2:0f:
         eb:42:bf:be:34:07:6d:d1:85:c4:1c:4a:53:74:34:49:0c:5c:
         0c:9d:80:3b:4f:91:47:32:e8:cf:40:64:83:49:9a:ce:8c:c6:
         60:fe:bc:43:e8:e2:6b:84:13:bf:5c:a8:52:49:4a:d1:f7:cb:
         48:d5:07:13:91:5d:c2:ea:b5:87:38:01:c0:5b:85:45:7d:45:
         2e:f0:a8:da:84:af:a8:f6:58:8d:df:c8:8b:bd:fd:cb:99:5b:
         e7:63:ef:95:a3:c9:f0:b2:d0:04:90:1a:c5:24:76:68:ed:02:
         97:74:69:7d:2f:3f:8c:c3:e9:f2:0a:af:50:12:72:39:41:ec:
         3e:ab:b5:e1:af:65:99:1a:f4:97:d5:a5:d0:0a:20:2a:5c:e6:
         fa:05:29:d1:7c:be:01:b0:fb:1b:3a:78:06:24:70:ac:ec:f7:
         44:56:09:e3:80:95:7c:37:a0:3e:0d:fb:71:2b:4e:49:f0:c8:
         c8:43:90:26:fd:b0:10:a3:b0:c3:7d:dd:87:18:de:01:68:40:
         6b:fc:b6:37:50:0c:86:c0:02:c0:8a:34:30:23:c8:67:60:d3:
         07:66:96:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+pXap6SsBB8CrbNmkU0a9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMTA4YmQ1YWRkZmFiZjE1MWQ5MDc5ZTNkM2QzNDEyNjk2
NjZmYTcwHhcNMjYwMTAyMTIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDUzYThjNzk3NGY5MTFkODJhMzE5ZDZhNGJhYzVhYWRlN2ViNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9brbQxu/gBRMPcsj3mkbj64ZYNG
nFv57s5QtagU8xsGZmUTY2fpF6XARFgsFqrQYmfTZ7RSRGxR9cEz0GPwNTL+YL7I
q0UmYhfuouoWpqbrM4n+xMRsXPTB0CXcJkMF5srGzqTmQBIhVcle7Z+A5wluP/1z
5NH/JXTBkCDoUV5cYQe0Lsc9vS7bJEE15H9rNXBVZIHcMuXl1sa8o2lNe50lBZVJ
S8qS8uNSdf34nhFMEujpdTtU7bpPuINwV7IdPH7946Iq/9Fm+74sh5gW4wKZjD3G
gWIgLOoaVDm9VACUW6Wn62IP2eQ3m9eJ8aU1RRw77He6SkZkLBSOqrbc5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK1TqMeXT5EdgqMZ1qS6xarefrcuMB8GA1UdIwQY
MBaAFG8Qi9Wt36vxUdkHnj09NBJpZm+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4Nzgt
MDk3YjRkNmQ4MWU0LzEvclZPb3g1ZFBrUjJDb3huV3BMckZxdDUtdHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4NzgtMDk3YjRkNmQ4MWU0
LzEvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBWSJ8AwQA
WZY3MA0EAgACMAcDBQMqD6yAMA0GCSqGSIb3DQEBCwUAA4IBAQB+Xs+nZh4QeYLR
gXX8aujtb3Z2rqd1w+YWoyW85A8Lm6Tc8g/rQr++NAdt0YXEHEpTdDRJDFwMnYA7
T5FHMujPQGSDSZrOjMZg/rxD6OJrhBO/XKhSSUrR98tI1QcTkV3C6rWHOAHAW4VF
fUUu8KjahK+o9liN38iLvf3LmVvnY++Vo8nwstAEkBrFJHZo7QKXdGl9Lz+Mw+ny
Cq9QEnI5Qew+q7Xhr2WZGvSX1aXQCiAqXOb6BSnRfL4BsPsbOngGJHCs7PdEVgnj
gJV8N6A+DftxK05J8MjIQ5Am/bAQo7DDfd2HGN4BaEBr/LY3UAyGwALAijQwI8hn
YNMHZpYP
-----END CERTIFICATE-----