Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/vJI0zjSupe8L2btdgObTHN_0uMI.roa
File:                     vJI0zjSupe8L2btdgObTHN_0uMI.roa (raw, json)
Hash identifier:          t1tDTpvOlNLAVNfscJvGfDoocyToS/t9xpe8zMWNV3c=
Subject key identifier:   BC:92:34:CE:34:AE:A5:EF:0B:D9:BB:5D:80:E6:D3:1C:DF:F4:B8:C2
Certificate issuer:       /CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
Certificate serial:       019D6764B36EF26F16159CB6DD3336DE97BC
Authority key identifier: 9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/vJI0zjSupe8L2btdgObTHN_0uMI.roa
Signing time:             Tue 07 Apr 2026 10:02:25 +0000
ROA not before:           Tue 07 Apr 2026 10:02:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25577
IP address blocks:        185.229.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:64:b3:6e:f2:6f:16:15:9c:b6:dd:33:36:de:97:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
        Validity
            Not Before: Apr  7 10:02:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc9234ce34aea5ef0bd9bb5d80e6d31cdff4b8c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2a:65:f5:c7:33:b9:b8:b3:d4:53:98:b5:83:
                    a7:89:a1:13:58:53:fa:7d:29:1f:d3:77:0e:39:d7:
                    c4:dd:9d:d4:84:cc:03:ab:57:e4:7a:76:3a:68:33:
                    14:ad:99:51:73:d2:6d:81:1a:71:d4:ce:10:c9:44:
                    3f:8b:d1:32:38:5c:10:48:a0:f6:22:78:c7:2a:7f:
                    87:1f:52:61:44:3e:2c:27:1f:9b:61:98:e8:53:77:
                    de:df:e3:e5:b7:c5:98:55:f7:7d:9f:da:25:c4:e4:
                    62:19:04:f6:e5:c8:d0:a4:33:4c:2a:7b:20:26:41:
                    47:48:9c:dd:ee:82:af:2c:4e:1f:8b:59:8c:b8:7a:
                    44:65:ac:04:fc:e3:97:f1:c6:bb:40:55:dc:cc:67:
                    7e:f4:09:53:8f:f6:46:fd:04:b4:5d:db:6f:17:f9:
                    5c:2c:b4:28:73:90:87:9a:76:d7:d9:89:0a:87:9b:
                    70:a7:fe:e0:da:98:86:7e:f2:34:87:38:91:66:15:
                    52:9e:a4:b0:fe:dc:69:68:f3:e6:df:85:13:a2:ea:
                    da:b0:2a:30:04:89:bd:f2:65:5e:be:39:97:20:d3:
                    bd:0f:02:87:56:25:51:a1:1f:92:6f:82:1b:ef:88:
                    e8:62:66:af:a7:dc:70:70:21:00:c8:4c:09:29:6e:
                    3d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:92:34:CE:34:AE:A5:EF:0B:D9:BB:5D:80:E6:D3:1C:DF:F4:B8:C2
            X509v3 Authority Key Identifier:
                keyid:9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/vJI0zjSupe8L2btdgObTHN_0uMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:b6:75:fc:89:21:77:bb:52:91:2d:26:d1:d3:b6:37:ad:63:
         76:4a:d0:1a:d4:26:af:2a:13:6c:d7:76:9e:5c:1c:dc:0d:54:
         5d:c1:e1:18:ba:9b:c4:bd:f9:fb:09:1c:c0:08:91:4a:61:e8:
         e7:53:a1:02:31:5e:35:fc:e2:1b:9b:d9:9d:6d:1a:15:ca:96:
         e6:c8:dc:82:34:a3:a0:fc:ab:2c:de:d6:f1:74:25:93:5e:06:
         4d:62:0f:b3:7d:11:6f:fa:85:9d:11:37:93:74:6c:1f:a7:49:
         12:cf:d0:77:6a:de:15:a0:db:5b:b9:43:47:49:8c:ef:f1:a9:
         fe:a7:4e:66:c2:6d:66:d6:a8:fe:1d:c7:42:ca:a7:12:37:05:
         b9:df:a9:ac:5e:69:92:bd:25:50:b7:4c:e7:11:e3:eb:a7:07:
         3f:54:a5:ae:a7:22:b8:8a:e1:03:8a:53:d9:26:4b:a9:ef:dc:
         cc:5d:e6:3a:4e:ec:1f:f1:7a:ae:b9:ef:03:62:3d:46:c5:99:
         b4:78:27:1f:39:c9:78:bc:6d:c9:f6:7a:c0:54:89:90:27:7a:
         36:72:55:ff:8c:2b:13:6e:36:ee:c6:da:90:f7:96:dc:eb:75:
         8a:0d:af:66:d8:30:f5:a5:b4:8c:38:4a:48:a4:d3:1d:f7:64:
         d4:48:22:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nZLNu8m8WFZy23TM23pe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjMxNDNhMmU3M2YyMDllNjlkOTdjNGI4Zjc4Y2RhNWY0
MzcwMDUwHhcNMjYwNDA3MTAwMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzkyMzRjZTM0YWVhNWVmMGJkOWJiNWQ4MGU2ZDMxY2RmZjRiOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCpl9cczubiz1FOYtYOniaETWFP6
fSkf03cOOdfE3Z3UhMwDq1fkenY6aDMUrZlRc9JtgRpx1M4QyUQ/i9EyOFwQSKD2
InjHKn+HH1JhRD4sJx+bYZjoU3fe3+Plt8WYVfd9n9olxORiGQT25cjQpDNMKnsg
JkFHSJzd7oKvLE4fi1mMuHpEZawE/OOX8ca7QFXczGd+9AlTj/ZG/QS0XdtvF/lc
LLQoc5CHmnbX2YkKh5twp/7g2piGfvI0hziRZhVSnqSw/txpaPPm34UTourasCow
BIm98mVevjmXINO9DwKHViVRoR+Sb4Ib74joYmavp9xwcCEAyEwJKW49fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLySNM40rqXvC9m7XYDm0xzf9LjCMB8GA1UdIwQY
MBaAFJ6zFDouc/IJ5p2XxLj3jNpfQ3AFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYt
NTAxNjE4NDExYzc2LzEvdkpJMHpqU3VwZThMMmJ0ZGdPYlRITl8wdU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYtNTAxNjE4NDExYzc2
LzEvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueUUMA0G
CSqGSIb3DQEBCwUAA4IBAQCGtnX8iSF3u1KRLSbR07Y3rWN2StAa1CavKhNs13ae
XBzcDVRdweEYupvEvfn7CRzACJFKYejnU6ECMV41/OIbm9mdbRoVypbmyNyCNKOg
/Kss3tbxdCWTXgZNYg+zfRFv+oWdETeTdGwfp0kSz9B3at4VoNtbuUNHSYzv8an+
p05mwm1m1qj+HcdCyqcSNwW536msXmmSvSVQt0znEePrpwc/VKWupyK4iuEDilPZ
Jkup79zMXeY6Tuwf8Xquue8DYj1GxZm0eCcfOcl4vG3J9nrAVImQJ3o2clX/jCsT
bjbuxtqQ95bc63WKDa9m2DD1pbSMOEpIpNMd92TUSCL+
-----END CERTIFICATE-----