Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/TERNYPeRZxuJ6NCrmwP9jvXvdl4.roa
File:                     TERNYPeRZxuJ6NCrmwP9jvXvdl4.roa (raw, json)
Hash identifier:          ezcjhFsSIFuUl+K0MedDme7brzKUDk5NDojpmlSW4ZI=
Subject key identifier:   4C:44:4D:60:F7:91:67:1B:89:E8:D0:AB:9B:03:FD:8E:F5:EF:76:5E
Certificate issuer:       /CN=2046367390224a07684d7977f9165a0950f03d54
Certificate serial:       019B78A3163A8BEA6A5000A42EE7B651C434
Authority key identifier: 20:46:36:73:90:22:4A:07:68:4D:79:77:F9:16:5A:09:50:F0:3D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/TERNYPeRZxuJ6NCrmwP9jvXvdl4.roa
Signing time:             Thu 01 Jan 2026 08:18:32 +0000
ROA not before:           Thu 01 Jan 2026 08:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48342
IP address blocks:        91.209.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:16:3a:8b:ea:6a:50:00:a4:2e:e7:b6:51:c4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2046367390224a07684d7977f9165a0950f03d54
        Validity
            Not Before: Jan  1 08:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c444d60f791671b89e8d0ab9b03fd8ef5ef765e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:33:a5:3d:f1:2d:5f:6c:2d:af:88:0f:d5:10:
                    27:2f:f2:05:84:52:14:e4:7c:99:1f:e4:11:d1:37:
                    8d:de:93:fd:08:6a:11:e3:c7:a5:76:eb:68:a5:44:
                    00:f4:9f:ff:61:80:c5:77:ea:9c:3f:2e:19:b0:86:
                    ae:9a:88:c3:c4:f4:58:0d:06:6b:cc:e0:cd:49:1d:
                    9d:30:3f:24:c3:c5:d9:86:f8:6f:bd:c4:d2:5d:c5:
                    81:b2:18:32:e3:a1:e0:64:11:03:84:30:40:ed:30:
                    73:23:a5:f6:bf:2c:17:1e:8a:d6:16:9a:fb:6c:de:
                    d1:f1:10:36:e6:d3:24:0f:80:2f:74:ba:bb:f8:7d:
                    83:3b:63:77:29:ba:88:e1:67:3a:05:6a:9b:10:71:
                    bd:7b:ea:3b:15:e2:27:ce:e8:57:e5:b5:c3:3f:b4:
                    a3:79:a8:f6:22:bd:eb:ef:30:3d:72:43:ad:39:88:
                    b2:23:de:c8:2b:aa:49:d5:66:16:12:2e:d0:3f:45:
                    98:f2:d4:11:52:de:a8:88:1c:3b:d6:d6:3d:68:9a:
                    4e:17:1c:1c:fa:60:3e:b0:c7:69:4a:e1:00:89:34:
                    cf:57:86:bd:7a:70:22:b4:2b:b5:a0:9b:58:77:17:
                    c9:d6:6e:c5:be:d5:3f:78:75:ca:23:e1:1c:9e:35:
                    d5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:44:4D:60:F7:91:67:1B:89:E8:D0:AB:9B:03:FD:8E:F5:EF:76:5E
            X509v3 Authority Key Identifier:
                keyid:20:46:36:73:90:22:4A:07:68:4D:79:77:F9:16:5A:09:50:F0:3D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/TERNYPeRZxuJ6NCrmwP9jvXvdl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:2d:b5:54:23:7b:62:76:29:ca:8a:e1:22:82:a4:71:66:c4:
         49:b4:84:46:a2:a9:7a:ef:46:63:4e:ed:41:82:73:73:a0:83:
         94:1d:bf:9f:b2:bc:ad:b1:b7:a0:24:63:81:cd:b4:8d:87:b6:
         f0:4d:5e:93:27:9f:0a:15:3d:3d:1a:a9:a4:52:d1:c0:5a:11:
         09:3d:ee:cf:1c:63:76:8a:8d:f0:cb:df:0f:b7:b4:2c:37:8c:
         3c:cf:c6:a7:fe:ad:54:2b:ce:5b:a2:68:ad:08:f3:fd:53:bb:
         58:0b:9d:41:16:08:3a:94:de:e6:1a:97:f5:28:34:86:6d:07:
         89:61:03:68:45:f3:66:d1:4d:86:03:71:a4:01:0e:86:9c:44:
         b8:0b:e8:36:ae:37:40:ea:be:13:4c:db:50:ac:60:35:fe:a1:
         28:95:35:6c:4a:e5:d3:9e:14:4f:c4:c8:6e:a3:78:00:67:15:
         1c:95:4a:8d:a9:78:21:e8:bc:10:6b:cf:88:e4:6d:3d:81:ff:
         30:22:6a:22:c1:27:60:27:60:73:06:4b:fa:93:2d:5c:8f:ca:
         bb:a3:99:95:71:3c:ea:33:c2:54:b4:a9:0b:7f:ed:69:c3:21:
         32:c7:83:ee:fc:6d:cf:6a:03:d1:af:3a:3b:16:36:98:87:02:
         f5:0a:27:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxY6i+pqUACkLue2UcQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNDYzNjczOTAyMjRhMDc2ODRkNzk3N2Y5MTY1YTA5NTBm
MDNkNTQwHhcNMjYwMTAxMDgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzQ0NGQ2MGY3OTE2NzFiODllOGQwYWI5YjAzZmQ4ZWY1ZWY3NjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jOlPfEtX2wtr4gP1RAnL/IFhFIU
5HyZH+QR0TeN3pP9CGoR48eldutopUQA9J//YYDFd+qcPy4ZsIaumojDxPRYDQZr
zODNSR2dMD8kw8XZhvhvvcTSXcWBshgy46HgZBEDhDBA7TBzI6X2vywXHorWFpr7
bN7R8RA25tMkD4AvdLq7+H2DO2N3KbqI4Wc6BWqbEHG9e+o7FeInzuhX5bXDP7Sj
eaj2Ir3r7zA9ckOtOYiyI97IK6pJ1WYWEi7QP0WY8tQRUt6oiBw71tY9aJpOFxwc
+mA+sMdpSuEAiTTPV4a9enAitCu1oJtYdxfJ1m7FvtU/eHXKI+EcnjXV5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExETWD3kWcbiejQq5sD/Y7173ZeMB8GA1UdIwQY
MBaAFCBGNnOQIkoHaE15d/kWWglQ8D1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUVZMmM1QWlTZ2RvVFhsMy1SWmFDVkR3UFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9mODYwMTMtZmUxZC00MWJlLWFmZTgt
YzhmYzYxNjM5NDJiLzEvVEVSTllQZVJaeHVKNk5Dcm13UDlqdlh2ZGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9mODYwMTMtZmUxZC00MWJlLWFmZTgtYzhmYzYxNjM5NDJi
LzEvSUVZMmM1QWlTZ2RvVFhsMy1SWmFDVkR3UFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FqMA0G
CSqGSIb3DQEBCwUAA4IBAQCHLbVUI3tidinKiuEigqRxZsRJtIRGoql670ZjTu1B
gnNzoIOUHb+fsrytsbegJGOBzbSNh7bwTV6TJ58KFT09GqmkUtHAWhEJPe7PHGN2
io3wy98Pt7QsN4w8z8an/q1UK85bomitCPP9U7tYC51BFgg6lN7mGpf1KDSGbQeJ
YQNoRfNm0U2GA3GkAQ6GnES4C+g2rjdA6r4TTNtQrGA1/qEolTVsSuXTnhRPxMhu
o3gAZxUclUqNqXgh6LwQa8+I5G09gf8wImoiwSdgJ2BzBkv6ky1cj8q7o5mVcTzq
M8JUtKkLf+1pwyEyx4Pu/G3PagPRrzo7FjaYhwL1Cicg
-----END CERTIFICATE-----