Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/lWnR0ekIz7F2D525B-XOkrpQ0YQ.roa
File:                     lWnR0ekIz7F2D525B-XOkrpQ0YQ.roa (raw, json)
Hash identifier:          TEzMU5Zsy6F06BlZcKBW0crSHPdy9jGsr3EscjQ6Tys=
Subject key identifier:   95:69:D1:D1:E9:08:CF:B1:76:0F:9D:B9:07:E5:CE:92:BA:50:D1:84
Certificate issuer:       /CN=73f2599d95ec919327ff68742d6c49c2a6a54888
Certificate serial:       019B7E3904EC0AA1AF9E9FB7DC8BDDB6C118
Authority key identifier: 73:F2:59:9D:95:EC:91:93:27:FF:68:74:2D:6C:49:C2:A6:A5:48:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_JZnZXskZMn_2h0LWxJwqalSIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/lWnR0ekIz7F2D525B-XOkrpQ0YQ.roa
Signing time:             Fri 02 Jan 2026 10:20:24 +0000
ROA not before:           Fri 02 Jan 2026 10:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25433
IP address blocks:        94.232.160.0/21 maxlen: 21
                          185.197.80.0/22 maxlen: 22
                          2a0a:7840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/c_JZnZXskZMn_2h0LWxJwqalSIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/c_JZnZXskZMn_2h0LWxJwqalSIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_JZnZXskZMn_2h0LWxJwqalSIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:04:ec:0a:a1:af:9e:9f:b7:dc:8b:dd:b6:c1:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f2599d95ec919327ff68742d6c49c2a6a54888
        Validity
            Not Before: Jan  2 10:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9569d1d1e908cfb1760f9db907e5ce92ba50d184
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b0:ef:60:ed:f2:f2:c3:fd:9a:ad:d5:e4:dd:
                    4a:db:8f:8d:8c:0b:82:9d:47:f2:97:a1:c4:07:7e:
                    b1:6b:53:c5:28:ce:f0:43:c5:c6:6f:85:f2:dd:8c:
                    bb:6a:8a:67:cd:cf:55:f4:af:be:d3:9a:1b:42:75:
                    0c:e5:1e:64:55:7c:bd:98:9c:f5:11:26:c6:0c:34:
                    73:73:25:1c:ce:52:4b:ec:aa:fb:28:ad:35:22:e0:
                    d0:92:8f:9f:b9:d6:37:72:8e:0f:92:58:9c:20:14:
                    95:42:74:2e:ec:c8:27:5f:83:f8:df:3b:7e:88:92:
                    9e:a1:54:35:6c:46:cd:b8:54:fe:2d:05:1b:28:00:
                    5f:71:ee:49:cc:16:7b:75:16:0d:08:44:1a:b3:03:
                    92:83:eb:72:34:11:a7:a6:be:8e:be:32:fd:ef:b4:
                    35:0c:bd:b2:7b:a0:92:7f:ce:72:25:67:07:1c:ba:
                    c6:3e:68:7d:48:bc:5a:38:fd:7d:06:cb:fe:c5:62:
                    aa:3b:82:81:fc:b9:9b:c7:cc:f8:dc:85:b6:36:e3:
                    6d:2e:66:c7:27:20:05:86:e6:96:0f:05:0f:28:9c:
                    ea:75:de:03:20:54:cc:ca:3b:63:46:27:66:a0:0d:
                    de:ab:45:58:af:ea:27:85:ad:d9:0a:0a:0c:f4:79:
                    ef:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:69:D1:D1:E9:08:CF:B1:76:0F:9D:B9:07:E5:CE:92:BA:50:D1:84
            X509v3 Authority Key Identifier:
                keyid:73:F2:59:9D:95:EC:91:93:27:FF:68:74:2D:6C:49:C2:A6:A5:48:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_JZnZXskZMn_2h0LWxJwqalSIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/lWnR0ekIz7F2D525B-XOkrpQ0YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/510765-e22a-4a5c-be17-18309d8a4c63/1/c_JZnZXskZMn_2h0LWxJwqalSIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.160.0/21
                  185.197.80.0/22
                IPv6:
                  2a0a:7840::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:f6:52:2b:63:28:34:12:4c:9e:6e:76:a6:45:d0:f9:09:6a:
         31:13:49:e7:ec:e2:90:e0:4e:94:cb:75:c2:ea:6c:24:17:62:
         9c:d9:40:03:02:ac:c5:99:04:2b:fe:92:1f:13:26:2c:49:03:
         10:97:24:07:a9:fe:16:a9:17:7d:33:96:03:bd:a2:78:2a:88:
         dd:61:60:c8:b9:64:7e:fc:74:1b:57:5a:11:6f:6a:26:3c:70:
         e4:39:bb:a6:70:8b:5f:69:cf:b3:cb:da:cd:67:cc:c5:b3:8a:
         bd:9a:b3:01:49:06:6b:9b:b6:d1:59:48:57:37:d4:f9:b9:e2:
         52:2b:e3:f8:ec:b7:f1:44:98:36:a5:f5:6e:32:b0:3d:df:00:
         07:61:f1:3d:99:3e:41:a0:f6:07:63:e2:21:08:24:60:95:b0:
         51:91:d6:dc:f9:22:ec:96:db:b9:9c:d3:3c:4d:a2:05:93:3a:
         6d:06:28:7b:74:a6:0e:67:11:80:0e:0d:97:56:43:ec:88:9b:
         fc:ac:e6:f4:fd:f0:df:58:9c:cd:17:22:8f:81:44:e1:69:a7:
         bd:27:2d:d8:5e:7f:b1:a4:a5:e5:24:1d:b6:77:94:9b:73:70:
         74:58:dd:77:6b:bc:80:e6:61:de:d0:3e:67:53:14:b8:dc:63:
         8c:64:f5:80
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+OQTsCqGvnp+33IvdtsEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjI1OTlkOTVlYzkxOTMyN2ZmNjg3NDJkNmM0OWMyYTZh
NTQ4ODgwHhcNMjYwMTAyMTAyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTY5ZDFkMWU5MDhjZmIxNzYwZjlkYjkwN2U1Y2U5MmJhNTBkMTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbDvYO3y8sP9mq3V5N1K24+NjAuC
nUfyl6HEB36xa1PFKM7wQ8XGb4Xy3Yy7aopnzc9V9K++05obQnUM5R5kVXy9mJz1
ESbGDDRzcyUczlJL7Kr7KK01IuDQko+fudY3co4PklicIBSVQnQu7MgnX4P43zt+
iJKeoVQ1bEbNuFT+LQUbKABfce5JzBZ7dRYNCEQaswOSg+tyNBGnpr6OvjL977Q1
DL2ye6CSf85yJWcHHLrGPmh9SLxaOP19Bsv+xWKqO4KB/Lmbx8z43IW2NuNtLmbH
JyAFhuaWDwUPKJzqdd4DIFTMyjtjRidmoA3eq0VYr+onha3ZCgoM9HnvywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJVp0dHpCM+xdg+duQflzpK6UNGEMB8GA1UdIwQY
MBaAFHPyWZ2V7JGTJ/9odC1sScKmpUiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19KWm5aWHNrWk1uXzJoMExXeEp3cWFsU0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy81MTA3NjUtZTIyYS00YTVjLWJlMTct
MTgzMDlkOGE0YzYzLzEvbFduUjBla0l6N0YyRDUyNUItWE9rcnBRMFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy81MTA3NjUtZTIyYS00YTVjLWJlMTctMTgzMDlkOGE0YzYz
LzEvY19KWm5aWHNrWk1uXzJoMExXeEp3cWFsU0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXuigAwQC
ucVQMA0EAgACMAcDBQMqCnhAMA0GCSqGSIb3DQEBCwUAA4IBAQBL9lIrYyg0Ekye
bnamRdD5CWoxE0nn7OKQ4E6Uy3XC6mwkF2Kc2UADAqzFmQQr/pIfEyYsSQMQlyQH
qf4WqRd9M5YDvaJ4KojdYWDIuWR+/HQbV1oRb2omPHDkObumcItfac+zy9rNZ8zF
s4q9mrMBSQZrm7bRWUhXN9T5ueJSK+P47LfxRJg2pfVuMrA93wAHYfE9mT5BoPYH
Y+IhCCRglbBRkdbc+SLsltu5nNM8TaIFkzptBih7dKYOZxGADg2XVkPsiJv8rOb0
/fDfWJzNFyKPgUThaae9Jy3YXn+xpKXlJB22d5Sbc3B0WN13a7yA5mHe0D5nUxS4
3GOMZPWA
-----END CERTIFICATE-----