Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/S9Lhb0W6DQLznm2Ny0nTE0rtZA0.roa
File:                     S9Lhb0W6DQLznm2Ny0nTE0rtZA0.roa (raw, json)
Hash identifier:          09s9DPo4YDicwuBRma+J17GCgEogtmblge/75XK9+TI=
Subject key identifier:   4B:D2:E1:6F:45:BA:0D:02:F3:9E:6D:8D:CB:49:D3:13:4A:ED:64:0D
Certificate issuer:       /CN=729ca63e6d2b504449217dc0788c9d37489b4c45
Certificate serial:       019EB2FD172CFF53B253AE3384564BD81177
Authority key identifier: 72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/S9Lhb0W6DQLznm2Ny0nTE0rtZA0.roa
Signing time:             Wed 10 Jun 2026 19:23:11 +0000
ROA not before:           Wed 10 Jun 2026 19:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        212.108.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:fd:17:2c:ff:53:b2:53:ae:33:84:56:4b:d8:11:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729ca63e6d2b504449217dc0788c9d37489b4c45
        Validity
            Not Before: Jun 10 19:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bd2e16f45ba0d02f39e6d8dcb49d3134aed640d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d0:79:1b:5e:37:c2:b0:46:e0:8c:7b:1b:3b:
                    6f:b2:0b:d9:36:83:a9:5e:e3:ac:17:87:66:d8:d6:
                    7e:3b:b3:a8:b0:4f:4a:02:c8:84:31:8b:ab:cf:3c:
                    a8:65:40:b1:10:fa:e2:ff:93:6b:9c:0f:ab:9c:a4:
                    10:54:6f:64:01:ba:e0:d2:e5:96:e9:59:9f:93:dc:
                    6d:54:60:85:e2:69:ae:3d:87:bb:ac:08:4a:91:d9:
                    51:8b:54:34:fa:b5:4f:01:5d:98:b1:9f:b7:70:1d:
                    44:16:1a:55:52:73:bd:f2:95:72:ce:5b:d1:d6:01:
                    ae:44:1e:bc:8e:42:b6:30:8f:36:3c:1f:97:b6:2c:
                    22:d1:d5:ba:2f:da:98:ae:e4:7c:21:7b:58:18:e4:
                    89:44:d3:cb:30:e3:35:1e:09:69:25:87:eb:2d:9f:
                    55:39:00:9d:9c:97:71:39:af:95:e2:1a:15:83:fe:
                    92:1b:79:45:a3:39:e9:04:fb:de:55:03:f4:2c:2c:
                    51:bf:dd:b6:15:c6:16:ac:59:f0:2c:7d:48:bc:0f:
                    bb:e8:b0:d4:4c:63:08:a6:ed:8a:08:6d:ff:e8:72:
                    07:dc:a4:14:98:60:47:71:96:7b:8a:28:10:df:40:
                    f2:e3:bd:dc:b5:3f:38:5e:eb:d8:ca:fe:3a:d1:63:
                    17:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D2:E1:6F:45:BA:0D:02:F3:9E:6D:8D:CB:49:D3:13:4A:ED:64:0D
            X509v3 Authority Key Identifier:
                keyid:72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/S9Lhb0W6DQLznm2Ny0nTE0rtZA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ab:31:1d:8b:fb:40:4d:8e:c7:4a:e3:d4:96:a2:2c:d6:d7:
         87:f5:3c:7c:6c:ec:dd:d1:25:55:c3:a8:b6:83:21:23:85:11:
         37:98:e4:98:ac:11:d9:6a:8d:b2:b1:9b:10:1a:90:72:25:77:
         ec:cf:79:f9:05:f9:a5:45:83:d3:71:79:c0:55:a1:ef:ec:eb:
         39:02:0d:4e:6e:4d:1e:b8:61:c0:66:57:9e:f5:1c:78:70:11:
         76:d4:67:5f:6d:b6:1c:e4:0e:89:8f:08:27:30:0e:4b:35:ac:
         e3:a5:93:86:e3:07:35:a6:6f:67:f0:37:67:57:3f:68:d6:a9:
         f9:9b:b1:d7:ef:70:f9:e0:e5:2f:f3:8b:1c:63:50:58:e9:54:
         1a:7a:98:c4:f5:e6:70:0d:2f:cf:60:5d:69:9e:15:f1:84:00:
         ec:2d:47:1b:2a:e4:ed:95:9f:44:d0:1f:f9:ea:8f:85:fa:6d:
         8c:53:66:06:16:e2:94:9b:b6:0c:9c:7f:10:e0:9f:89:cb:fe:
         9e:f5:71:a1:3a:39:ee:1f:06:4f:d8:ad:1f:17:de:df:cd:c4:
         45:a9:e7:ef:32:63:b9:6d:31:5c:1f:98:5e:8f:d7:e3:e9:5a:
         17:1b:86:59:0f:26:ae:49:92:1a:da:ca:cd:e6:b6:30:d4:aa:
         38:23:40:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6y/Rcs/1OyU64zhFZL2BF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWNhNjNlNmQyYjUwNDQ0OTIxN2RjMDc4OGM5ZDM3NDg5
YjRjNDUwHhcNMjYwNjEwMTkyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQyZTE2ZjQ1YmEwZDAyZjM5ZTZkOGRjYjQ5ZDMxMzRhZWQ2NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNB5G143wrBG4Ix7GztvsgvZNoOp
XuOsF4dm2NZ+O7OosE9KAsiEMYurzzyoZUCxEPri/5NrnA+rnKQQVG9kAbrg0uWW
6Vmfk9xtVGCF4mmuPYe7rAhKkdlRi1Q0+rVPAV2YsZ+3cB1EFhpVUnO98pVyzlvR
1gGuRB68jkK2MI82PB+Xtiwi0dW6L9qYruR8IXtYGOSJRNPLMOM1HglpJYfrLZ9V
OQCdnJdxOa+V4hoVg/6SG3lFoznpBPveVQP0LCxRv922FcYWrFnwLH1IvA+76LDU
TGMIpu2KCG3/6HIH3KQUmGBHcZZ7iigQ30Dy473ctT84XuvYyv460WMXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvS4W9Fug0C855tjctJ0xNK7WQNMB8GA1UdIwQY
MBaAFHKcpj5tK1BESSF9wHiMnTdIm0xFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2Ut
NTU5ZTNkNzZjNWI2LzEvUzlMaGIwVzZEUUx6bm0yTnkwblRFMHJ0WkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2UtNTU5ZTNkNzZjNWI2
LzEvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxiMA0G
CSqGSIb3DQEBCwUAA4IBAQBmqzEdi/tATY7HSuPUlqIs1teH9Tx8bOzd0SVVw6i2
gyEjhRE3mOSYrBHZao2ysZsQGpByJXfsz3n5BfmlRYPTcXnAVaHv7Os5Ag1Obk0e
uGHAZlee9Rx4cBF21GdfbbYc5A6JjwgnMA5LNazjpZOG4wc1pm9n8DdnVz9o1qn5
m7HX73D54OUv84scY1BY6VQaepjE9eZwDS/PYF1pnhXxhADsLUcbKuTtlZ9E0B/5
6o+F+m2MU2YGFuKUm7YMnH8Q4J+Jy/6e9XGhOjnuHwZP2K0fF97fzcRFqefvMmO5
bTFcH5hej9fj6VoXG4ZZDyauSZIa2srN5rYw1Ko4I0B1
-----END CERTIFICATE-----