Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/uW3Eqs7Ri1lpnJVP-zAoNcXwTHM.roa
File:                     uW3Eqs7Ri1lpnJVP-zAoNcXwTHM.roa (raw, json)
Hash identifier:          /f9zR5HqJoOd5VfNKyewt9lLgfvwRHYV5D7mc7m8SfE=
Subject key identifier:   B9:6D:C4:AA:CE:D1:8B:59:69:9C:95:4F:FB:30:28:35:C5:F0:4C:73
Certificate issuer:       /CN=96ff45e6de48bfc0397dacad83a84831db7952d1
Certificate serial:       019B79ECB6C89444E2AD2BAF216163A9D4D2
Authority key identifier: 96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/uW3Eqs7Ri1lpnJVP-zAoNcXwTHM.roa
Signing time:             Thu 01 Jan 2026 14:18:35 +0000
ROA not before:           Thu 01 Jan 2026 14:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43399
IP address blocks:        109.172.74.0/24 maxlen: 24
                          178.130.128.0/23 maxlen: 23
                          178.130.128.0/24 maxlen: 24
                          178.130.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:b6:c8:94:44:e2:ad:2b:af:21:61:63:a9:d4:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96ff45e6de48bfc0397dacad83a84831db7952d1
        Validity
            Not Before: Jan  1 14:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b96dc4aaced18b59699c954ffb302835c5f04c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:61:ab:21:0f:1a:8d:33:12:a1:b4:d3:7b:4b:
                    da:4f:db:48:b4:43:2b:a0:94:f4:c1:3b:48:45:f6:
                    fd:62:f2:81:ad:34:4a:55:37:f6:44:db:87:c2:ae:
                    be:21:ff:df:a3:59:d4:64:c3:2d:13:0b:72:55:7a:
                    9e:be:fb:ec:8f:2c:a3:3f:31:f7:2a:37:0e:dd:36:
                    5c:79:bb:2b:03:03:6f:be:2f:a7:6a:13:c7:1f:c2:
                    5e:6f:4b:d1:f8:72:62:8c:83:a6:34:85:0a:16:b1:
                    98:0c:76:a4:62:57:74:8c:ed:43:d5:4d:9c:ff:b8:
                    f0:1e:ac:0b:76:da:11:74:f3:90:01:b2:4a:df:ad:
                    be:1a:22:84:73:14:82:ef:e4:6e:05:ed:6e:04:c4:
                    4a:24:95:c8:51:ff:a2:4c:2a:66:bd:9d:97:e3:af:
                    e7:10:a6:e4:09:fe:fe:6a:91:9b:12:02:90:32:c6:
                    47:14:5e:0c:d3:18:89:02:83:ee:d7:a8:d0:b2:96:
                    91:57:85:82:5f:b3:e1:2d:dd:5c:89:a1:e7:1c:3b:
                    20:4b:b7:d4:0d:a3:7c:df:93:07:95:ab:33:47:5b:
                    60:68:99:94:9a:d3:47:45:65:5b:36:fb:61:a9:82:
                    0b:70:b0:da:f8:53:ae:aa:a3:92:9d:f0:e8:b4:ae:
                    78:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6D:C4:AA:CE:D1:8B:59:69:9C:95:4F:FB:30:28:35:C5:F0:4C:73
            X509v3 Authority Key Identifier:
                keyid:96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/uW3Eqs7Ri1lpnJVP-zAoNcXwTHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.74.0/24
                  178.130.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:34:32:e0:0c:81:e4:67:de:fa:a8:8a:f1:2a:79:d1:fc:7c:
         db:52:40:95:f9:01:16:6b:7d:d9:07:82:df:4b:a0:c3:cc:5c:
         88:13:56:e5:52:4c:d0:52:50:d7:a7:d0:9b:62:85:52:e1:86:
         b8:b7:1f:12:95:22:d6:c5:70:cf:78:1a:08:b9:a9:db:f4:c7:
         5e:eb:ab:b3:1c:21:b4:ec:5c:13:f1:6d:d4:52:e0:7b:5b:a6:
         ff:fa:a6:8f:01:c1:47:91:1a:41:af:38:f7:67:f1:67:08:fe:
         00:a3:29:da:83:7b:74:73:42:67:6e:37:10:ee:11:0a:fb:6c:
         fa:56:5b:e9:93:6f:53:8d:ca:f3:04:65:77:69:a6:38:8f:a0:
         95:68:20:39:8c:05:99:c5:cd:58:12:9f:ab:99:89:d7:b6:f5:
         54:e1:04:64:3c:b0:66:f0:5b:9a:99:3d:ac:5c:39:24:32:4d:
         23:4b:1d:d3:44:be:7c:48:d7:c9:c0:bc:ee:e6:c6:94:e2:92:
         84:75:e9:2b:fb:16:c0:df:f1:43:ab:03:43:e6:d3:89:ad:7e:
         84:6b:54:cd:e8:30:b2:3e:be:e4:b2:1f:12:1d:91:b6:ab:65:
         dc:c8:ec:dc:af:b2:95:6b:b2:30:0a:0b:fb:a1:4d:f7:3e:09:
         2d:28:ac:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt57LbIlETirSuvIWFjqdTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZmY0NWU2ZGU0OGJmYzAzOTdkYWNhZDgzYTg0ODMxZGI3
OTUyZDEwHhcNMjYwMTAxMTQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZkYzRhYWNlZDE4YjU5Njk5Yzk1NGZmYjMwMjgzNWM1ZjA0YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmGrIQ8ajTMSobTTe0vaT9tItEMr
oJT0wTtIRfb9YvKBrTRKVTf2RNuHwq6+If/fo1nUZMMtEwtyVXqevvvsjyyjPzH3
KjcO3TZcebsrAwNvvi+nahPHH8Jeb0vR+HJijIOmNIUKFrGYDHakYld0jO1D1U2c
/7jwHqwLdtoRdPOQAbJK362+GiKEcxSC7+RuBe1uBMRKJJXIUf+iTCpmvZ2X46/n
EKbkCf7+apGbEgKQMsZHFF4M0xiJAoPu16jQspaRV4WCX7PhLd1ciaHnHDsgS7fU
DaN835MHlaszR1tgaJmUmtNHRWVbNvthqYILcLDa+FOuqqOSnfDotK545QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLltxKrO0YtZaZyVT/swKDXF8ExzMB8GA1UdIwQY
MBaAFJb/RebeSL/AOX2srYOoSDHbeVLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAt
MGY1ZDM3OTdhMzI1LzEvdVczRXFzN1JpMWxwbkpWUC16QW9OY1h3VEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAtMGY1ZDM3OTdhMzI1
LzEvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbaxKAwQB
soKAMA0GCSqGSIb3DQEBCwUAA4IBAQAnNDLgDIHkZ976qIrxKnnR/HzbUkCV+QEW
a33ZB4LfS6DDzFyIE1blUkzQUlDXp9CbYoVS4Ya4tx8SlSLWxXDPeBoIuanb9Mde
66uzHCG07FwT8W3UUuB7W6b/+qaPAcFHkRpBrzj3Z/FnCP4Aoynag3t0c0JnbjcQ
7hEK+2z6Vlvpk29TjcrzBGV3aaY4j6CVaCA5jAWZxc1YEp+rmYnXtvVU4QRkPLBm
8FuamT2sXDkkMk0jSx3TRL58SNfJwLzu5saU4pKEdekr+xbA3/FDqwND5tOJrX6E
a1TN6DCyPr7ksh8SHZG2q2XcyOzcr7KVa7IwCgv7oU33PgktKKwt
-----END CERTIFICATE-----