Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/O1uFtg6wuLhrdqUneGoI-viUEDA.roa
File:                     O1uFtg6wuLhrdqUneGoI-viUEDA.roa (raw, json)
Hash identifier:          4WLi2bkwD7hhzZv3R/usE+9JZdJI8FhP2vDUzbQmMeM=
Subject key identifier:   3B:5B:85:B6:0E:B0:B8:B8:6B:76:A5:27:78:6A:08:FA:F8:94:10:30
Certificate issuer:       /CN=aea84d7e64ba3e85b57036c7318f93cc3d94d187
Certificate serial:       019B78A350609DDA87BF5A8ECF9C18C330C4
Authority key identifier: AE:A8:4D:7E:64:BA:3E:85:B5:70:36:C7:31:8F:93:CC:3D:94:D1:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/O1uFtg6wuLhrdqUneGoI-viUEDA.roa
Signing time:             Thu 01 Jan 2026 08:18:47 +0000
ROA not before:           Thu 01 Jan 2026 08:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16184
IP address blocks:        193.109.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:50:60:9d:da:87:bf:5a:8e:cf:9c:18:c3:30:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aea84d7e64ba3e85b57036c7318f93cc3d94d187
        Validity
            Not Before: Jan  1 08:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b5b85b60eb0b8b86b76a527786a08faf8941030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e8:ba:95:c1:3f:d9:d5:b4:06:9a:86:7b:d0:
                    a6:9d:31:24:7a:e3:b6:ee:1a:b3:40:e6:5d:c6:a1:
                    8a:e2:d8:c7:15:60:eb:2e:ff:77:96:76:7c:ee:dd:
                    d5:ee:1e:db:9d:74:63:99:8c:bb:14:51:60:98:29:
                    8d:f7:c9:5c:f8:86:d6:9e:a6:96:26:54:17:e2:07:
                    e7:cc:76:5e:a1:a7:d4:d1:fb:ad:ac:60:6b:b0:c0:
                    36:29:2d:35:69:04:53:17:ee:26:bf:2c:91:a0:60:
                    0a:a9:60:c4:a5:b5:a3:63:23:1f:c8:9d:4a:f9:f9:
                    df:5d:53:66:90:78:4e:65:a0:d9:9e:80:d9:cd:f1:
                    62:68:be:ba:5a:86:31:5e:1f:e6:8d:70:c7:bf:03:
                    f0:fe:51:fe:ad:4c:97:78:41:e6:28:27:83:5c:96:
                    41:27:28:1d:24:09:f8:20:1f:c4:45:cf:92:26:ad:
                    c7:51:a7:9b:0b:d5:e6:18:75:86:07:39:91:5c:54:
                    38:a7:22:5a:66:7a:0c:4d:4a:0a:85:c4:27:93:ff:
                    17:6c:42:da:3b:27:2c:33:aa:33:0e:68:50:09:c4:
                    4a:4e:23:78:b7:47:82:18:fa:58:27:85:b7:29:06:
                    ba:09:2d:9f:c3:77:c2:91:4f:ff:22:c3:d2:85:9f:
                    05:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5B:85:B6:0E:B0:B8:B8:6B:76:A5:27:78:6A:08:FA:F8:94:10:30
            X509v3 Authority Key Identifier:
                keyid:AE:A8:4D:7E:64:BA:3E:85:B5:70:36:C7:31:8F:93:CC:3D:94:D1:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/O1uFtg6wuLhrdqUneGoI-viUEDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:98:39:92:ed:ce:4f:ca:dc:a1:02:3b:e1:dc:41:ce:67:8c:
         81:72:ab:f7:31:33:83:e1:c8:a1:d1:9f:59:23:bd:d0:5a:d8:
         63:c4:ff:4f:cc:cf:9a:7d:62:6b:87:9f:c1:ff:58:63:14:85:
         3d:f4:27:02:ea:87:87:d7:d4:7d:eb:ee:8e:ec:81:c4:2b:49:
         fa:16:0a:01:4e:8a:81:d9:00:ba:be:7d:eb:be:de:2b:26:cf:
         64:07:c0:ce:fa:4d:57:c9:0e:16:ef:9d:90:96:bf:c7:c4:e4:
         35:3d:d7:6d:f4:25:43:75:68:41:bd:db:0a:95:64:33:e7:47:
         99:46:bd:89:73:e9:df:a4:3a:d8:a8:56:93:af:0b:0f:58:6a:
         b5:62:44:84:e1:74:d7:31:6e:60:d9:c7:e7:2f:ce:ba:1a:da:
         51:ef:bf:f6:e4:ab:9e:25:a7:5b:63:43:ac:6e:00:58:f7:f4:
         36:e1:cb:f9:2d:cb:1e:97:b8:41:c6:06:8c:41:62:85:a5:97:
         e0:4b:b8:c2:37:f2:95:d9:e9:77:94:60:48:18:9c:4e:e2:22:
         9f:e6:30:53:e9:82:7e:55:5e:0d:52:37:3c:e2:9b:fd:9f:30:
         8d:b2:94:9a:02:6c:6d:54:67:b9:ec:c2:c8:c4:05:11:07:7b:
         ea:7d:2f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o1BgndqHv1qOz5wYwzDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYTg0ZDdlNjRiYTNlODViNTcwMzZjNzMxOGY5M2NjM2Q5
NGQxODcwHhcNMjYwMTAxMDgxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjViODViNjBlYjBiOGI4NmI3NmE1Mjc3ODZhMDhmYWY4OTQxMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsei6lcE/2dW0BpqGe9CmnTEkeuO2
7hqzQOZdxqGK4tjHFWDrLv93lnZ87t3V7h7bnXRjmYy7FFFgmCmN98lc+IbWnqaW
JlQX4gfnzHZeoafU0futrGBrsMA2KS01aQRTF+4mvyyRoGAKqWDEpbWjYyMfyJ1K
+fnfXVNmkHhOZaDZnoDZzfFiaL66WoYxXh/mjXDHvwPw/lH+rUyXeEHmKCeDXJZB
JygdJAn4IB/ERc+SJq3HUaebC9XmGHWGBzmRXFQ4pyJaZnoMTUoKhcQnk/8XbELa
OycsM6ozDmhQCcRKTiN4t0eCGPpYJ4W3KQa6CS2fw3fCkU//IsPShZ8FtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtbhbYOsLi4a3alJ3hqCPr4lBAwMB8GA1UdIwQY
MBaAFK6oTX5kuj6FtXA2xzGPk8w9lNGHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnFoTmZtUzZQb1cxY0RiSE1ZLVR6RDJVMFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xNTdmMWUtN2NmOC00ZDk4LWE5MjQt
OTdjMzMyZjcyMzlkLzEvTzF1RnRnNnd1TGhyZHFVbmVHb0ktdmlVRURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xNTdmMWUtN2NmOC00ZDk4LWE5MjQtOTdjMzMyZjcyMzlk
LzEvcnFoTmZtUzZQb1cxY0RiSE1ZLVR6RDJVMFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW18MA0G
CSqGSIb3DQEBCwUAA4IBAQAemDmS7c5PytyhAjvh3EHOZ4yBcqv3MTOD4cih0Z9Z
I73QWthjxP9PzM+afWJrh5/B/1hjFIU99CcC6oeH19R96+6O7IHEK0n6FgoBToqB
2QC6vn3rvt4rJs9kB8DO+k1XyQ4W752Qlr/HxOQ1Pddt9CVDdWhBvdsKlWQz50eZ
Rr2Jc+nfpDrYqFaTrwsPWGq1YkSE4XTXMW5g2cfnL866GtpR77/25KueJadbY0Os
bgBY9/Q24cv5Lcsel7hBxgaMQWKFpZfgS7jCN/KV2el3lGBIGJxO4iKf5jBT6YJ+
VV4NUjc84pv9nzCNspSaAmxtVGe57MLIxAURB3vqfS+C
-----END CERTIFICATE-----