Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/KGRopBEr2JpxilCBAZtc3t1Ntic.roa
File:                     KGRopBEr2JpxilCBAZtc3t1Ntic.roa (raw, json)
Hash identifier:          AM42hyN+7UGqA0TYL4NFEGX9snO0u+0KggTGwFgB5mc=
Subject key identifier:   28:64:68:A4:11:2B:D8:9A:71:8A:50:81:01:9B:5C:DE:DD:4D:B6:27
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       019EB1C5D0DD0361A519B0BAF81614A27D1A
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/KGRopBEr2JpxilCBAZtc3t1Ntic.roa
Signing time:             Wed 10 Jun 2026 13:43:11 +0000
ROA not before:           Wed 10 Jun 2026 13:43:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147003
IP address blocks:        45.158.60.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:c5:d0:dd:03:61:a5:19:b0:ba:f8:16:14:a2:7d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: Jun 10 13:43:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=286468a4112bd89a718a5081019b5cdedd4db627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ed:93:69:98:64:4c:93:11:fb:99:e8:e0:31:
                    8b:5a:36:be:ec:e2:3f:20:a1:57:2c:a5:80:8f:e7:
                    6f:bb:87:04:a5:03:1c:df:63:38:fd:02:70:31:1c:
                    bc:e5:8f:d3:96:b0:88:87:96:ea:7a:ad:de:a2:5b:
                    25:ec:5e:08:2d:61:50:8b:dc:b7:d6:74:e0:bc:50:
                    28:93:8b:d2:39:a8:c4:dc:d4:95:b5:75:29:f2:ac:
                    27:88:40:58:6e:31:c4:12:01:ff:19:d2:2d:8a:97:
                    cb:09:f4:88:6b:4f:ba:2e:cb:7c:dc:02:4b:65:65:
                    20:cb:93:8c:71:7c:15:e2:68:e9:35:1d:56:be:e9:
                    d8:92:1e:4b:10:54:6a:4c:7f:92:48:b1:77:99:07:
                    fd:da:51:8b:9b:a8:06:75:ca:9c:11:36:63:35:98:
                    76:36:11:4f:1c:c8:0a:7d:63:f6:b4:35:08:ed:8c:
                    95:b9:f7:26:80:52:95:43:a5:f5:ec:d9:3c:e7:f2:
                    7c:60:e3:01:1a:f3:91:e0:2b:b5:c7:0d:d8:d7:e3:
                    88:7a:59:5e:34:e4:f9:7f:df:a4:67:d5:32:99:03:
                    0a:f2:a1:8a:aa:31:60:39:fb:e6:41:61:f2:50:33:
                    2e:f7:b9:90:e9:39:40:6a:42:4b:35:99:f8:e8:f9:
                    21:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:64:68:A4:11:2B:D8:9A:71:8A:50:81:01:9B:5C:DE:DD:4D:B6:27
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/KGRopBEr2JpxilCBAZtc3t1Ntic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:a0:bc:d7:67:b7:cb:61:ab:90:02:45:5f:d2:c3:e7:de:3f:
         9f:d8:64:39:9b:9a:14:ff:82:8f:40:1f:e7:a2:b7:e3:a5:48:
         d6:af:0e:4d:e2:a1:b7:d6:34:fb:3c:64:c0:8f:b8:64:5c:2f:
         35:c2:b6:41:db:2b:35:45:be:1a:7f:f8:4c:66:55:76:8f:90:
         80:a3:19:e4:84:5e:a6:05:f9:e2:74:35:bd:5b:ee:b7:0b:b8:
         25:30:8a:3b:ff:79:30:c5:c5:1b:8f:21:e5:fc:73:b1:c7:b1:
         6a:5a:8e:3c:41:9d:73:b0:d3:df:02:73:fe:51:d1:b7:4d:48:
         eb:31:62:17:e6:5f:4f:d8:66:96:60:97:2c:21:c5:1e:05:0f:
         e7:3a:ec:29:72:60:d9:04:71:6c:b0:df:8b:79:1e:73:06:e9:
         80:6b:95:a2:87:67:29:24:0a:ed:7d:e7:04:f5:13:a0:39:2b:
         c3:96:80:07:05:6c:c2:4a:ec:d2:32:76:8d:6a:e4:78:8e:bb:
         18:57:cd:27:b4:48:63:1d:f6:e8:7d:aa:83:50:2e:35:79:17:
         9f:e5:bb:e1:06:1c:7e:1f:51:23:da:27:e4:ce:fd:f6:43:31:
         0d:d6:62:9b:94:3b:bf:97:8a:46:9d:89:da:34:8c:b3:de:18:
         59:54:3a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xxdDdA2GlGbC6+BYUon0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjYwNjEwMTM0MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODY0NjhhNDExMmJkODlhNzE4YTUwODEwMTliNWNkZWRkNGRiNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe2TaZhkTJMR+5no4DGLWja+7OI/
IKFXLKWAj+dvu4cEpQMc32M4/QJwMRy85Y/TlrCIh5bqeq3eolsl7F4ILWFQi9y3
1nTgvFAok4vSOajE3NSVtXUp8qwniEBYbjHEEgH/GdItipfLCfSIa0+6Lst83AJL
ZWUgy5OMcXwV4mjpNR1WvunYkh5LEFRqTH+SSLF3mQf92lGLm6gGdcqcETZjNZh2
NhFPHMgKfWP2tDUI7YyVufcmgFKVQ6X17Nk85/J8YOMBGvOR4Cu1xw3Y1+OIelle
NOT5f9+kZ9UymQMK8qGKqjFgOfvmQWHyUDMu97mQ6TlAakJLNZn46PkhywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChkaKQRK9iacYpQgQGbXN7dTbYnMB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEvS0dSb3BCRXIySnB4aWxDQkFadGMzdDFOdGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ48MA0G
CSqGSIb3DQEBCwUAA4IBAQCIoLzXZ7fLYauQAkVf0sPn3j+f2GQ5m5oU/4KPQB/n
orfjpUjWrw5N4qG31jT7PGTAj7hkXC81wrZB2ys1Rb4af/hMZlV2j5CAoxnkhF6m
BfnidDW9W+63C7glMIo7/3kwxcUbjyHl/HOxx7FqWo48QZ1zsNPfAnP+UdG3TUjr
MWIX5l9P2GaWYJcsIcUeBQ/nOuwpcmDZBHFssN+LeR5zBumAa5Wih2cpJArtfecE
9ROgOSvDloAHBWzCSuzSMnaNauR4jrsYV80ntEhjHfbofaqDUC41eRef5bvhBhx+
H1Ej2ifkzv32QzEN1mKblDu/l4pGnYnaNIyz3hhZVDpi
-----END CERTIFICATE-----