Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/Pgbn6hrf4EkvsSBtNvev-Bd5nHU.roa
File:                     Pgbn6hrf4EkvsSBtNvev-Bd5nHU.roa (raw, json)
Hash identifier:          3rY+o6/gK4Ian4zoARE3q3IlKhQ6YIhyFaECvqjHp7M=
Subject key identifier:   3E:06:E7:EA:1A:DF:E0:49:2F:B1:20:6D:36:F7:AF:F8:17:79:9C:75
Certificate issuer:       /CN=2aab6db005f8ecd9a121c636858075ef13145db0
Certificate serial:       019B76EAE62DC31A3350CE9144AA3787D8F6
Authority key identifier: 2A:AB:6D:B0:05:F8:EC:D9:A1:21:C6:36:85:80:75:EF:13:14:5D:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqttsAX47NmhIcY2hYB17xMUXbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/Pgbn6hrf4EkvsSBtNvev-Bd5nHU.roa
Signing time:             Thu 01 Jan 2026 00:17:44 +0000
ROA not before:           Thu 01 Jan 2026 00:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29015
IP address blocks:        195.245.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/KqttsAX47NmhIcY2hYB17xMUXbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/KqttsAX47NmhIcY2hYB17xMUXbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqttsAX47NmhIcY2hYB17xMUXbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:e6:2d:c3:1a:33:50:ce:91:44:aa:37:87:d8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aab6db005f8ecd9a121c636858075ef13145db0
        Validity
            Not Before: Jan  1 00:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e06e7ea1adfe0492fb1206d36f7aff817799c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:62:03:7b:9d:54:be:ca:75:89:da:44:44:74:
                    5e:e6:84:46:96:93:d7:f2:1e:b7:81:c3:e4:a3:fb:
                    cb:d6:5c:3f:8e:b4:85:b0:ed:0c:15:97:27:03:92:
                    f2:81:fc:9f:3f:bc:1f:95:8d:e3:0b:89:a0:41:27:
                    66:60:34:fc:56:56:07:11:94:7c:30:21:cd:05:37:
                    91:d9:c7:90:fc:0c:71:31:8c:6a:86:16:d1:30:67:
                    3e:2e:60:69:53:ea:e0:e3:ee:64:c9:fb:c6:0f:e3:
                    85:5f:91:f8:2c:1d:4f:cd:18:fa:f1:b3:7a:e7:11:
                    e9:bf:41:3e:ea:fe:c3:2d:59:27:c6:d1:49:2c:cc:
                    5d:b8:35:c3:17:3b:ba:28:c1:e4:9c:cc:c1:4b:d5:
                    9a:ed:f5:37:b3:36:65:a1:6f:60:78:da:cd:84:36:
                    d0:c4:50:0b:59:06:b6:9d:44:17:9b:4f:78:46:0f:
                    bb:e3:ea:ab:20:60:19:2d:06:30:cd:ed:60:c2:74:
                    7f:f1:3e:58:8b:e3:89:9f:85:ef:ba:a5:57:3c:d3:
                    ce:dc:7c:cb:49:65:5d:05:32:6d:5d:7b:20:6c:83:
                    06:ad:8e:95:f6:79:ba:31:79:a6:cd:50:6d:fe:59:
                    8a:82:93:b2:e3:ee:49:ca:d7:b4:4f:0c:b2:57:0a:
                    38:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:06:E7:EA:1A:DF:E0:49:2F:B1:20:6D:36:F7:AF:F8:17:79:9C:75
            X509v3 Authority Key Identifier:
                keyid:2A:AB:6D:B0:05:F8:EC:D9:A1:21:C6:36:85:80:75:EF:13:14:5D:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqttsAX47NmhIcY2hYB17xMUXbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/Pgbn6hrf4EkvsSBtNvev-Bd5nHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/8c17ba-5ab4-4f59-b4be-ad6a81b82a17/1/KqttsAX47NmhIcY2hYB17xMUXbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d0:e1:fb:7f:99:19:cb:ca:de:66:37:ea:ee:fe:c5:1b:10:
         7c:26:25:5b:bd:30:01:56:1d:6b:75:8d:6d:a5:9e:0c:2c:77:
         48:1d:4b:38:b1:c8:28:8b:f4:d7:08:25:3b:9f:0e:c3:a9:ae:
         1d:10:bd:85:3c:79:c8:f2:a2:22:0f:f1:d2:4c:09:38:1c:3a:
         ab:1c:fc:00:3a:95:0f:4c:44:ae:66:e5:76:44:ac:2b:93:f5:
         bf:5b:ed:3a:93:4b:c1:ed:e5:d4:d6:0a:18:70:3f:a7:97:b1:
         7e:d5:11:19:94:a8:e8:c7:10:6b:f7:c4:64:95:cb:8e:66:f8:
         d9:7c:95:14:d8:53:f6:c8:6b:1a:64:16:55:23:ce:bd:f4:f2:
         d1:c7:e0:e0:7e:9c:ff:b5:6f:2f:0d:fc:3b:9e:ac:35:f5:ca:
         c2:ca:d9:71:0f:1b:61:53:50:bb:4c:c3:f0:46:52:85:a9:e8:
         1b:fb:a3:be:00:7e:1e:91:09:84:02:f8:62:1b:03:58:1e:5f:
         0f:a4:86:3a:c1:8c:37:5d:2e:99:ee:53:8e:1e:1c:a2:0c:0f:
         3d:03:a6:0d:3f:90:4f:60:29:97:d6:ee:81:74:83:a7:b1:97:
         77:f7:4e:11:be:03:f7:c7:51:9e:0f:30:ed:e6:bf:4e:c3:41:
         8e:24:95:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26uYtwxozUM6RRKo3h9j2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYWI2ZGIwMDVmOGVjZDlhMTIxYzYzNjg1ODA3NWVmMTMx
NDVkYjAwHhcNMjYwMTAxMDAxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTA2ZTdlYTFhZGZlMDQ5MmZiMTIwNmQzNmY3YWZmODE3Nzk5Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGIDe51Uvsp1idpERHRe5oRGlpPX
8h63gcPko/vL1lw/jrSFsO0MFZcnA5LygfyfP7wflY3jC4mgQSdmYDT8VlYHEZR8
MCHNBTeR2ceQ/AxxMYxqhhbRMGc+LmBpU+rg4+5kyfvGD+OFX5H4LB1PzRj68bN6
5xHpv0E+6v7DLVknxtFJLMxduDXDFzu6KMHknMzBS9Wa7fU3szZloW9geNrNhDbQ
xFALWQa2nUQXm094Rg+74+qrIGAZLQYwze1gwnR/8T5Yi+OJn4XvuqVXPNPO3HzL
SWVdBTJtXXsgbIMGrY6V9nm6MXmmzVBt/lmKgpOy4+5Jyte0TwyyVwo44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4G5+oa3+BJL7EgbTb3r/gXeZx1MB8GA1UdIwQY
MBaAFCqrbbAF+OzZoSHGNoWAde8TFF2wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3F0dHNBWDQ3Tm1oSWNZMmhZQjE3eE1VWGJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi84YzE3YmEtNWFiNC00ZjU5LWI0YmUt
YWQ2YTgxYjgyYTE3LzEvUGdibjZocmY0RWt2c1NCdE52ZXYtQmQ1bkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi84YzE3YmEtNWFiNC00ZjU5LWI0YmUtYWQ2YTgxYjgyYTE3
LzEvS3F0dHNBWDQ3Tm1oSWNZMmhZQjE3eE1VWGJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/X6MA0G
CSqGSIb3DQEBCwUAA4IBAQAz0OH7f5kZy8reZjfq7v7FGxB8JiVbvTABVh1rdY1t
pZ4MLHdIHUs4scgoi/TXCCU7nw7Dqa4dEL2FPHnI8qIiD/HSTAk4HDqrHPwAOpUP
TESuZuV2RKwrk/W/W+06k0vB7eXU1goYcD+nl7F+1REZlKjoxxBr98RklcuOZvjZ
fJUU2FP2yGsaZBZVI8699PLRx+Dgfpz/tW8vDfw7nqw19crCytlxDxthU1C7TMPw
RlKFqegb+6O+AH4ekQmEAvhiGwNYHl8PpIY6wYw3XS6Z7lOOHhyiDA89A6YNP5BP
YCmX1u6BdIOnsZd3904RvgP3x1GeDzDt5r9Ow0GOJJVb
-----END CERTIFICATE-----