Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/cKZJLTzeqYRhpsddyswZAoLcpsE.roa
File:                     cKZJLTzeqYRhpsddyswZAoLcpsE.roa (raw, json)
Hash identifier:          HgvgjBFasTjpcgFlyoecgapQ0MDuq029z3qYeWnH2Zk=
Subject key identifier:   70:A6:49:2D:3C:DE:A9:84:61:A6:C7:5D:CA:CC:19:02:82:DC:A6:C1
Certificate issuer:       /CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
Certificate serial:       019B7BA50E5DBCCEE3202F324763FC20CB45
Authority key identifier: CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/cKZJLTzeqYRhpsddyswZAoLcpsE.roa
Signing time:             Thu 01 Jan 2026 22:19:33 +0000
ROA not before:           Thu 01 Jan 2026 22:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41752
IP address blocks:        195.20.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:0e:5d:bc:ce:e3:20:2f:32:47:63:fc:20:cb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
        Validity
            Not Before: Jan  1 22:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70a6492d3cdea98461a6c75dcacc190282dca6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8a:0f:05:9d:3b:5e:ae:de:4f:9b:9d:f6:3a:
                    49:fe:e2:a0:35:f1:70:e4:d3:8b:8b:e9:25:c0:43:
                    e4:44:4c:0e:8e:17:9b:8d:b3:05:07:5e:ab:28:09:
                    48:33:ac:eb:de:0f:e9:60:5d:0b:d5:c5:7c:8d:8f:
                    d6:b9:d7:e9:2b:c2:61:47:40:ae:9d:b0:60:23:9b:
                    de:da:f0:8c:58:ea:96:6f:c3:9b:71:51:d0:c3:0e:
                    d7:2a:f7:a3:7e:92:c0:a6:f8:6d:74:56:d4:ed:72:
                    b3:11:60:cb:b8:98:6c:48:98:5f:20:6f:18:a8:ad:
                    fb:0d:10:c2:d9:1a:bf:64:b5:8a:7a:5e:d6:a2:cf:
                    14:b2:69:af:08:ab:47:41:e8:c2:46:f2:92:7e:b7:
                    c5:f9:a5:7a:a5:c3:42:30:c3:da:4f:0d:24:49:25:
                    5e:51:97:f9:4c:c1:c5:f9:b7:ca:39:07:a0:57:6d:
                    7c:d4:75:cb:cd:6c:fa:ad:a8:17:2b:62:2c:7a:b0:
                    6f:1a:24:f5:e6:25:f3:55:c5:03:c6:1c:7f:fa:5c:
                    3d:b7:1c:4d:ae:ac:ec:9e:59:e3:fb:36:f6:d4:bd:
                    81:35:7a:0b:f9:12:9a:cf:33:0c:c0:07:99:c6:f1:
                    dc:72:bd:b2:d9:02:52:ff:ce:8a:8e:d1:6b:4d:94:
                    ba:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A6:49:2D:3C:DE:A9:84:61:A6:C7:5D:CA:CC:19:02:82:DC:A6:C1
            X509v3 Authority Key Identifier:
                keyid:CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/cKZJLTzeqYRhpsddyswZAoLcpsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:3f:4b:66:ad:39:5e:b1:d6:1e:70:a6:45:37:4b:14:0f:21:
         0f:79:4d:23:12:56:1d:0a:57:53:48:33:9f:73:35:82:25:4c:
         ec:a3:ca:9f:6b:4f:fb:19:d0:37:bb:be:e2:9d:18:fd:0b:07:
         a0:db:d6:54:6b:d1:d7:d7:90:3c:e4:9b:90:74:b1:fa:c9:b8:
         bb:cb:a7:2c:2b:62:97:d8:47:6c:08:8d:1b:a3:42:16:c1:de:
         4f:4c:75:cd:78:68:5b:33:79:a9:a3:d2:3e:f2:9e:14:d6:4e:
         ec:1d:ea:fd:01:ed:c1:39:c3:18:13:92:6d:c3:83:de:b4:20:
         ff:e9:5b:00:2e:47:32:96:3e:73:8d:1a:55:54:8f:33:39:6c:
         a7:58:0e:34:04:b4:b5:2e:d0:76:a6:17:16:d1:56:0a:87:a3:
         b8:36:3a:e1:2d:bc:9b:97:2c:04:8e:04:4f:bf:83:22:39:e6:
         4b:fc:3d:a6:8b:8f:89:17:a3:8c:10:6c:19:18:d4:1f:1b:0f:
         d8:fd:18:ad:1d:7e:37:7e:a0:84:e6:e9:bd:e7:cd:bf:7a:00:
         e1:b5:11:9a:46:4c:78:98:cc:30:38:27:e0:83:c4:28:8d:7a:
         31:2c:69:79:9b:75:66:ac:f1:bc:8b:e7:98:c2:e0:12:bc:d6:
         67:8e:0c:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQ5dvM7jIC8yR2P8IMtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWE1MzU5MzVhNGJjNzg2YzFkZDc1YjdmMTA4N2YxM2Yz
ZTA4NzQwHhcNMjYwMTAxMjIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE2NDkyZDNjZGVhOTg0NjFhNmM3NWRjYWNjMTkwMjgyZGNhNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvooPBZ07Xq7eT5ud9jpJ/uKgNfFw
5NOLi+klwEPkREwOjhebjbMFB16rKAlIM6zr3g/pYF0L1cV8jY/WudfpK8JhR0Cu
nbBgI5ve2vCMWOqWb8ObcVHQww7XKvejfpLApvhtdFbU7XKzEWDLuJhsSJhfIG8Y
qK37DRDC2Rq/ZLWKel7Wos8UsmmvCKtHQejCRvKSfrfF+aV6pcNCMMPaTw0kSSVe
UZf5TMHF+bfKOQegV2181HXLzWz6ragXK2IserBvGiT15iXzVcUDxhx/+lw9txxN
rqzsnlnj+zb21L2BNXoL+RKazzMMwAeZxvHccr2y2QJS/86KjtFrTZS6ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCmSS083qmEYabHXcrMGQKC3KbBMB8GA1UdIwQY
MBaAFM1aU1k1pLx4bB3XW38Qh/E/Pgh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUt
MDVjMTNmODkwYjljLzEvY0taSkxUemVxWVJocHNkZHlzd1pBb0xjcHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUtMDVjMTNmODkwYjlj
LzEvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTKMA0G
CSqGSIb3DQEBCwUAA4IBAQAVP0tmrTlesdYecKZFN0sUDyEPeU0jElYdCldTSDOf
czWCJUzso8qfa0/7GdA3u77inRj9Cweg29ZUa9HX15A85JuQdLH6ybi7y6csK2KX
2EdsCI0bo0IWwd5PTHXNeGhbM3mpo9I+8p4U1k7sHer9Ae3BOcMYE5Jtw4PetCD/
6VsALkcylj5zjRpVVI8zOWynWA40BLS1LtB2phcW0VYKh6O4NjrhLbyblywEjgRP
v4MiOeZL/D2mi4+JF6OMEGwZGNQfGw/Y/RitHX43fqCE5um9582/egDhtRGaRkx4
mMwwOCfgg8QojXoxLGl5m3VmrPG8i+eYwuASvNZnjgwa
-----END CERTIFICATE-----