Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/iJabTTtAtZd2-Bt3JGr6szkGsok.roa
File:                     iJabTTtAtZd2-Bt3JGr6szkGsok.roa (raw, json)
Hash identifier:          0sW3IKzf/8J/9kZJ3JO4MPvHO33GYi073LMRFSBG6BU=
Subject key identifier:   88:96:9B:4D:3B:40:B5:97:76:F8:1B:77:24:6A:FA:B3:39:06:B2:89
Certificate issuer:       /CN=91e6d3242257b2965b6278ff8c17e16ff3f08b21
Certificate serial:       019D4D3B9D9FD86E8FB914A14F817DBD8539
Authority key identifier: 91:E6:D3:24:22:57:B2:96:5B:62:78:FF:8C:17:E1:6F:F3:F0:8B:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kebTJCJXspZbYnj_jBfhb_PwiyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/iJabTTtAtZd2-Bt3JGr6szkGsok.roa
Signing time:             Thu 02 Apr 2026 08:07:25 +0000
ROA not before:           Thu 02 Apr 2026 08:07:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        185.63.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/kebTJCJXspZbYnj_jBfhb_PwiyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/kebTJCJXspZbYnj_jBfhb_PwiyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kebTJCJXspZbYnj_jBfhb_PwiyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:3b:9d:9f:d8:6e:8f:b9:14:a1:4f:81:7d:bd:85:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91e6d3242257b2965b6278ff8c17e16ff3f08b21
        Validity
            Not Before: Apr  2 08:07:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88969b4d3b40b59776f81b77246afab33906b289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:57:81:02:e0:59:e1:55:2f:e0:65:b7:5b:
                    07:a4:1a:98:3d:8c:5c:88:fb:de:76:da:ec:44:2e:
                    c2:23:92:14:5e:2e:a0:60:d1:45:1c:da:34:b9:24:
                    85:b5:b0:01:5c:f1:56:65:bb:f4:84:e0:96:c1:58:
                    6b:7a:dc:77:11:37:25:45:da:b1:c6:86:4e:4e:79:
                    93:18:fa:cd:ef:9e:99:67:7f:93:96:f2:4a:0c:e9:
                    8f:44:a2:89:ce:fc:de:84:08:58:08:ab:f1:73:70:
                    4a:6c:0c:15:e3:4c:e3:ba:26:de:39:21:61:ec:f6:
                    a9:d4:38:55:57:39:65:df:a7:24:2a:87:25:f9:4b:
                    75:87:39:ad:e3:25:69:45:6d:6e:b5:de:b9:b9:aa:
                    41:86:54:0c:c3:96:0b:de:e8:fc:d3:97:c9:42:79:
                    c9:be:6b:0e:45:5c:6e:52:67:b4:5e:5c:21:e3:09:
                    4b:0a:c9:6e:70:ec:93:5b:bb:12:f9:60:e4:c5:a1:
                    0c:5f:1c:2a:71:7b:21:ae:1e:c0:2a:69:19:78:98:
                    7f:47:09:96:8b:65:b2:98:b0:63:23:a2:6a:ed:01:
                    f0:70:0a:a5:18:19:1d:57:80:73:d0:9d:1c:dc:02:
                    f0:a1:77:9b:7b:db:03:b4:a5:04:2c:29:58:be:d2:
                    73:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:96:9B:4D:3B:40:B5:97:76:F8:1B:77:24:6A:FA:B3:39:06:B2:89
            X509v3 Authority Key Identifier:
                keyid:91:E6:D3:24:22:57:B2:96:5B:62:78:FF:8C:17:E1:6F:F3:F0:8B:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kebTJCJXspZbYnj_jBfhb_PwiyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/iJabTTtAtZd2-Bt3JGr6szkGsok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/0c0f61-b69c-4657-9867-7e74a6a98ecd/1/kebTJCJXspZbYnj_jBfhb_PwiyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:23:cc:85:22:c0:17:62:30:50:37:42:98:d9:91:c4:88:95:
         85:70:ef:87:27:72:62:40:d1:69:af:eb:c0:4c:24:9c:07:da:
         3f:d5:b6:50:b6:fa:e0:b0:e7:e1:d0:4d:85:fd:4a:f1:c0:eb:
         d7:3e:a6:fe:ef:2b:57:98:1a:58:80:20:cd:2b:d5:5d:81:34:
         51:f4:51:6e:b2:b6:09:6a:ef:7e:c9:2e:05:47:e4:2c:6d:a5:
         9f:2f:1b:b4:93:8c:9e:b3:01:ef:44:1a:72:1e:10:34:15:2a:
         47:e9:ed:d3:57:63:d8:9d:16:ac:c5:5b:66:c5:b6:95:47:4b:
         2b:89:7d:3b:f6:dc:20:b8:af:de:96:1a:86:58:27:47:72:bf:
         33:04:61:b6:87:ce:e7:1c:0c:26:7b:48:b6:9a:f4:d6:ab:19:
         3e:ef:36:33:22:64:00:f7:b8:b5:a4:cb:20:b0:56:90:43:cc:
         2f:54:68:53:7f:18:1b:27:a9:75:a9:89:ab:30:6d:24:38:63:
         71:72:2d:07:e5:03:d8:53:95:c6:74:c8:70:da:4c:b5:12:2a:
         b5:3f:57:cb:62:55:19:e0:c6:74:d5:f8:8c:1c:c5:39:33:c2:
         d4:31:9d:e5:f8:44:63:f2:0b:75:1b:0e:f6:91:19:bc:16:5f:
         3d:90:cf:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NO52f2G6PuRShT4F9vYU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZTZkMzI0MjI1N2IyOTY1YjYyNzhmZjhjMTdlMTZmZjNm
MDhiMjEwHhcNMjYwNDAyMDgwNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODk2OWI0ZDNiNDBiNTk3NzZmODFiNzcyNDZhZmFiMzM5MDZiMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1lXgQLgWeFVL+Blt1sHpBqYPYxc
iPvedtrsRC7CI5IUXi6gYNFFHNo0uSSFtbABXPFWZbv0hOCWwVhretx3ETclRdqx
xoZOTnmTGPrN756ZZ3+TlvJKDOmPRKKJzvzehAhYCKvxc3BKbAwV40zjuibeOSFh
7Pap1DhVVzll36ckKocl+Ut1hzmt4yVpRW1utd65uapBhlQMw5YL3uj805fJQnnJ
vmsORVxuUme0Xlwh4wlLCslucOyTW7sS+WDkxaEMXxwqcXshrh7AKmkZeJh/RwmW
i2WymLBjI6Jq7QHwcAqlGBkdV4Bz0J0c3ALwoXebe9sDtKUELClYvtJziwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiWm007QLWXdvgbdyRq+rM5BrKJMB8GA1UdIwQY
MBaAFJHm0yQiV7KWW2J4/4wX4W/z8IshMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2ViVEpDSlhzcFpiWW5qX2pCZmhiX1B3aXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wYzBmNjEtYjY5Yy00NjU3LTk4Njct
N2U3NGE2YTk4ZWNkLzEvaUphYlRUdEF0WmQyLUJ0M0pHcjZzemtHc29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wYzBmNjEtYjY5Yy00NjU3LTk4NjctN2U3NGE2YTk4ZWNk
LzEva2ViVEpDSlhzcFpiWW5qX2pCZmhiX1B3aXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT9JMA0G
CSqGSIb3DQEBCwUAA4IBAQA8I8yFIsAXYjBQN0KY2ZHEiJWFcO+HJ3JiQNFpr+vA
TCScB9o/1bZQtvrgsOfh0E2F/UrxwOvXPqb+7ytXmBpYgCDNK9VdgTRR9FFusrYJ
au9+yS4FR+QsbaWfLxu0k4yeswHvRBpyHhA0FSpH6e3TV2PYnRasxVtmxbaVR0sr
iX079twguK/elhqGWCdHcr8zBGG2h87nHAwme0i2mvTWqxk+7zYzImQA97i1pMsg
sFaQQ8wvVGhTfxgbJ6l1qYmrMG0kOGNxci0H5QPYU5XGdMhw2ky1Eiq1P1fLYlUZ
4MZ01fiMHMU5M8LUMZ3l+ERj8gt1Gw72kRm8Fl89kM+8
-----END CERTIFICATE-----