Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/jHRwpwBbX-lEZAQUaNVhGoh4-38.roa
File:                     jHRwpwBbX-lEZAQUaNVhGoh4-38.roa (raw, json)
Hash identifier:          1wDI2XXXth808yD9Qxe5ic1fW+GBw0yvicdO69uEWKs=
Subject key identifier:   8C:74:70:A7:00:5B:5F:E9:44:64:04:14:68:D5:61:1A:88:78:FB:7F
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019E9724C752C166F33EB2EB2D61293BDCEE
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/jHRwpwBbX-lEZAQUaNVhGoh4-38.roa
Signing time:             Fri 05 Jun 2026 09:37:10 +0000
ROA not before:           Fri 05 Jun 2026 09:37:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199734
IP address blocks:        89.167.132.0/24 maxlen: 24
                          89.167.164.0/24 maxlen: 24
                          89.167.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:24:c7:52:c1:66:f3:3e:b2:eb:2d:61:29:3b:dc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jun  5 09:37:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c7470a7005b5fe94464041468d5611a8878fb7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bc:94:33:0b:6d:b2:f3:63:a6:c3:19:f3:4a:
                    b0:b6:aa:ca:3d:cf:5f:ac:50:52:dd:9f:86:de:24:
                    a8:84:47:f0:9c:11:5c:eb:c2:ab:2b:5f:99:0d:dc:
                    03:de:aa:e4:7b:ee:c8:2e:32:2c:c1:43:62:a2:72:
                    29:38:20:3f:f4:f3:f2:74:09:d7:84:32:02:8a:92:
                    24:91:49:bc:fe:62:ca:66:9f:a0:72:f3:b7:9e:24:
                    ca:ed:56:50:8e:be:58:f0:0f:1e:a5:83:02:c9:de:
                    f0:52:96:b2:ff:c0:02:07:f6:51:66:d7:67:2b:64:
                    44:bb:9a:24:fa:2f:b0:8b:8c:75:e8:80:0b:bf:72:
                    dd:e6:5d:af:8a:8e:77:45:b0:03:89:0c:6e:ac:04:
                    77:cd:94:ed:f8:2f:fb:e2:30:50:8b:f3:12:89:38:
                    93:e8:f1:52:94:30:22:2f:22:0f:d4:ec:d8:78:99:
                    53:91:82:ec:e5:23:8c:8b:0d:d2:fa:48:f7:d3:fa:
                    91:21:b9:dd:4d:90:ad:a7:1a:34:6c:6c:1c:b1:30:
                    54:8d:c6:d0:73:ab:2e:67:93:7e:db:1b:08:32:e0:
                    ae:04:a4:a2:27:3a:b8:e9:2f:6b:10:3a:35:e0:98:
                    74:a3:1f:87:1a:e5:35:0b:c8:75:a0:9c:7f:52:48:
                    2a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:74:70:A7:00:5B:5F:E9:44:64:04:14:68:D5:61:1A:88:78:FB:7F
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/jHRwpwBbX-lEZAQUaNVhGoh4-38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.132.0/24
                  89.167.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:a4:00:6b:6d:4c:9a:58:9e:9d:5b:64:ed:59:4f:4e:5b:4c:
         6e:b6:ba:39:ef:ba:88:35:80:35:49:b2:c3:bb:31:ce:cb:7f:
         7f:62:a7:a8:ae:44:03:15:ee:83:a9:e0:e1:9b:ec:48:c1:72:
         3f:6b:ea:52:de:87:9d:55:07:1d:95:f2:70:06:22:1a:b5:1f:
         63:52:f8:9d:88:9c:44:37:27:41:b8:3a:4a:ae:cc:20:df:6b:
         3f:18:79:08:dd:a1:d7:2c:01:76:64:e3:02:ad:eb:b0:8d:d7:
         ec:14:2f:28:99:b3:de:3f:51:89:0f:31:96:78:e4:ee:d3:8f:
         0b:37:0e:3e:f9:72:b2:01:0b:e3:81:80:59:22:07:93:91:89:
         ea:89:93:fa:d1:be:e8:2f:8d:26:9c:1a:d4:1c:a8:d7:d1:bd:
         6c:5f:c9:d8:94:03:cf:d6:d6:77:82:d6:c5:41:84:51:27:9a:
         38:60:a1:16:e1:62:e8:b0:4c:1b:ae:40:f2:2d:4e:76:20:bb:
         c2:b5:07:40:dc:4e:3f:80:03:7d:91:4c:0c:d8:22:16:1f:f6:
         8d:82:dc:ab:1f:0a:a9:79:40:98:a6:9f:7f:75:36:b8:78:7e:
         48:58:62:4b:5a:b3:f4:83:1b:34:6e:0a:e6:62:56:33:b1:cf:
         8a:a2:1f:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6XJMdSwWbzPrLrLWEpO9zuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNjA1MDkzNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzc0NzBhNzAwNWI1ZmU5NDQ2NDA0MTQ2OGQ1NjExYTg4NzhmYjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LyUMwttsvNjpsMZ80qwtqrKPc9f
rFBS3Z+G3iSohEfwnBFc68KrK1+ZDdwD3qrke+7ILjIswUNionIpOCA/9PPydAnX
hDICipIkkUm8/mLKZp+gcvO3niTK7VZQjr5Y8A8epYMCyd7wUpay/8ACB/ZRZtdn
K2REu5ok+i+wi4x16IALv3Ld5l2vio53RbADiQxurAR3zZTt+C/74jBQi/MSiTiT
6PFSlDAiLyIP1OzYeJlTkYLs5SOMiw3S+kj30/qRIbndTZCtpxo0bGwcsTBUjcbQ
c6suZ5N+2xsIMuCuBKSiJzq46S9rEDo14Jh0ox+HGuU1C8h1oJx/UkgqJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIx0cKcAW1/pRGQEFGjVYRqIePt/MB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvakhSd3B3QmJYLWxFWkFRVWFOVmhHb2g0LTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWaeEAwQB
WaekMA0GCSqGSIb3DQEBCwUAA4IBAQBipABrbUyaWJ6dW2TtWU9OW0xutro577qI
NYA1SbLDuzHOy39/YqeorkQDFe6DqeDhm+xIwXI/a+pS3oedVQcdlfJwBiIatR9j
UvidiJxENydBuDpKrswg32s/GHkI3aHXLAF2ZOMCreuwjdfsFC8ombPeP1GJDzGW
eOTu048LNw4++XKyAQvjgYBZIgeTkYnqiZP60b7oL40mnBrUHKjX0b1sX8nYlAPP
1tZ3gtbFQYRRJ5o4YKEW4WLosEwbrkDyLU52ILvCtQdA3E4/gAN9kUwM2CIWH/aN
gtyrHwqpeUCYpp9/dTa4eH5IWGJLWrP0gxs0bgrmYlYzsc+Koh9/
-----END CERTIFICATE-----