Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0g907WBXD4qZBS5Lv--lVG4AGmY.roa
File:                     0g907WBXD4qZBS5Lv--lVG4AGmY.roa (raw, json)
Hash identifier:          ADx0uWHqRsIMIEM4zrRsIaFkNMUykkO7aZ3mKfDHgOU=
Subject key identifier:   D2:0F:74:ED:60:57:0F:8A:99:05:2E:4B:BF:EF:A5:54:6E:00:1A:66
Certificate issuer:       /CN=d0f6cd30b4cfa193e226bba9282e366a22a3110f
Certificate serial:       019B77C684C9A6FEDB5187FB7637475B382F
Authority key identifier: D0:F6:CD:30:B4:CF:A1:93:E2:26:BB:A9:28:2E:36:6A:22:A3:11:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PbNMLTPoZPiJrupKC42aiKjEQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0g907WBXD4qZBS5Lv--lVG4AGmY.roa
Signing time:             Thu 01 Jan 2026 04:17:37 +0000
ROA not before:           Thu 01 Jan 2026 04:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51760
IP address blocks:        93.191.88.0/21 maxlen: 21
                          93.191.88.0/24 maxlen: 24
                          93.191.89.0/24 maxlen: 24
                          2a02:2820::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0PbNMLTPoZPiJrupKC42aiKjEQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0PbNMLTPoZPiJrupKC42aiKjEQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PbNMLTPoZPiJrupKC42aiKjEQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:84:c9:a6:fe:db:51:87:fb:76:37:47:5b:38:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f6cd30b4cfa193e226bba9282e366a22a3110f
        Validity
            Not Before: Jan  1 04:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d20f74ed60570f8a99052e4bbfefa5546e001a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9f:78:38:5c:e3:b1:4b:51:1c:57:37:fe:ca:
                    29:98:ee:0c:f2:97:11:e2:04:c7:a1:c4:59:92:e5:
                    74:93:34:65:64:d6:6c:f0:34:22:db:78:82:f3:97:
                    95:de:1c:46:3b:89:f4:d6:de:6f:e5:3c:0f:ce:e6:
                    cd:ed:a4:9e:a3:f3:58:b0:6e:27:72:ec:35:b3:39:
                    ca:80:bd:3b:40:e1:5e:53:b4:f3:0d:d5:5b:4c:5b:
                    7a:69:ca:ea:7c:f5:c2:de:25:da:8a:e6:9c:87:8f:
                    67:3a:af:9b:81:c3:21:b0:bd:fc:5c:15:94:be:6e:
                    77:a7:70:81:9a:49:ff:af:a4:c3:9d:46:ca:fc:62:
                    e1:96:54:e8:64:ee:bc:bd:69:6c:27:76:e0:aa:4d:
                    fa:fa:c9:c1:62:6e:b6:f2:79:b0:62:fd:43:20:3d:
                    93:49:5f:c4:95:aa:25:78:8f:b1:fe:53:da:f0:91:
                    ad:a2:58:ef:f0:64:e4:c8:cb:35:56:8a:81:92:89:
                    b0:6e:84:12:60:ab:d5:e8:5c:bb:5e:18:18:ae:b1:
                    80:ab:35:05:8a:36:4e:ac:b6:73:e8:41:f2:a4:2e:
                    ef:b3:bd:2c:bf:26:b0:e4:91:54:ed:c4:86:39:b5:
                    2b:d8:89:10:30:3d:1c:45:11:e9:73:46:02:74:ac:
                    45:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:0F:74:ED:60:57:0F:8A:99:05:2E:4B:BF:EF:A5:54:6E:00:1A:66
            X509v3 Authority Key Identifier:
                keyid:D0:F6:CD:30:B4:CF:A1:93:E2:26:BB:A9:28:2E:36:6A:22:A3:11:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PbNMLTPoZPiJrupKC42aiKjEQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0g907WBXD4qZBS5Lv--lVG4AGmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2f69df-6f23-4aa7-88f4-e299e910039e/1/0PbNMLTPoZPiJrupKC42aiKjEQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.88.0/21
                IPv6:
                  2a02:2820::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:42:7e:74:ab:ab:ca:15:a7:fd:15:37:58:16:8a:c0:4a:90:
         f8:4c:7c:12:8f:9e:19:cc:87:cd:61:47:2e:78:ea:61:8a:96:
         69:28:d3:95:91:b8:bb:95:1f:09:64:2f:ae:7c:28:e2:65:ad:
         be:01:dd:c3:06:ff:d5:89:80:04:30:db:b1:8b:76:96:c7:a7:
         3f:b5:cf:35:ef:a0:83:62:cc:a8:01:41:55:7c:b2:a2:87:76:
         38:80:68:aa:d1:03:75:6d:67:1b:f0:e1:c3:6c:99:ca:ab:2d:
         8e:66:76:24:80:2d:7c:47:b7:be:e3:03:75:c0:65:ce:e5:52:
         4e:b9:3b:26:a0:91:51:e3:d6:a7:39:a9:7d:ac:e2:3e:8b:93:
         6d:ed:b2:d2:3c:ae:75:54:a8:f8:4f:9a:a1:f2:e0:88:1f:e9:
         f4:7a:c7:f7:83:e9:3d:e3:b4:b6:99:cf:0e:5c:04:95:83:91:
         0f:1b:cb:3b:fa:46:5a:da:4f:e9:3e:b9:1b:f0:c9:5c:01:a5:
         d6:5d:dd:b0:15:25:4b:f0:e6:82:48:10:ee:32:d4:2d:be:85:
         2d:25:55:f7:f9:09:d0:5b:aa:83:3b:a7:79:24:c0:62:99:09:
         19:1d:c7:3a:41:c7:34:af:21:43:8b:3d:82:f4:9c:8d:4b:50:
         99:54:ee:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3xoTJpv7bUYf7djdHWzgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjZjZDMwYjRjZmExOTNlMjI2YmJhOTI4MmUzNjZhMjJh
MzExMGYwHhcNMjYwMTAxMDQxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjBmNzRlZDYwNTcwZjhhOTkwNTJlNGJiZmVmYTU1NDZlMDAxYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn594OFzjsUtRHFc3/sopmO4M8pcR
4gTHocRZkuV0kzRlZNZs8DQi23iC85eV3hxGO4n01t5v5TwPzubN7aSeo/NYsG4n
cuw1sznKgL07QOFeU7TzDdVbTFt6acrqfPXC3iXaiuach49nOq+bgcMhsL38XBWU
vm53p3CBmkn/r6TDnUbK/GLhllToZO68vWlsJ3bgqk36+snBYm628nmwYv1DID2T
SV/ElaoleI+x/lPa8JGtoljv8GTkyMs1VoqBkomwboQSYKvV6Fy7XhgYrrGAqzUF
ijZOrLZz6EHypC7vs70svyaw5JFU7cSGObUr2IkQMD0cRRHpc0YCdKxFBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNIPdO1gVw+KmQUuS7/vpVRuABpmMB8GA1UdIwQY
MBaAFND2zTC0z6GT4ia7qSguNmoioxEPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBiTk1MVFBvWlBpSnJ1cEtDNDJhaUtqRVE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yZjY5ZGYtNmYyMy00YWE3LTg4ZjQt
ZTI5OWU5MTAwMzllLzEvMGc5MDdXQlhENHFaQlM1THYtLWxWRzRBR21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yZjY5ZGYtNmYyMy00YWE3LTg4ZjQtZTI5OWU5MTAwMzll
LzEvMFBiTk1MVFBvWlBpSnJ1cEtDNDJhaUtqRVE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXb9YMA0E
AgACMAcDBQAqAiggMA0GCSqGSIb3DQEBCwUAA4IBAQAzQn50q6vKFaf9FTdYForA
SpD4THwSj54ZzIfNYUcueOphipZpKNOVkbi7lR8JZC+ufCjiZa2+Ad3DBv/ViYAE
MNuxi3aWx6c/tc8176CDYsyoAUFVfLKih3Y4gGiq0QN1bWcb8OHDbJnKqy2OZnYk
gC18R7e+4wN1wGXO5VJOuTsmoJFR49anOal9rOI+i5Nt7bLSPK51VKj4T5qh8uCI
H+n0esf3g+k947S2mc8OXASVg5EPG8s7+kZa2k/pPrkb8MlcAaXWXd2wFSVL8OaC
SBDuMtQtvoUtJVX3+QnQW6qDO6d5JMBimQkZHcc6Qcc0ryFDiz2C9JyNS1CZVO7V
-----END CERTIFICATE-----