Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0qBu7XTO36peswOjWf9eZuVjSfk.roa
File:                     0qBu7XTO36peswOjWf9eZuVjSfk.roa (raw, json)
Hash identifier:          CLdSluchmc3jX8odk/ws8Ekk/KM0kA1ge0M5DeLZTLU=
Subject key identifier:   D2:A0:6E:ED:74:CE:DF:AA:5E:B3:03:A3:59:FF:5E:66:E5:63:49:F9
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019D72DCB7B60337E30519B019A9C0B5B79C
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0qBu7XTO36peswOjWf9eZuVjSfk.roa
Signing time:             Thu 09 Apr 2026 15:29:20 +0000
ROA not before:           Thu 09 Apr 2026 15:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214503
IP address blocks:        193.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:dc:b7:b6:03:37:e3:05:19:b0:19:a9:c0:b5:b7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Apr  9 15:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2a06eed74cedfaa5eb303a359ff5e66e56349f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fa:29:dc:8e:df:78:7f:ad:b2:96:86:3d:b1:
                    3e:6b:cc:ff:29:66:49:fa:40:4f:45:8a:7a:b7:5a:
                    6e:36:b6:2b:a4:6b:34:06:f4:41:c0:06:02:66:8e:
                    20:c9:68:62:d4:97:c2:c4:8a:58:d0:15:02:07:ca:
                    4d:96:2d:0e:34:0c:a2:53:57:32:83:c2:ff:2a:b4:
                    ec:c3:23:ae:2f:24:bc:ee:0b:d2:bc:a5:b4:8c:08:
                    aa:0e:61:f8:b9:ee:36:e2:8e:ca:8b:2c:ab:f0:ee:
                    9c:32:46:02:ee:da:b2:fc:c1:a2:f6:a0:90:d5:81:
                    48:9f:ad:27:2b:81:6f:c1:46:3c:e5:8d:ee:7e:ab:
                    87:42:86:e1:13:69:33:e9:48:61:c4:1e:47:24:0e:
                    8b:23:b2:cb:e9:cf:9b:83:04:1c:75:ba:61:9c:25:
                    d6:67:2c:5b:c1:a9:a5:71:81:0f:4f:89:08:82:be:
                    95:ba:0e:33:39:12:e3:85:bb:84:06:28:1c:93:b9:
                    98:37:73:fb:0f:a8:05:ea:c2:72:9c:80:02:5b:b5:
                    8e:77:43:b9:00:b1:9f:c6:33:b8:42:fc:03:dd:44:
                    40:6b:83:83:e7:59:ad:de:8f:a6:e8:c0:f2:bf:be:
                    1c:e3:fb:ad:b0:d6:75:ac:c9:17:d3:4a:f4:e4:f2:
                    08:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:A0:6E:ED:74:CE:DF:AA:5E:B3:03:A3:59:FF:5E:66:E5:63:49:F9
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/0qBu7XTO36peswOjWf9eZuVjSfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:46:dc:36:10:a8:7e:c5:c8:0c:db:0b:0a:2b:b7:5e:02:31:
         a6:1c:2d:5a:e1:ff:51:72:38:1d:9c:37:16:df:22:89:af:20:
         bc:e5:55:92:73:8c:17:08:b9:cd:64:70:d1:73:dc:d9:56:80:
         03:da:4a:14:7c:7a:76:78:72:81:13:c1:a1:fe:ee:d6:a9:43:
         46:82:7e:29:99:35:4b:1d:7f:19:e5:b0:90:e6:a9:9d:50:ca:
         09:09:a1:77:d6:a5:0a:eb:72:9f:7b:72:09:28:26:d3:f1:db:
         93:c7:73:27:17:1c:05:0a:57:3d:ed:fe:94:e5:02:36:4a:5b:
         a6:72:64:bd:27:f7:2c:b0:a2:c0:31:03:77:8c:77:bf:34:a3:
         c2:99:d8:c9:25:e5:f3:7b:44:cf:56:47:2a:47:00:3b:2e:37:
         71:19:77:54:c9:49:c1:11:7d:da:6d:07:2d:0c:0f:84:bd:20:
         90:3d:dc:4a:f3:42:c5:63:d3:ff:98:16:02:a4:d5:da:83:3b:
         39:f8:69:6a:db:3c:ce:3e:8a:e8:74:1a:ea:79:e9:98:5c:88:
         5c:a3:68:5d:43:91:61:3a:5f:21:7f:70:53:d7:83:d5:84:9e:
         4a:52:19:e9:55:17:d5:31:64:4d:a9:7d:f3:47:eb:68:bc:25:
         24:ea:bd:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1y3Le2AzfjBRmwGanAtbecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwNDA5MTUyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmEwNmVlZDc0Y2VkZmFhNWViMzAzYTM1OWZmNWU2NmU1NjM0OWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvop3I7feH+tspaGPbE+a8z/KWZJ
+kBPRYp6t1puNrYrpGs0BvRBwAYCZo4gyWhi1JfCxIpY0BUCB8pNli0ONAyiU1cy
g8L/KrTswyOuLyS87gvSvKW0jAiqDmH4ue424o7Kiyyr8O6cMkYC7tqy/MGi9qCQ
1YFIn60nK4FvwUY85Y3ufquHQobhE2kz6UhhxB5HJA6LI7LL6c+bgwQcdbphnCXW
ZyxbwamlcYEPT4kIgr6Vug4zORLjhbuEBigck7mYN3P7D6gF6sJynIACW7WOd0O5
ALGfxjO4QvwD3URAa4OD51mt3o+m6MDyv74c4/utsNZ1rMkX00r05PIIvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKgbu10zt+qXrMDo1n/XmblY0n5MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMHFCdTdYVE8zNnBlc3dPaldmOWVadVZqU2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQCuRtw2EKh+xcgM2wsKK7deAjGmHC1a4f9RcjgdnDcW
3yKJryC85VWSc4wXCLnNZHDRc9zZVoAD2koUfHp2eHKBE8Gh/u7WqUNGgn4pmTVL
HX8Z5bCQ5qmdUMoJCaF31qUK63Kfe3IJKCbT8duTx3MnFxwFClc97f6U5QI2Slum
cmS9J/cssKLAMQN3jHe/NKPCmdjJJeXze0TPVkcqRwA7LjdxGXdUyUnBEX3abQct
DA+EvSCQPdxK80LFY9P/mBYCpNXagzs5+Glq2zzOPorodBrqeemYXIhco2hdQ5Fh
Ol8hf3BT14PVhJ5KUhnpVRfVMWRNqX3zR+tovCUk6r03
-----END CERTIFICATE-----