Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/xyoH9R_BmdJ-gyu7Oy-9rS-zs-0.roa
File:                     xyoH9R_BmdJ-gyu7Oy-9rS-zs-0.roa (raw, json)
Hash identifier:          HGNIvY3ULeEgQ68bK1r/+JhRNbs682fuQL9Y7B95gbw=
Subject key identifier:   C7:2A:07:F5:1F:C1:99:D2:7E:83:2B:BB:3B:2F:BD:AD:2F:B3:B3:ED
Certificate issuer:       /CN=a232a17380e8e25898dea9c223321a2ace5236f1
Certificate serial:       019D9ABB576F83DFEEFD27AA29BAD1F52A85
Authority key identifier: A2:32:A1:73:80:E8:E2:58:98:DE:A9:C2:23:32:1A:2A:CE:52:36:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ojKhc4Do4liY3qnCIzIaKs5SNvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/xyoH9R_BmdJ-gyu7Oy-9rS-zs-0.roa
Signing time:             Fri 17 Apr 2026 09:17:41 +0000
ROA not before:           Fri 17 Apr 2026 09:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31736
IP address blocks:        185.78.188.0/22 maxlen: 22
                          2a03:59e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/ojKhc4Do4liY3qnCIzIaKs5SNvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/ojKhc4Do4liY3qnCIzIaKs5SNvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ojKhc4Do4liY3qnCIzIaKs5SNvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:bb:57:6f:83:df:ee:fd:27:aa:29:ba:d1:f5:2a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a232a17380e8e25898dea9c223321a2ace5236f1
        Validity
            Not Before: Apr 17 09:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c72a07f51fc199d27e832bbb3b2fbdad2fb3b3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f6:68:c8:2a:d7:4f:df:9e:3a:8a:b5:3f:f6:
                    f0:6d:fe:89:cf:5d:49:68:a8:e1:33:9f:24:8d:a6:
                    c2:d5:12:31:83:c8:f4:84:f7:a9:eb:3b:ef:d5:f2:
                    24:05:17:a9:eb:e2:84:ea:25:06:e3:5e:09:c2:5b:
                    ae:8c:8d:8c:a2:de:9c:c8:c2:af:76:07:01:1d:c6:
                    4c:80:f9:36:38:32:1f:a2:0f:36:59:68:9b:12:47:
                    db:ff:4f:66:dd:80:05:50:8b:15:a7:b2:f9:d5:b5:
                    1d:22:fa:38:83:16:8c:78:92:6f:e1:c4:00:19:1b:
                    5c:36:f3:7c:4b:0d:56:29:f0:a4:2c:00:53:da:d0:
                    db:6b:88:94:4e:d7:af:44:a2:8e:f6:f0:c4:29:f9:
                    a6:66:1c:23:68:3e:4f:de:79:3b:ef:3c:31:57:f5:
                    74:ee:88:47:48:01:34:86:f1:1e:9b:47:bf:a9:58:
                    c4:51:18:44:67:eb:a7:6a:4d:5f:93:d3:68:da:e4:
                    e9:ba:c9:62:dc:24:f5:13:4a:a0:19:cc:31:05:b1:
                    bf:de:aa:d1:40:93:c2:d7:12:4a:9c:0a:d6:21:c5:
                    3f:3d:8e:b6:2e:38:51:f1:65:36:c2:a8:65:9c:07:
                    4a:d6:fd:84:16:94:64:8d:2b:c4:22:e9:08:fa:37:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2A:07:F5:1F:C1:99:D2:7E:83:2B:BB:3B:2F:BD:AD:2F:B3:B3:ED
            X509v3 Authority Key Identifier:
                keyid:A2:32:A1:73:80:E8:E2:58:98:DE:A9:C2:23:32:1A:2A:CE:52:36:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ojKhc4Do4liY3qnCIzIaKs5SNvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/xyoH9R_BmdJ-gyu7Oy-9rS-zs-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/e4163b-a2d2-4a48-8648-a230f2017338/1/ojKhc4Do4liY3qnCIzIaKs5SNvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.188.0/22
                IPv6:
                  2a03:59e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:0c:5b:50:f7:80:0b:b1:13:47:0f:72:4f:18:22:e4:60:cb:
         57:03:55:6d:89:83:b0:60:c6:7c:72:f1:1c:30:48:7b:75:cb:
         13:e7:c3:89:ff:e1:b4:92:f7:ca:5b:06:da:a3:96:48:c6:bf:
         0c:0f:3f:39:72:55:0c:dd:37:56:52:93:31:fd:96:ef:44:42:
         b6:94:69:c1:27:95:88:35:da:89:cd:5c:11:1a:e7:6a:4b:2d:
         3d:90:f4:d7:2b:f4:da:b4:fc:dc:72:b8:f1:0d:88:9e:35:d9:
         95:ff:4e:bf:9b:44:e7:b7:32:74:ae:f5:7e:64:eb:94:49:a7:
         fc:29:dc:96:8b:ba:a9:5a:08:f0:bc:77:66:40:90:f6:45:47:
         66:76:f0:a4:12:0a:9f:5f:c6:7d:6e:43:0f:80:3b:24:06:d5:
         b3:04:70:90:ae:73:48:0a:74:17:84:07:6f:ad:ad:ae:73:3c:
         ed:8b:37:6f:8d:a8:6f:f7:9e:47:2a:cf:c3:a6:fb:6b:1c:84:
         01:ee:f0:e2:6c:cc:93:5e:fe:be:c0:dc:99:94:04:0e:bc:10:
         36:3c:ff:6a:7f:57:9d:9c:93:0d:e7:69:3c:e7:9d:bc:ae:ba:
         28:25:f9:7d:23:97:72:4d:bc:67:8e:d0:4c:15:c0:14:93:6b:
         b1:31:13:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2au1dvg9/u/SeqKbrR9SqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMzJhMTczODBlOGUyNTg5OGRlYTljMjIzMzIxYTJhY2U1
MjM2ZjEwHhcNMjYwNDE3MDkxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJhMDdmNTFmYzE5OWQyN2U4MzJiYmIzYjJmYmRhZDJmYjNiM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvZoyCrXT9+eOoq1P/bwbf6Jz11J
aKjhM58kjabC1RIxg8j0hPep6zvv1fIkBRep6+KE6iUG414JwluujI2Mot6cyMKv
dgcBHcZMgPk2ODIfog82WWibEkfb/09m3YAFUIsVp7L51bUdIvo4gxaMeJJv4cQA
GRtcNvN8Sw1WKfCkLABT2tDba4iUTtevRKKO9vDEKfmmZhwjaD5P3nk77zwxV/V0
7ohHSAE0hvEem0e/qVjEURhEZ+unak1fk9No2uTpusli3CT1E0qgGcwxBbG/3qrR
QJPC1xJKnArWIcU/PY62LjhR8WU2wqhlnAdK1v2EFpRkjSvEIukI+jfmBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMcqB/UfwZnSfoMruzsvva0vs7PtMB8GA1UdIwQY
MBaAFKIyoXOA6OJYmN6pwiMyGirOUjbxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2pLaGM0RG80bGlZM3FuQ0l6SWFLczVTTnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9lNDE2M2ItYTJkMi00YTQ4LTg2NDgt
YTIzMGYyMDE3MzM4LzEveHlvSDlSX0JtZEotZ3l1N095LTlyUy16cy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9lNDE2M2ItYTJkMi00YTQ4LTg2NDgtYTIzMGYyMDE3MzM4
LzEvb2pLaGM0RG80bGlZM3FuQ0l6SWFLczVTTnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU68MA0E
AgACMAcDBQAqA1ngMA0GCSqGSIb3DQEBCwUAA4IBAQBWDFtQ94ALsRNHD3JPGCLk
YMtXA1VtiYOwYMZ8cvEcMEh7dcsT58OJ/+G0kvfKWwbao5ZIxr8MDz85clUM3TdW
UpMx/ZbvREK2lGnBJ5WINdqJzVwRGudqSy09kPTXK/TatPzccrjxDYieNdmV/06/
m0TntzJ0rvV+ZOuUSaf8KdyWi7qpWgjwvHdmQJD2RUdmdvCkEgqfX8Z9bkMPgDsk
BtWzBHCQrnNICnQXhAdvra2uczztizdvjahv955HKs/DpvtrHIQB7vDibMyTXv6+
wNyZlAQOvBA2PP9qf1ednJMN52k85528rrooJfl9I5dyTbxnjtBMFcAUk2uxMRPr
-----END CERTIFICATE-----