Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/Pttwh6d0vBPXgykXpXBllgG4798.roa
File:                     Pttwh6d0vBPXgykXpXBllgG4798.roa (raw, json)
Hash identifier:          e2nYXEsDii0++we5h4ea9FNWnLSGMmek2/4em00Z44w=
Subject key identifier:   3E:DB:70:87:A7:74:BC:13:D7:83:29:17:A5:70:65:96:01:B8:EF:DF
Certificate issuer:       /CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
Certificate serial:       019B7C7FCBCAAB4BCA292A9DEFBABA28EB94
Authority key identifier: 3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/Pttwh6d0vBPXgykXpXBllgG4798.roa
Signing time:             Fri 02 Jan 2026 02:18:28 +0000
ROA not before:           Fri 02 Jan 2026 02:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57514
IP address blocks:        185.225.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:cb:ca:ab:4b:ca:29:2a:9d:ef:ba:ba:28:eb:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
        Validity
            Not Before: Jan  2 02:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3edb7087a774bc13d7832917a570659601b8efdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:be:14:f4:69:20:47:38:07:e3:bc:c6:36:
                    45:c1:71:c2:77:0c:82:b3:31:c1:c7:cb:3f:15:28:
                    f8:2b:df:48:e1:ce:14:a3:4f:6e:3d:9d:ae:89:88:
                    b2:20:28:fd:62:d6:cb:a6:fd:57:9d:06:93:60:77:
                    22:7b:fd:a6:22:a1:9c:b0:e3:82:46:a2:eb:92:e9:
                    bb:c1:33:1a:c5:82:ad:77:94:cc:e1:eb:59:16:e3:
                    30:89:34:ed:8f:71:3a:09:ed:c4:75:c9:41:8f:24:
                    44:b8:02:85:e4:86:7f:7f:fa:01:e7:8d:00:a8:27:
                    3a:0d:ae:10:26:60:93:ef:24:4d:ef:fd:cc:bd:61:
                    a5:54:ee:dc:86:a2:26:25:2f:27:fa:ac:24:1c:66:
                    21:7f:f1:62:c8:0e:ec:f2:68:f1:a8:ce:b4:74:a5:
                    41:2b:86:fd:b8:e8:3e:79:ba:c6:04:ae:97:31:b8:
                    f2:67:5a:6d:8c:88:5f:ff:02:4c:3b:ac:e0:13:95:
                    4b:bc:79:5d:f9:3f:fb:87:df:6f:d1:91:8d:74:2e:
                    63:7d:25:93:e3:4f:9a:ea:e2:49:22:e3:e8:19:83:
                    77:a8:1f:03:48:f5:d0:5a:27:45:0b:26:7a:61:25:
                    46:c2:32:f2:44:fa:e9:db:8c:a8:b4:55:15:3c:ea:
                    c5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:DB:70:87:A7:74:BC:13:D7:83:29:17:A5:70:65:96:01:B8:EF:DF
            X509v3 Authority Key Identifier:
                keyid:3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/Pttwh6d0vBPXgykXpXBllgG4798.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:b2:06:bb:cd:28:28:98:1b:53:e3:88:42:89:b5:3a:b4:ea:
         75:5a:51:e8:84:69:e7:35:19:ec:f2:64:d9:8d:86:7f:9a:b0:
         b6:88:f0:fd:e6:18:e3:ec:b9:4c:d4:8f:62:5b:5c:53:09:65:
         e6:14:61:85:7a:63:e5:5c:57:9a:11:b2:d4:d6:0a:e2:d2:a2:
         7c:20:c4:8b:ce:cd:ff:81:95:a4:5f:40:2d:88:17:43:9f:68:
         42:f7:e5:cb:31:a0:9a:e2:eb:3b:62:5d:6b:3b:59:34:b4:56:
         e8:e0:43:9e:83:56:f6:e9:a4:4c:10:cd:c7:5a:38:ae:d3:f9:
         5a:0b:6f:90:31:7a:ff:80:ea:57:7b:05:29:c6:df:40:e9:99:
         ae:f7:0e:9a:f6:2b:b9:a4:ec:9d:44:14:d2:f7:99:75:aa:62:
         7a:44:d6:b1:f8:d5:05:2f:80:07:9f:87:d7:6c:bb:81:3d:34:
         4a:2e:87:e2:56:31:91:7c:c9:02:e9:6f:54:a7:e5:41:df:61:
         d5:b8:13:cb:5c:b0:c0:7c:4b:fa:72:e7:55:95:e6:32:25:16:
         1c:c3:85:2f:12:7e:25:5e:d6:ee:50:56:81:4f:f0:20:45:3f:
         70:b2:89:57:09:04:a0:d4:9e:49:19:87:73:eb:bf:8e:a1:c7:
         fb:69:df:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f8vKq0vKKSqd77q6KOuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDc5NjI4YjVhNjBmZjE0ODlmNDczYmUxMmQ2Y2VmZGVl
MTM1ZTYwHhcNMjYwMTAyMDIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWRiNzA4N2E3NzRiYzEzZDc4MzI5MTdhNTcwNjU5NjAxYjhlZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtai+FPRpIEc4B+O8xjZFwXHCdwyC
szHBx8s/FSj4K99I4c4Uo09uPZ2uiYiyICj9YtbLpv1XnQaTYHcie/2mIqGcsOOC
RqLrkum7wTMaxYKtd5TM4etZFuMwiTTtj3E6Ce3EdclBjyREuAKF5IZ/f/oB540A
qCc6Da4QJmCT7yRN7/3MvWGlVO7chqImJS8n+qwkHGYhf/FiyA7s8mjxqM60dKVB
K4b9uOg+ebrGBK6XMbjyZ1ptjIhf/wJMO6zgE5VLvHld+T/7h99v0ZGNdC5jfSWT
40+a6uJJIuPoGYN3qB8DSPXQWidFCyZ6YSVGwjLyRPrp24yotFUVPOrFqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7bcIendLwT14MpF6VwZZYBuO/fMB8GA1UdIwQY
MBaAFD7Xlii1pg/xSJ9HO+EtbO/e4TXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2Mt
MjY4NDQyYmQ3OTk5LzEvUHR0d2g2ZDB2QlBYZ3lrWHBYQmxsZ0c0Nzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2MtMjY4NDQyYmQ3OTk5
LzEvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueFMMA0G
CSqGSIb3DQEBCwUAA4IBAQAmsga7zSgomBtT44hCibU6tOp1WlHohGnnNRns8mTZ
jYZ/mrC2iPD95hjj7LlM1I9iW1xTCWXmFGGFemPlXFeaEbLU1gri0qJ8IMSLzs3/
gZWkX0AtiBdDn2hC9+XLMaCa4us7Yl1rO1k0tFbo4EOeg1b26aRMEM3HWjiu0/la
C2+QMXr/gOpXewUpxt9A6Zmu9w6a9iu5pOydRBTS95l1qmJ6RNax+NUFL4AHn4fX
bLuBPTRKLofiVjGRfMkC6W9Up+VB32HVuBPLXLDAfEv6cudVleYyJRYcw4UvEn4l
XtbuUFaBT/AgRT9wsolXCQSg1J5JGYdz67+Oocf7ad+a
-----END CERTIFICATE-----