Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/8g0ZGmrV-woXu4LEOaUZRs-VUGw.roa
File:                     8g0ZGmrV-woXu4LEOaUZRs-VUGw.roa (raw, json)
Hash identifier:          v8V71UERrAj3oUSjQT9n35QzSoFhZppeSF4cCA43m0s=
Subject key identifier:   F2:0D:19:1A:6A:D5:FB:0A:17:BB:82:C4:39:A5:19:46:CF:95:50:6C
Certificate issuer:       /CN=360c26f9f5bd5176fb9ad0b65a948d0e8dd90ee4
Certificate serial:       019CAE9C5500C44F379A67E0256F6F42F4C7
Authority key identifier: 36:0C:26:F9:F5:BD:51:76:FB:9A:D0:B6:5A:94:8D:0E:8D:D9:0E:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/8g0ZGmrV-woXu4LEOaUZRs-VUGw.roa
Signing time:             Mon 02 Mar 2026 12:53:26 +0000
ROA not before:           Mon 02 Mar 2026 12:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214806
IP address blocks:        94.156.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:9c:55:00:c4:4f:37:9a:67:e0:25:6f:6f:42:f4:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=360c26f9f5bd5176fb9ad0b65a948d0e8dd90ee4
        Validity
            Not Before: Mar  2 12:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f20d191a6ad5fb0a17bb82c439a51946cf95506c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:78:55:1a:04:73:56:c8:58:b4:a9:1a:8b:11:
                    bd:f9:74:dd:2c:0c:d7:87:6b:84:a6:54:80:3a:7a:
                    d4:f5:f7:68:b7:1a:cc:3a:5a:a0:ae:b6:96:ca:d1:
                    66:b1:4c:32:78:7f:e0:db:b0:c7:d0:54:71:ce:3e:
                    67:25:96:61:c9:aa:ad:83:03:34:9f:71:5d:b4:0a:
                    2a:72:6e:00:dd:dc:fc:09:f1:8f:19:70:8c:e6:c1:
                    be:06:3f:60:8a:b3:a9:29:9e:59:7f:d7:d3:ef:ce:
                    5a:00:ee:0b:48:d8:31:9e:07:0c:72:2b:86:7c:26:
                    7a:1d:b8:b5:1b:3b:07:7a:45:eb:f6:7a:37:19:0f:
                    74:b8:80:17:e4:13:ef:ed:80:64:b4:1f:8f:2e:95:
                    dc:55:8d:26:24:60:f8:10:08:00:ce:f5:52:79:26:
                    7e:11:69:e5:d5:e5:74:30:36:09:49:ea:7a:23:b8:
                    11:c4:38:f7:6a:50:31:b6:c0:fe:f3:12:f1:4e:12:
                    13:e4:ce:da:62:67:36:45:0a:08:cb:55:3a:ba:9b:
                    c6:f1:ae:d1:c0:0d:06:68:82:9e:d1:83:2d:df:f4:
                    a9:76:76:5f:83:82:6c:0a:92:0d:ec:42:e8:59:ba:
                    98:6b:81:ec:af:41:09:86:8e:55:08:72:02:83:15:
                    86:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:0D:19:1A:6A:D5:FB:0A:17:BB:82:C4:39:A5:19:46:CF:95:50:6C
            X509v3 Authority Key Identifier:
                keyid:36:0C:26:F9:F5:BD:51:76:FB:9A:D0:B6:5A:94:8D:0E:8D:D9:0E:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/8g0ZGmrV-woXu4LEOaUZRs-VUGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/956748-e858-473c-81c5-09f250e1b9ea/1/Ngwm-fW9UXb7mtC2WpSNDo3ZDuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:ed:25:ad:f3:25:bd:11:9a:85:6b:cc:e8:19:2b:d6:ba:f4:
         84:b2:67:ef:1c:26:c9:ee:77:de:82:a7:cf:78:63:6c:f9:e7:
         3f:f6:09:fe:9b:06:6c:33:88:d8:57:1e:f8:bd:97:48:a7:39:
         aa:13:81:a0:c3:c9:6d:f6:10:34:03:16:40:66:b4:14:1d:a7:
         57:c7:1e:2f:6e:52:b2:df:4d:86:e3:2c:34:88:e0:db:1a:06:
         ad:19:0a:51:8a:dc:eb:16:41:10:74:04:5f:6f:95:c1:da:fa:
         c3:54:37:b0:9e:b1:c9:75:d3:8e:90:ce:a6:31:09:40:38:32:
         a5:76:d7:49:52:5f:61:98:d2:a0:a8:d4:8c:c8:9d:ba:69:fe:
         be:73:ce:2c:43:3b:1d:a4:7a:34:87:1f:d4:f9:f1:9f:21:b9:
         ad:97:95:6f:ab:ec:87:31:47:4d:e1:30:a9:1e:0d:8a:de:a5:
         af:34:f0:1f:0d:0c:f4:bf:c5:d2:09:7a:32:9b:af:d4:04:14:
         0a:e8:e3:b7:dc:56:86:6d:2d:20:79:46:9b:cf:71:c5:ed:d8:
         96:a9:ed:5b:05:a5:e7:ef:6f:d9:d4:af:e2:16:9a:ca:80:1e:
         5f:54:ab:46:ef:d7:fa:7f:c2:e1:d2:eb:f3:ce:5a:91:a0:cf:
         c3:1c:0a:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyunFUAxE83mmfgJW9vQvTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MGMyNmY5ZjViZDUxNzZmYjlhZDBiNjVhOTQ4ZDBlOGRk
OTBlZTQwHhcNMjYwMzAyMTI1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjBkMTkxYTZhZDVmYjBhMTdiYjgyYzQzOWE1MTk0NmNmOTU1MDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXhVGgRzVshYtKkaixG9+XTdLAzX
h2uEplSAOnrU9fdotxrMOlqgrraWytFmsUwyeH/g27DH0FRxzj5nJZZhyaqtgwM0
n3FdtAoqcm4A3dz8CfGPGXCM5sG+Bj9girOpKZ5Zf9fT785aAO4LSNgxngcMciuG
fCZ6Hbi1GzsHekXr9no3GQ90uIAX5BPv7YBktB+PLpXcVY0mJGD4EAgAzvVSeSZ+
EWnl1eV0MDYJSep6I7gRxDj3alAxtsD+8xLxThIT5M7aYmc2RQoIy1U6upvG8a7R
wA0GaIKe0YMt3/SpdnZfg4JsCpIN7ELoWbqYa4Hsr0EJho5VCHICgxWGywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPINGRpq1fsKF7uCxDmlGUbPlVBsMB8GA1UdIwQY
MBaAFDYMJvn1vVF2+5rQtlqUjQ6N2Q7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmd3bS1mVzlVWGI3bXRDMldwU05EbzNaRHVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTY3NDgtZTg1OC00NzNjLTgxYzUt
MDlmMjUwZTFiOWVhLzEvOGcwWkdtclYtd29YdTRMRU9hVVpScy1WVUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTY3NDgtZTg1OC00NzNjLTgxYzUtMDlmMjUwZTFiOWVh
LzEvTmd3bS1mVzlVWGI3bXRDMldwU05EbzNaRHVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpzuMA0G
CSqGSIb3DQEBCwUAA4IBAQCp7SWt8yW9EZqFa8zoGSvWuvSEsmfvHCbJ7nfegqfP
eGNs+ec/9gn+mwZsM4jYVx74vZdIpzmqE4Ggw8lt9hA0AxZAZrQUHadXxx4vblKy
302G4yw0iODbGgatGQpRitzrFkEQdARfb5XB2vrDVDewnrHJddOOkM6mMQlAODKl
dtdJUl9hmNKgqNSMyJ26af6+c84sQzsdpHo0hx/U+fGfIbmtl5Vvq+yHMUdN4TCp
Hg2K3qWvNPAfDQz0v8XSCXoym6/UBBQK6OO33FaGbS0geUabz3HF7diWqe1bBaXn
72/Z1K/iFprKgB5fVKtG79f6f8Lh0uvzzlqRoM/DHArC
-----END CERTIFICATE-----