Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/X95prXHzq8X1CPwv1gtcHecBZ9A.roa
File:                     X95prXHzq8X1CPwv1gtcHecBZ9A.roa (raw, json)
Hash identifier:          kIyKmeEmNUCd7/Tfz3mqcBFszHGcJgIalIr5T8BFnbY=
Subject key identifier:   5F:DE:69:AD:71:F3:AB:C5:F5:08:FC:2F:D6:0B:5C:1D:E7:01:67:D0
Certificate issuer:       /CN=ad7cfbce1d6d3a6a24f25652065d31575828edb5
Certificate serial:       019B7A5A7E1B662ECD88D421C6F59A9FB2ED
Authority key identifier: AD:7C:FB:CE:1D:6D:3A:6A:24:F2:56:52:06:5D:31:57:58:28:ED:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rXz7zh1tOmok8lZSBl0xV1go7bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/X95prXHzq8X1CPwv1gtcHecBZ9A.roa
Signing time:             Thu 01 Jan 2026 16:18:29 +0000
ROA not before:           Thu 01 Jan 2026 16:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48242
IP address blocks:        91.207.160.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/rXz7zh1tOmok8lZSBl0xV1go7bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/rXz7zh1tOmok8lZSBl0xV1go7bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rXz7zh1tOmok8lZSBl0xV1go7bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:7e:1b:66:2e:cd:88:d4:21:c6:f5:9a:9f:b2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad7cfbce1d6d3a6a24f25652065d31575828edb5
        Validity
            Not Before: Jan  1 16:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fde69ad71f3abc5f508fc2fd60b5c1de70167d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:c0:39:2e:03:15:f1:44:13:9c:2e:09:75:
                    5b:04:96:50:e9:d0:63:3a:75:ba:61:7b:c5:c5:2a:
                    c9:a8:d9:dd:c9:e8:c8:fe:31:84:c1:b5:06:f0:51:
                    a9:8b:ef:18:b8:68:87:15:f1:60:64:53:cc:75:b1:
                    3d:56:bd:e5:1f:2c:7b:7c:28:e8:eb:10:92:e5:8a:
                    35:7e:22:75:17:7a:10:74:e4:db:4d:ae:e1:36:c3:
                    0c:5f:49:21:f7:dc:3a:da:78:a6:27:8e:d6:c2:52:
                    a2:02:59:05:c5:cc:b1:ae:7d:08:98:3b:c8:ed:66:
                    8f:73:cc:07:62:b4:9e:5c:79:f2:fe:69:7e:c8:ad:
                    68:30:69:b0:e3:c2:73:d1:99:26:27:5d:29:45:7c:
                    f6:95:00:ac:32:44:5e:1c:b3:67:74:e5:10:f9:4e:
                    eb:35:9d:72:09:75:90:2f:91:13:31:b1:2b:34:d9:
                    2a:e8:99:d9:54:bc:cd:4b:44:0f:57:23:f9:19:4b:
                    14:f5:e4:ff:5d:30:fd:bd:3a:4e:53:f0:66:88:a8:
                    36:1d:09:4a:61:21:de:63:d6:1c:63:07:75:39:fe:
                    81:00:27:93:e4:2a:72:54:cc:60:1d:80:f8:e9:c6:
                    21:a7:fa:64:b8:ee:2f:82:78:3f:22:5d:ac:9c:ca:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:DE:69:AD:71:F3:AB:C5:F5:08:FC:2F:D6:0B:5C:1D:E7:01:67:D0
            X509v3 Authority Key Identifier:
                keyid:AD:7C:FB:CE:1D:6D:3A:6A:24:F2:56:52:06:5D:31:57:58:28:ED:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rXz7zh1tOmok8lZSBl0xV1go7bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/X95prXHzq8X1CPwv1gtcHecBZ9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/114340-2c70-41fc-abe7-2fa7c9b111b1/1/rXz7zh1tOmok8lZSBl0xV1go7bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:59:0d:2e:73:33:54:1f:bb:71:a7:b6:25:24:81:36:b5:cf:
         e2:47:28:f4:da:2d:be:a8:9c:ac:33:6e:03:da:a8:21:1c:03:
         22:43:11:ec:92:66:47:c1:b3:d3:00:a5:42:4d:9f:33:7d:28:
         59:8d:8b:ed:ec:d1:11:2b:58:bc:fc:9f:68:ce:37:ca:e3:ab:
         e5:83:39:c2:a0:68:de:3d:54:25:19:1a:e4:11:bb:2b:b3:06:
         b6:06:c4:87:4d:13:0c:3a:a3:9b:65:cb:ec:59:95:9b:b9:f2:
         4c:d4:8c:f3:71:b3:a8:2b:a5:ae:c5:4a:85:c5:87:ad:86:b6:
         d9:6b:7e:34:29:ea:70:37:74:5a:7d:a2:e6:bf:e4:e8:12:33:
         ea:80:dc:09:ba:b6:e7:dc:1b:a9:12:4b:d5:38:05:f7:ba:2d:
         49:04:4b:d0:82:84:98:7a:c5:1d:26:ca:59:99:6d:86:11:81:
         84:0e:ed:9b:3f:f2:79:1f:62:26:69:89:cd:67:f7:02:89:03:
         b7:2a:e9:11:01:ba:32:eb:40:6b:17:29:d6:ea:4f:d5:17:43:
         c9:58:cb:52:6f:e2:41:ff:17:13:23:8b:12:92:b3:55:82:78:
         bb:d7:b8:e7:b5:ba:96:77:56:5a:07:0c:7e:3b:92:37:42:0a:
         92:1f:a0:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wn4bZi7NiNQhxvWan7LtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkN2NmYmNlMWQ2ZDNhNmEyNGYyNTY1MjA2NWQzMTU3NTgy
OGVkYjUwHhcNMjYwMTAxMTYxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmRlNjlhZDcxZjNhYmM1ZjUwOGZjMmZkNjBiNWMxZGU3MDE2N2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEPAOS4DFfFEE5wuCXVbBJZQ6dBj
OnW6YXvFxSrJqNndyejI/jGEwbUG8FGpi+8YuGiHFfFgZFPMdbE9Vr3lHyx7fCjo
6xCS5Yo1fiJ1F3oQdOTbTa7hNsMMX0kh99w62nimJ47WwlKiAlkFxcyxrn0ImDvI
7WaPc8wHYrSeXHny/ml+yK1oMGmw48Jz0ZkmJ10pRXz2lQCsMkReHLNndOUQ+U7r
NZ1yCXWQL5ETMbErNNkq6JnZVLzNS0QPVyP5GUsU9eT/XTD9vTpOU/BmiKg2HQlK
YSHeY9YcYwd1Of6BACeT5CpyVMxgHYD46cYhp/pkuO4vgng/Il2snMo4mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/eaa1x86vF9Qj8L9YLXB3nAWfQMB8GA1UdIwQY
MBaAFK18+84dbTpqJPJWUgZdMVdYKO21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclh6N3poMXRPbW9rOGxaU0JsMHhWMWdvN2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xMTQzNDAtMmM3MC00MWZjLWFiZTct
MmZhN2M5YjExMWIxLzEvWDk1cHJYSHpxOFgxQ1B3djFndGNIZWNCWjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xMTQzNDAtMmM3MC00MWZjLWFiZTctMmZhN2M5YjExMWIx
LzEvclh6N3poMXRPbW9rOGxaU0JsMHhWMWdvN2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+gMA0G
CSqGSIb3DQEBCwUAA4IBAQCTWQ0uczNUH7txp7YlJIE2tc/iRyj02i2+qJysM24D
2qghHAMiQxHskmZHwbPTAKVCTZ8zfShZjYvt7NERK1i8/J9ozjfK46vlgznCoGje
PVQlGRrkEbsrswa2BsSHTRMMOqObZcvsWZWbufJM1IzzcbOoK6WuxUqFxYethrbZ
a340KepwN3RafaLmv+ToEjPqgNwJurbn3BupEkvVOAX3ui1JBEvQgoSYesUdJspZ
mW2GEYGEDu2bP/J5H2ImaYnNZ/cCiQO3KukRAboy60BrFynW6k/VF0PJWMtSb+JB
/xcTI4sSkrNVgni717jntbqWd1ZaBwx+O5I3QgqSH6Cm
-----END CERTIFICATE-----