Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/vbW9HDnSvJmxsqC-cV5z-907X4o.roa
File:                     vbW9HDnSvJmxsqC-cV5z-907X4o.roa (raw, json)
Hash identifier:          RVRq1+9gitJwQNotHLkJdZpm6YORt32/tbHB/qnAsaE=
Subject key identifier:   BD:B5:BD:1C:39:D2:BC:99:B1:B2:A0:BE:71:5E:73:FB:DD:3B:5F:8A
Certificate issuer:       /CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Certificate serial:       019D9AFA2F619D52C5C24C8F5891A1ECD6A1
Authority key identifier: A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/vbW9HDnSvJmxsqC-cV5z-907X4o.roa
Signing time:             Fri 17 Apr 2026 10:26:20 +0000
ROA not before:           Fri 17 Apr 2026 10:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60294
IP address blocks:        80.74.48.0/20 maxlen: 22
                          80.74.48.0/22 maxlen: 22
                          80.74.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:fa:2f:61:9d:52:c5:c2:4c:8f:58:91:a1:ec:d6:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a18164d9961a16d2eff773f5027821e9d2bd3740
        Validity
            Not Before: Apr 17 10:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdb5bd1c39d2bc99b1b2a0be715e73fbdd3b5f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:77:86:84:9b:78:23:dd:c0:95:c4:9f:1a:03:
                    f9:22:66:6c:0c:31:8e:b0:77:b2:e4:7e:4b:43:6a:
                    a6:c5:9a:d7:ef:83:fc:a5:26:4c:37:65:c9:ae:da:
                    77:ea:3c:d5:66:ca:a5:ba:5a:8f:7d:ab:12:82:ec:
                    66:4e:58:8a:d2:0c:00:93:53:70:de:ac:d1:fd:18:
                    27:a6:cd:34:2d:e0:dd:52:2c:99:3a:38:5d:8c:3f:
                    6c:ac:70:5f:d0:d6:b8:d0:f3:98:b5:07:d6:3d:c8:
                    5b:3d:4d:e7:52:7f:5c:9d:a7:b6:91:4d:c0:be:c4:
                    4f:8e:b0:ab:31:9e:23:32:a5:0f:1e:ea:fc:08:6b:
                    8b:79:ee:e8:94:79:af:47:e3:69:f2:a6:06:00:ec:
                    e5:5a:de:f2:b1:bd:67:d5:cf:b0:3c:09:90:ea:28:
                    e0:0e:53:89:ef:9b:ae:33:a6:4f:2f:6a:db:5b:8b:
                    ce:9a:0c:36:7e:82:7e:53:06:77:8f:26:a6:91:7e:
                    83:93:3d:18:58:63:60:58:87:00:e5:e9:7c:a0:7a:
                    3c:d1:06:9e:65:ce:64:f4:c6:32:76:c3:58:61:0c:
                    35:bc:58:4e:74:85:4a:14:ea:0d:b0:7c:9a:93:0c:
                    dd:50:54:bb:3f:d4:86:37:48:a0:21:1d:f1:fe:25:
                    fe:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B5:BD:1C:39:D2:BC:99:B1:B2:A0:BE:71:5E:73:FB:DD:3B:5F:8A
            X509v3 Authority Key Identifier:
                keyid:A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/vbW9HDnSvJmxsqC-cV5z-907X4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.74.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         60:67:ce:d0:98:6f:a6:38:ec:bd:cc:01:45:80:1e:ea:7e:d4:
         6b:bd:ad:84:15:b0:1c:d2:e4:97:a4:70:c2:f8:2f:8d:63:9c:
         99:88:83:6e:07:23:41:29:f5:9c:4c:9b:73:0f:07:30:95:13:
         9c:5f:76:c2:33:8a:6e:1f:1a:d3:e2:67:a4:aa:d7:d8:e5:e6:
         4e:5e:19:75:08:51:c6:f8:ca:b7:57:a1:56:b1:41:7e:fe:a5:
         6b:5b:3e:2a:93:8a:92:51:54:ab:e0:67:90:e9:c4:35:f6:e1:
         10:c1:14:c0:82:20:ec:10:80:fe:89:91:95:84:d0:42:1d:e4:
         88:ba:37:92:31:a5:ee:6f:bc:72:3e:1b:16:17:75:ed:6d:2b:
         70:89:23:02:46:5b:2a:7c:a1:68:8f:4f:ae:f4:cd:e2:92:d5:
         fc:6d:72:90:42:97:25:32:e5:25:04:2c:b8:f0:cc:9b:3f:ce:
         ec:1f:a3:3d:1c:c6:71:56:44:a0:c2:25:a7:43:d7:f6:9a:d3:
         37:a0:74:d0:b5:b8:15:ed:3e:8c:36:76:8c:16:8d:f2:03:8d:
         36:1e:a9:de:e6:76:65:9e:43:74:20:9f:1c:a4:e7:43:fd:f0:
         8d:ff:46:64:63:63:c6:00:b8:20:61:34:bb:06:66:2e:61:88:
         c8:1c:78:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2a+i9hnVLFwkyPWJGh7NahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODE2NGQ5OTYxYTE2ZDJlZmY3NzNmNTAyNzgyMWU5ZDJi
ZDM3NDAwHhcNMjYwNDE3MTAyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI1YmQxYzM5ZDJiYzk5YjFiMmEwYmU3MTVlNzNmYmRkM2I1ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxneGhJt4I93AlcSfGgP5ImZsDDGO
sHey5H5LQ2qmxZrX74P8pSZMN2XJrtp36jzVZsqlulqPfasSguxmTliK0gwAk1Nw
3qzR/Rgnps00LeDdUiyZOjhdjD9srHBf0Na40POYtQfWPchbPU3nUn9cnae2kU3A
vsRPjrCrMZ4jMqUPHur8CGuLee7olHmvR+Np8qYGAOzlWt7ysb1n1c+wPAmQ6ijg
DlOJ75uuM6ZPL2rbW4vOmgw2foJ+UwZ3jyamkX6Dkz0YWGNgWIcA5el8oHo80Qae
Zc5k9MYydsNYYQw1vFhOdIVKFOoNsHyakwzdUFS7P9SGN0igIR3x/iX+hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL21vRw50ryZsbKgvnFec/vdO1+KMB8GA1UdIwQY
MBaAFKGBZNmWGhbS7/dz9QJ4IenSvTdAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUt
MTUyMzgwM2ZhZGFmLzEvdmJXOUhEblN2Sm14c3FDLWNWNXotOTA3WDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUtMTUyMzgwM2ZhZGFm
LzEvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUEowMA0G
CSqGSIb3DQEBCwUAA4IBAQBgZ87QmG+mOOy9zAFFgB7qftRrva2EFbAc0uSXpHDC
+C+NY5yZiINuByNBKfWcTJtzDwcwlROcX3bCM4puHxrT4mekqtfY5eZOXhl1CFHG
+Mq3V6FWsUF+/qVrWz4qk4qSUVSr4GeQ6cQ19uEQwRTAgiDsEID+iZGVhNBCHeSI
ujeSMaXub7xyPhsWF3XtbStwiSMCRlsqfKFoj0+u9M3iktX8bXKQQpclMuUlBCy4
8MybP87sH6M9HMZxVkSgwiWnQ9f2mtM3oHTQtbgV7T6MNnaMFo3yA402Hqne5nZl
nkN0IJ8cpOdD/fCN/0ZkY2PGALggYTS7BmYuYYjIHHhi
-----END CERTIFICATE-----