Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/e2Nx3MWYEW91glMqV5TLbQ1S5j4.roa
File:                     e2Nx3MWYEW91glMqV5TLbQ1S5j4.roa (raw, json)
Hash identifier:          1d9GQqvCFQjgc9W5ZDcmpkqgj4oWJ7r7FTu64+cmQXw=
Subject key identifier:   7B:63:71:DC:C5:98:11:6F:75:82:53:2A:57:94:CB:6D:0D:52:E6:3E
Certificate issuer:       /CN=e8cfe5b33ee443fde92bd42118881ca6e8263a49
Certificate serial:       019B7A59FFD836CB12905BF4C04831BCEDC7
Authority key identifier: E8:CF:E5:B3:3E:E4:43:FD:E9:2B:D4:21:18:88:1C:A6:E8:26:3A:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6M_lsz7kQ_3pK9QhGIgcpugmOkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/e2Nx3MWYEW91glMqV5TLbQ1S5j4.roa
Signing time:             Thu 01 Jan 2026 16:17:57 +0000
ROA not before:           Thu 01 Jan 2026 16:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203263
IP address blocks:        185.165.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/6M_lsz7kQ_3pK9QhGIgcpugmOkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/6M_lsz7kQ_3pK9QhGIgcpugmOkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6M_lsz7kQ_3pK9QhGIgcpugmOkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:59:ff:d8:36:cb:12:90:5b:f4:c0:48:31:bc:ed:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8cfe5b33ee443fde92bd42118881ca6e8263a49
        Validity
            Not Before: Jan  1 16:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b6371dcc598116f7582532a5794cb6d0d52e63e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:57:e4:99:5c:17:77:4c:e4:0f:c5:f0:da:f8:
                    eb:29:04:9e:00:90:f0:1d:4e:71:13:ad:a7:de:36:
                    96:8c:31:1f:ae:85:8f:c7:99:8c:10:af:ba:0c:1c:
                    b3:67:53:f0:f8:a0:80:eb:81:d1:69:53:8c:8e:ba:
                    c3:9f:49:be:31:74:4c:d9:c0:97:e4:01:6b:97:c3:
                    c4:eb:50:ed:58:ad:1e:9f:54:20:35:c8:02:44:f1:
                    cf:cb:33:94:5a:f4:2e:cf:e6:2e:f8:6a:24:57:2e:
                    49:a7:a8:89:e0:54:80:7b:2d:00:d4:a1:85:0c:4e:
                    df:29:7a:d1:7a:15:35:61:4b:c7:63:7d:e4:78:4e:
                    00:07:41:cf:68:31:a5:ad:b5:20:4d:b0:8b:c4:aa:
                    d0:2b:31:8a:39:38:6f:a6:6e:2e:87:bd:27:23:81:
                    b9:5d:a9:3d:9b:4e:b9:a2:1b:81:b6:4c:c6:2b:c5:
                    82:8d:99:af:10:68:03:ca:4e:13:63:63:2b:3d:74:
                    dd:a4:dd:ad:73:e3:50:ef:4b:dc:73:12:ba:b7:7a:
                    38:af:cd:4e:46:57:6c:c4:a4:92:40:ca:f5:bf:ca:
                    a9:a3:12:2d:e0:f8:2e:b6:4d:d1:b6:a1:8c:c2:53:
                    ed:91:59:4e:c0:7b:73:8d:0f:73:18:f0:26:54:a5:
                    2d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:63:71:DC:C5:98:11:6F:75:82:53:2A:57:94:CB:6D:0D:52:E6:3E
            X509v3 Authority Key Identifier:
                keyid:E8:CF:E5:B3:3E:E4:43:FD:E9:2B:D4:21:18:88:1C:A6:E8:26:3A:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6M_lsz7kQ_3pK9QhGIgcpugmOkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/e2Nx3MWYEW91glMqV5TLbQ1S5j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/a4356c-8d14-4b1c-a55b-70c2e7686e6b/1/6M_lsz7kQ_3pK9QhGIgcpugmOkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:2b:90:33:d0:0c:b6:b9:31:e6:ae:d6:b8:a1:79:a3:e1:40:
         23:07:3c:7a:85:a8:b6:8b:3a:cb:a0:64:02:41:0a:c6:73:7c:
         34:66:22:c7:93:60:47:16:2a:fc:a3:88:21:18:54:fe:04:bc:
         49:dd:ac:5a:1f:dc:6c:bd:a3:0b:0c:da:3e:5d:76:02:b0:94:
         ab:0d:5b:29:f6:63:8f:7d:48:75:a3:a8:f5:f9:1a:73:9d:44:
         bc:71:5f:a6:ff:c8:fb:72:00:ea:7c:7a:42:bb:7a:62:3c:59:
         47:0f:b8:6e:28:60:ff:04:aa:85:6a:3e:0b:a8:6a:0d:ed:4a:
         23:59:1c:d9:d8:1a:19:f7:84:f5:95:ab:99:98:a1:ee:ad:0a:
         0a:d9:53:39:cb:6b:5e:3b:2e:ad:17:d4:0f:af:da:a2:68:ca:
         37:e3:39:b3:75:4b:a4:fc:3c:65:51:e1:41:0a:26:bb:69:fb:
         16:f8:3a:16:10:cb:f6:6e:76:33:3d:b4:a7:56:05:70:76:a5:
         50:35:c9:d2:d5:81:1e:59:37:6d:8c:93:a6:c1:27:02:b0:ff:
         24:4d:21:0f:b5:c5:52:b8:e2:20:6f:ff:f4:b4:25:0c:c5:5f:
         1c:82:f6:08:29:ff:18:0b:f3:6c:15:f2:67:ac:53:d0:88:fc:
         ec:75:61:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wf/YNssSkFv0wEgxvO3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Y2ZlNWIzM2VlNDQzZmRlOTJiZDQyMTE4ODgxY2E2ZTgy
NjNhNDkwHhcNMjYwMTAxMTYxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjYzNzFkY2M1OTgxMTZmNzU4MjUzMmE1Nzk0Y2I2ZDBkNTJlNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlfkmVwXd0zkD8Xw2vjrKQSeAJDw
HU5xE62n3jaWjDEfroWPx5mMEK+6DByzZ1Pw+KCA64HRaVOMjrrDn0m+MXRM2cCX
5AFrl8PE61DtWK0en1QgNcgCRPHPyzOUWvQuz+Yu+GokVy5Jp6iJ4FSAey0A1KGF
DE7fKXrRehU1YUvHY33keE4AB0HPaDGlrbUgTbCLxKrQKzGKOThvpm4uh70nI4G5
Xak9m065ohuBtkzGK8WCjZmvEGgDyk4TY2MrPXTdpN2tc+NQ70vccxK6t3o4r81O
RldsxKSSQMr1v8qpoxIt4Pgutk3RtqGMwlPtkVlOwHtzjQ9zGPAmVKUtGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtjcdzFmBFvdYJTKleUy20NUuY+MB8GA1UdIwQY
MBaAFOjP5bM+5EP96SvUIRiIHKboJjpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1fbHN6N2tRXzNwSzlRaEdJZ2NwdWdtT2trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hNDM1NmMtOGQxNC00YjFjLWE1NWIt
NzBjMmU3Njg2ZTZiLzEvZTJOeDNNV1lFVzkxZ2xNcVY1VExiUTFTNWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hNDM1NmMtOGQxNC00YjFjLWE1NWItNzBjMmU3Njg2ZTZi
LzEvNk1fbHN6N2tRXzNwSzlRaEdJZ2NwdWdtT2trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaVfMA0G
CSqGSIb3DQEBCwUAA4IBAQCGK5Az0Ay2uTHmrta4oXmj4UAjBzx6hai2izrLoGQC
QQrGc3w0ZiLHk2BHFir8o4ghGFT+BLxJ3axaH9xsvaMLDNo+XXYCsJSrDVsp9mOP
fUh1o6j1+RpznUS8cV+m/8j7cgDqfHpCu3piPFlHD7huKGD/BKqFaj4LqGoN7Uoj
WRzZ2BoZ94T1lauZmKHurQoK2VM5y2teOy6tF9QPr9qiaMo34zmzdUuk/DxlUeFB
Cia7afsW+DoWEMv2bnYzPbSnVgVwdqVQNcnS1YEeWTdtjJOmwScCsP8kTSEPtcVS
uOIgb//0tCUMxV8cgvYIKf8YC/NsFfJnrFPQiPzsdWFY
-----END CERTIFICATE-----