Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/CnBLfp0K-MwzN1OvimzKQhhQRz8.roa
File:                     CnBLfp0K-MwzN1OvimzKQhhQRz8.roa (raw, json)
Hash identifier:          etl29j67/XA8KfqoSc4LuDr3rcwYsJQPUU+kY7GMI8s=
Subject key identifier:   0A:70:4B:7E:9D:0A:F8:CC:33:37:53:AF:8A:6C:CA:42:18:50:47:3F
Certificate issuer:       /CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
Certificate serial:       019B7D5B76A0A38448009F499930AFB9B8FB
Authority key identifier: AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/CnBLfp0K-MwzN1OvimzKQhhQRz8.roa
Signing time:             Fri 02 Jan 2026 06:18:24 +0000
ROA not before:           Fri 02 Jan 2026 06:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197498
IP address blocks:        195.60.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:76:a0:a3:84:48:00:9f:49:99:30:af:b9:b8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
        Validity
            Not Before: Jan  2 06:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a704b7e9d0af8cc333753af8a6cca421850473f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:75:56:b8:25:dc:1c:67:c5:af:6d:c2:d4:52:
                    bf:78:61:a3:85:a4:99:14:c1:09:dc:42:80:94:97:
                    28:70:bb:7e:1f:70:a9:5f:62:b8:58:9d:c1:ac:26:
                    f3:21:79:8d:ee:63:7f:29:ed:13:57:cb:f1:9c:0e:
                    04:24:27:4c:a6:ba:20:7a:75:c9:57:df:f2:58:3d:
                    0a:87:c8:68:f6:14:3b:21:6d:8d:99:2a:b2:bd:c5:
                    2b:46:ac:39:43:ad:6b:26:47:55:b1:83:1f:8e:1e:
                    f7:60:ee:de:0f:b8:13:1c:54:23:8c:b9:58:ec:80:
                    2e:b1:15:b3:69:25:fd:a3:e7:7a:77:9f:9a:74:82:
                    91:16:9e:56:fc:42:1e:c3:07:c1:e3:ee:aa:35:1a:
                    18:4c:e8:07:fe:7a:a9:50:b4:00:e2:0e:42:cd:14:
                    6b:39:f6:61:fe:35:a2:86:3d:cc:5c:5c:55:98:13:
                    71:6d:13:97:e3:46:7e:02:a0:c7:f1:88:b7:21:c9:
                    b5:0c:f6:4a:72:3a:37:d7:4e:25:a9:fc:81:ae:38:
                    d0:77:49:a4:43:b7:ae:63:5d:d9:7c:44:17:46:7d:
                    fb:13:e6:ed:c9:92:86:dd:4b:26:09:2d:08:09:64:
                    c6:2a:85:de:b7:cb:15:1d:c9:74:9e:51:96:ca:42:
                    0f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:70:4B:7E:9D:0A:F8:CC:33:37:53:AF:8A:6C:CA:42:18:50:47:3F
            X509v3 Authority Key Identifier:
                keyid:AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/CnBLfp0K-MwzN1OvimzKQhhQRz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5c:74:cd:49:aa:6c:73:25:32:45:40:72:32:07:a2:6a:5a:
         38:55:4d:1c:6c:e2:20:b0:80:8e:59:e1:da:d3:64:41:93:d7:
         4c:9e:ba:d5:4a:42:ac:2e:c2:04:65:71:5d:aa:c6:db:68:dd:
         ed:1f:7b:12:0f:6e:61:3e:da:87:2e:dc:a1:c8:a4:9a:b6:c1:
         db:68:31:20:2a:51:70:12:bc:b2:01:92:85:02:13:ea:ef:fb:
         c9:dd:3a:4a:05:8e:9d:32:c4:95:6f:08:9d:81:f9:00:f5:4a:
         3d:7d:76:75:a0:9c:3b:ce:92:a8:a4:c3:3f:5b:1f:47:3d:86:
         7c:df:b8:63:bf:10:a1:d4:55:8a:a7:ee:8b:f3:f1:0b:e8:5a:
         de:d5:f9:62:87:60:4d:0d:a0:64:c9:ec:51:07:65:43:75:cc:
         ca:9c:58:51:8e:1e:02:3e:05:00:ce:47:a6:24:dc:73:a5:da:
         9b:a2:48:9f:8d:c9:3b:45:cd:73:7e:f2:63:05:1a:db:a1:99:
         0d:7b:57:1a:be:06:a3:9d:bd:7d:85:02:c8:21:be:17:5e:c2:
         a7:ca:20:9d:ce:b2:8a:2c:3d:7a:cf:82:fb:ea:44:f6:6a:2f:
         dc:da:93:df:87:3c:05:a4:d4:d9:91:53:45:a5:40:01:8d:48:
         e1:da:42:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W3ago4RIAJ9JmTCvubj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGY1YTliZDJhZDFlOTY4NjVmMDBkMDg1MjJiOWFhZDNl
OTFhNGQwHhcNMjYwMTAyMDYxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcwNGI3ZTlkMGFmOGNjMzMzNzUzYWY4YTZjY2E0MjE4NTA0NzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXVWuCXcHGfFr23C1FK/eGGjhaSZ
FMEJ3EKAlJcocLt+H3CpX2K4WJ3BrCbzIXmN7mN/Ke0TV8vxnA4EJCdMprogenXJ
V9/yWD0Kh8ho9hQ7IW2NmSqyvcUrRqw5Q61rJkdVsYMfjh73YO7eD7gTHFQjjLlY
7IAusRWzaSX9o+d6d5+adIKRFp5W/EIewwfB4+6qNRoYTOgH/nqpULQA4g5CzRRr
OfZh/jWihj3MXFxVmBNxbROX40Z+AqDH8Yi3Icm1DPZKcjo3104lqfyBrjjQd0mk
Q7euY13ZfEQXRn37E+btyZKG3UsmCS0ICWTGKoXet8sVHcl0nlGWykIPfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApwS36dCvjMMzdTr4psykIYUEc/MB8GA1UdIwQY
MBaAFK8PWpvSrR6Whl8A0IUiuarT6RpNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAt
M2FjM2I2NzM3MDQyLzEvQ25CTGZwMEstTXd6TjFPdmltektRaGhRUno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAtM2FjM2I2NzM3MDQy
LzEvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzzjMA0G
CSqGSIb3DQEBCwUAA4IBAQArXHTNSapscyUyRUByMgeialo4VU0cbOIgsICOWeHa
02RBk9dMnrrVSkKsLsIEZXFdqsbbaN3tH3sSD25hPtqHLtyhyKSatsHbaDEgKlFw
EryyAZKFAhPq7/vJ3TpKBY6dMsSVbwidgfkA9Uo9fXZ1oJw7zpKopMM/Wx9HPYZ8
37hjvxCh1FWKp+6L8/EL6Fre1flih2BNDaBkyexRB2VDdczKnFhRjh4CPgUAzkem
JNxzpdqbokifjck7Rc1zfvJjBRrboZkNe1cavgajnb19hQLIIb4XXsKnyiCdzrKK
LD16z4L76kT2ai/c2pPfhzwFpNTZkVNFpUABjUjh2kI0
-----END CERTIFICATE-----