Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/eN33JrW4uE9WYv1qiKiEHTbpfbQ.roa
File:                     eN33JrW4uE9WYv1qiKiEHTbpfbQ.roa (raw, json)
Hash identifier:          jV/nUDEGGfrnT9JmJTuWFyFTtbm4P5emFu/rnjcrOOg=
Subject key identifier:   78:DD:F7:26:B5:B8:B8:4F:56:62:FD:6A:88:A8:84:1D:36:E9:7D:B4
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       019D542CA773982AD86585B4B2363D2FC2A8
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/eN33JrW4uE9WYv1qiKiEHTbpfbQ.roa
Signing time:             Fri 03 Apr 2026 16:28:25 +0000
ROA not before:           Fri 03 Apr 2026 16:28:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.24.72.0/22 maxlen: 24
                          2a14:b000::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:2c:a7:73:98:2a:d8:65:85:b4:b2:36:3d:2f:c2:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: Apr  3 16:28:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78ddf726b5b8b84f5662fd6a88a8841d36e97db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:64:eb:72:85:76:d4:66:9c:ab:d6:1a:04:
                    00:ab:cd:0e:71:c4:d4:85:b0:9d:79:7a:5c:4d:48:
                    65:d4:e2:ca:e1:d2:55:56:54:8e:98:e3:64:d4:9a:
                    af:29:e6:cc:0d:a6:2e:4b:e0:6e:92:28:4f:95:33:
                    79:17:54:44:51:a2:68:ba:17:61:5a:19:2c:a8:99:
                    bc:bb:34:fb:f6:c9:34:5d:ce:9f:c1:28:1e:9d:7d:
                    55:79:7c:65:c5:fa:2b:d7:dd:dd:05:1f:d4:a3:95:
                    71:a3:10:cf:3f:9f:b8:f5:f5:e7:1e:50:b3:53:40:
                    9a:68:65:7a:0a:ac:f3:64:20:55:08:ee:84:1e:fb:
                    00:bc:83:27:30:94:ce:23:e6:ec:f4:c8:73:60:40:
                    6b:d7:b7:7c:d1:d0:d4:83:c3:48:bc:9f:4b:27:dd:
                    1c:4c:45:73:dd:73:86:fd:cb:64:e7:aa:c8:b2:7f:
                    7b:ad:74:b9:4c:57:44:75:05:6f:0f:e5:b9:e3:7e:
                    54:79:1b:aa:be:74:8b:41:e8:30:36:a3:cc:46:d6:
                    0d:6e:e3:7a:69:91:92:72:fa:a4:a6:0a:ff:6e:41:
                    e2:22:10:ca:c7:c1:aa:b1:d1:62:9a:14:ca:b1:9f:
                    3f:e7:5a:17:8b:3d:08:b1:b2:0a:87:65:35:c0:a0:
                    0d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DD:F7:26:B5:B8:B8:4F:56:62:FD:6A:88:A8:84:1D:36:E9:7D:B4
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/eN33JrW4uE9WYv1qiKiEHTbpfbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.72.0/22
                IPv6:
                  2a14:b000::/29

    Signature Algorithm: sha256WithRSAEncryption
         e4:f9:cd:62:fc:2c:f4:be:81:9d:90:20:9b:a5:11:6b:59:a7:
         c3:84:28:aa:28:20:0d:9a:85:23:c0:5b:83:4f:d7:e7:45:58:
         c8:9c:21:58:b2:cb:dc:10:dc:eb:c7:56:b1:c2:30:81:44:29:
         3f:9f:81:80:7a:27:47:fe:8b:be:86:50:b3:2f:c4:13:55:3b:
         a8:2f:d1:13:c1:04:3d:01:b9:41:30:c2:ed:b3:ce:df:93:11:
         65:91:ea:99:f1:e7:5f:78:94:e5:d3:71:72:ed:3d:47:61:f5:
         bb:88:56:96:98:63:f1:20:91:24:1b:34:9a:d3:47:b7:45:1d:
         ab:75:33:ca:66:24:ef:fe:ba:28:24:a3:71:9e:65:04:3f:d4:
         0c:12:ff:56:84:71:19:80:87:3c:e9:7b:04:ce:a9:a3:f0:00:
         d1:13:85:2d:de:5e:d9:17:12:03:b2:ef:1f:43:b2:3b:c0:02:
         17:62:08:7f:6f:a7:9a:b7:ae:bf:6a:6d:21:68:be:41:4e:4b:
         0a:46:8b:18:30:6b:53:f3:7f:8e:b7:09:25:f0:40:c5:dd:89:
         d8:28:63:9a:ee:e2:80:46:ac:82:5d:56:67:b0:2d:99:9f:fa:
         f7:c5:ad:1a:86:0d:0a:c8:9b:eb:b6:27:1f:eb:9e:fe:0d:11:
         16:ab:b0:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1ULKdzmCrYZYW0sjY9L8KoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjYwNDAzMTYyODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRkZjcyNmI1YjhiODRmNTY2MmZkNmE4OGE4ODQxZDM2ZTk3ZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCZk63KFdtRmnKvWGgQAq80OccTU
hbCdeXpcTUhl1OLK4dJVVlSOmONk1JqvKebMDaYuS+BukihPlTN5F1REUaJouhdh
WhksqJm8uzT79sk0Xc6fwSgenX1VeXxlxfor193dBR/Uo5VxoxDPP5+49fXnHlCz
U0CaaGV6CqzzZCBVCO6EHvsAvIMnMJTOI+bs9MhzYEBr17d80dDUg8NIvJ9LJ90c
TEVz3XOG/ctk56rIsn97rXS5TFdEdQVvD+W5435UeRuqvnSLQegwNqPMRtYNbuN6
aZGScvqkpgr/bkHiIhDKx8GqsdFimhTKsZ8/51oXiz0IsbIKh2U1wKANbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHjd9ya1uLhPVmL9aoiohB026X20MB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEvZU4zM0pyVzR1RTlXWXYxcWlLaUVIVGJwZmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRhIMA0E
AgACMAcDBQMqFLAAMA0GCSqGSIb3DQEBCwUAA4IBAQDk+c1i/Cz0voGdkCCbpRFr
WafDhCiqKCANmoUjwFuDT9fnRVjInCFYssvcENzrx1axwjCBRCk/n4GAeidH/ou+
hlCzL8QTVTuoL9ETwQQ9AblBMMLts87fkxFlkeqZ8edfeJTl03Fy7T1HYfW7iFaW
mGPxIJEkGzSa00e3RR2rdTPKZiTv/rooJKNxnmUEP9QMEv9WhHEZgIc86XsEzqmj
8ADRE4Ut3l7ZFxIDsu8fQ7I7wAIXYgh/b6eat66/am0haL5BTksKRosYMGtT83+O
twkl8EDF3YnYKGOa7uKARqyCXVZnsC2Zn/r3xa0ahg0KyJvrticf657+DREWq7Dr
-----END CERTIFICATE-----