Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/c-8fg39HEBoTazbtgLubPv-jdHk.roa
File:                     c-8fg39HEBoTazbtgLubPv-jdHk.roa (raw, json)
Hash identifier:          JsFBjPvToocQ1g31FqB3aylJXDSNR8YaVIwtJ/bFd+o=
Subject key identifier:   73:EF:1F:83:7F:47:10:1A:13:6B:36:ED:80:BB:9B:3E:FF:A3:74:79
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019E96FB92C278C6F42EB648312794AFB9D7
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/c-8fg39HEBoTazbtgLubPv-jdHk.roa
Signing time:             Fri 05 Jun 2026 08:52:09 +0000
ROA not before:           Fri 05 Jun 2026 08:52:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219527
IP address blocks:        194.180.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:fb:92:c2:78:c6:f4:2e:b6:48:31:27:94:af:b9:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Jun  5 08:52:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73ef1f837f47101a136b36ed80bb9b3effa37479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:71:62:53:1b:92:b0:82:94:4b:44:0c:75:40:
                    7c:62:3f:e2:b7:1c:d0:b5:87:a8:78:21:68:99:0c:
                    56:6b:9c:44:ff:4f:77:35:0d:98:e6:7d:29:b6:4a:
                    ad:9a:fe:6f:8d:f2:4c:ea:30:78:3c:c7:77:ec:5e:
                    84:5c:cf:91:14:53:f4:3c:7c:6d:49:a4:c7:5e:4d:
                    b8:09:ee:d4:7b:6f:80:5a:d7:ab:6f:ec:32:03:11:
                    c8:35:45:e8:3c:ec:a6:cf:f3:ae:b8:61:22:c9:ea:
                    a3:18:81:78:1d:0c:88:38:f0:74:6b:99:7c:db:fb:
                    cd:96:ce:06:4d:9d:e9:f3:11:93:47:6a:dd:36:52:
                    59:be:57:e6:08:d0:46:2f:47:4c:46:2d:84:18:59:
                    d2:71:89:04:da:d3:1b:7e:5d:41:9a:ab:a7:22:61:
                    3b:e1:08:ba:73:83:87:f3:d8:20:c4:4d:c9:98:00:
                    34:6c:98:ac:b9:9e:0c:7c:47:7d:a3:9e:3f:f7:48:
                    83:5c:e3:de:5a:1d:81:3a:c5:09:eb:ef:0a:09:5b:
                    87:a3:a6:68:77:08:2f:27:77:c4:1e:8b:63:87:3a:
                    a2:be:0d:6d:ea:76:ac:1e:2d:c5:33:e1:cf:b5:99:
                    d3:63:2a:48:e2:90:0e:ff:58:a2:4f:a8:82:94:a7:
                    c3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EF:1F:83:7F:47:10:1A:13:6B:36:ED:80:BB:9B:3E:FF:A3:74:79
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/c-8fg39HEBoTazbtgLubPv-jdHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:9c:fe:e5:70:a8:46:6c:19:45:04:73:a7:67:6b:9f:b9:de:
         17:ff:6f:b8:dd:18:38:cb:32:59:91:59:4e:dd:7b:db:88:20:
         20:16:74:4a:7f:2f:4c:56:93:54:67:03:7b:89:52:1b:a7:30:
         89:be:9b:9c:0e:b9:73:a2:82:44:8f:90:c5:e3:23:27:ef:eb:
         79:14:9f:cb:5d:97:4a:f8:37:21:c3:5a:dd:aa:83:14:f0:8c:
         94:bf:68:01:19:4d:bc:ba:dd:96:11:2e:2c:c5:06:c2:6f:ee:
         91:6c:e2:d4:79:c4:1c:28:66:94:fe:48:3e:22:b3:cc:63:72:
         1a:5e:69:3f:7d:3a:55:82:8f:8c:ad:07:5c:50:f5:5d:50:ac:
         f2:b5:28:a1:cb:01:f2:cb:fd:e7:52:46:df:ce:e8:78:51:1c:
         3d:ed:0b:cc:26:04:cc:09:cb:e3:f9:94:12:14:c4:34:78:fa:
         f3:ca:aa:c3:b5:d4:49:d1:62:be:fc:ce:04:46:54:26:6a:1e:
         51:e9:ba:8b:39:77:43:4f:91:0c:97:84:21:bb:70:4e:bb:44:
         f7:f3:f8:aa:1b:12:5c:82:46:2e:9e:ed:19:77:b3:dc:78:a6:
         04:73:8d:49:f2:a1:bd:ad:b4:52:f7:d9:fe:c0:ed:86:73:9e:
         aa:c2:bb:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6W+5LCeMb0LrZIMSeUr7nXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjYwNjA1MDg1MjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2VmMWY4MzdmNDcxMDFhMTM2YjM2ZWQ4MGJiOWIzZWZmYTM3NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXFiUxuSsIKUS0QMdUB8Yj/itxzQ
tYeoeCFomQxWa5xE/093NQ2Y5n0ptkqtmv5vjfJM6jB4PMd37F6EXM+RFFP0PHxt
SaTHXk24Ce7Ue2+AWterb+wyAxHINUXoPOymz/OuuGEiyeqjGIF4HQyIOPB0a5l8
2/vNls4GTZ3p8xGTR2rdNlJZvlfmCNBGL0dMRi2EGFnScYkE2tMbfl1BmqunImE7
4Qi6c4OH89ggxE3JmAA0bJisuZ4MfEd9o54/90iDXOPeWh2BOsUJ6+8KCVuHo6Zo
dwgvJ3fEHotjhzqivg1t6nasHi3FM+HPtZnTYypI4pAO/1iiT6iClKfDiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPvH4N/RxAaE2s27YC7mz7/o3R5MB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvYy04ZmczOUhFQm9UYXpidGdMdWJQdi1qZEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrTQMA0G
CSqGSIb3DQEBCwUAA4IBAQB0nP7lcKhGbBlFBHOnZ2ufud4X/2+43Rg4yzJZkVlO
3XvbiCAgFnRKfy9MVpNUZwN7iVIbpzCJvpucDrlzooJEj5DF4yMn7+t5FJ/LXZdK
+Dchw1rdqoMU8IyUv2gBGU28ut2WES4sxQbCb+6RbOLUecQcKGaU/kg+IrPMY3Ia
Xmk/fTpVgo+MrQdcUPVdUKzytSihywHyy/3nUkbfzuh4URw97QvMJgTMCcvj+ZQS
FMQ0ePrzyqrDtdRJ0WK+/M4ERlQmah5R6bqLOXdDT5EMl4Qhu3BOu0T38/iqGxJc
gkYunu0Zd7PceKYEc41J8qG9rbRS99n+wO2Gc56qwrtA
-----END CERTIFICATE-----