Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/9MEa7-ij5kfdBT7XnKLlYtFL6P4.roa
File:                     9MEa7-ij5kfdBT7XnKLlYtFL6P4.roa (raw, json)
Hash identifier:          RYEP+0PZcE2SzazXWEu18AaQhracA99HUDt+KGAa3SA=
Subject key identifier:   F4:C1:1A:EF:E8:A3:E6:47:DD:05:3E:D7:9C:A2:E5:62:D1:4B:E8:FE
Certificate issuer:       /CN=6ff50cc1c7d066d4881dbf4de739f51024274d6a
Certificate serial:       019DE28EAAB3955EDF28DBF02348D95758D9
Authority key identifier: 6F:F5:0C:C1:C7:D0:66:D4:88:1D:BF:4D:E7:39:F5:10:24:27:4D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b_UMwcfQZtSIHb9N5zn1ECQnTWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/9MEa7-ij5kfdBT7XnKLlYtFL6P4.roa
Signing time:             Fri 01 May 2026 08:01:33 +0000
ROA not before:           Fri 01 May 2026 08:01:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24785
IP address blocks:        185.50.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/b_UMwcfQZtSIHb9N5zn1ECQnTWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/b_UMwcfQZtSIHb9N5zn1ECQnTWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b_UMwcfQZtSIHb9N5zn1ECQnTWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:8e:aa:b3:95:5e:df:28:db:f0:23:48:d9:57:58:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ff50cc1c7d066d4881dbf4de739f51024274d6a
        Validity
            Not Before: May  1 08:01:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4c11aefe8a3e647dd053ed79ca2e562d14be8fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8a:46:16:e1:62:73:da:ae:b7:bc:f1:b0:d3:
                    b3:ef:34:64:b9:f4:9d:8a:8a:85:af:fd:be:1f:d7:
                    c1:dd:c4:e8:c8:21:0e:fe:60:14:99:1e:51:74:2b:
                    ed:fb:43:99:6e:08:92:bb:f4:6f:4f:fa:1d:6a:fb:
                    b6:b3:51:b4:b8:b6:58:5a:60:00:ac:a0:c9:10:2b:
                    98:24:de:2e:41:23:a1:85:c8:2d:1d:35:8a:a4:1c:
                    a1:6e:e7:df:2e:2b:52:2f:2d:39:89:64:89:49:e9:
                    d1:53:cc:e6:5e:da:61:bd:66:e9:75:00:36:f4:59:
                    d8:6c:ff:f3:e1:5b:33:ff:6c:89:a3:b6:5b:51:54:
                    92:c7:0a:88:b3:cc:2c:95:66:39:02:5d:b3:97:28:
                    12:f3:6b:46:fb:71:85:38:b0:13:3b:60:18:e3:71:
                    f5:e0:e4:ae:cf:7c:09:b1:b7:9a:bf:43:e0:3a:28:
                    66:3d:8e:e0:85:a5:a8:79:00:26:4e:12:ec:30:65:
                    70:64:2d:76:7a:cb:51:e4:9f:b8:80:ba:55:50:da:
                    77:4f:97:43:f3:f2:65:b1:d7:94:4c:15:40:8d:76:
                    7d:c6:92:e9:ad:8b:bc:25:29:89:e1:39:d4:ad:cd:
                    b2:d6:dc:21:76:96:c5:c4:0d:aa:0d:1d:a0:40:21:
                    67:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C1:1A:EF:E8:A3:E6:47:DD:05:3E:D7:9C:A2:E5:62:D1:4B:E8:FE
            X509v3 Authority Key Identifier:
                keyid:6F:F5:0C:C1:C7:D0:66:D4:88:1D:BF:4D:E7:39:F5:10:24:27:4D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b_UMwcfQZtSIHb9N5zn1ECQnTWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/9MEa7-ij5kfdBT7XnKLlYtFL6P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4cb05d-bbdf-436b-b3c1-2931f27121d7/1/b_UMwcfQZtSIHb9N5zn1ECQnTWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:a5:20:05:6a:7f:cd:69:05:e6:b7:1e:69:52:c8:17:4f:bb:
         42:8b:f3:4c:1c:db:94:44:39:ea:bb:cd:29:0f:43:c8:3f:26:
         04:31:a6:49:27:bc:d6:09:73:b7:77:20:ed:22:b3:d9:ec:9c:
         c3:54:f8:68:41:c0:71:fb:69:f3:92:57:f5:a3:e5:72:e8:9a:
         03:99:34:6e:d7:4b:c2:f3:1e:ce:1f:6d:65:87:39:d2:4c:74:
         e5:72:a9:68:59:70:ad:b5:4b:ac:1f:d8:e0:95:d4:a0:29:d3:
         ae:73:2b:f6:07:3e:77:01:42:69:4d:98:dd:86:04:c0:d2:33:
         5b:ac:cf:19:24:0b:72:0c:57:a8:a2:c7:d9:c3:1b:3a:ec:24:
         ca:7d:51:6e:e3:cc:e2:38:ba:3b:b2:1b:ed:a3:31:e4:4d:3d:
         e6:a2:cc:0a:e9:0f:10:4e:20:63:cb:b4:23:ef:b9:80:62:4c:
         e6:15:8e:78:c1:51:b5:18:93:73:20:29:d4:91:48:5c:1b:4a:
         82:d9:ed:fb:74:4d:72:48:ab:f7:59:aa:05:7f:7b:c1:9e:41:
         c9:26:6e:64:b6:59:79:79:0a:f5:08:0e:d7:ee:4a:e1:58:1d:
         49:57:50:1a:c2:a3:c0:3d:d0:b6:e0:eb:91:61:5a:4a:be:31:
         b0:8d:94:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ijqqzlV7fKNvwI0jZV1jZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZjUwY2MxYzdkMDY2ZDQ4ODFkYmY0ZGU3MzlmNTEwMjQy
NzRkNmEwHhcNMjYwNTAxMDgwMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGMxMWFlZmU4YTNlNjQ3ZGQwNTNlZDc5Y2EyZTU2MmQxNGJlOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYpGFuFic9qut7zxsNOz7zRkufSd
ioqFr/2+H9fB3cToyCEO/mAUmR5RdCvt+0OZbgiSu/RvT/odavu2s1G0uLZYWmAA
rKDJECuYJN4uQSOhhcgtHTWKpByhbuffLitSLy05iWSJSenRU8zmXtphvWbpdQA2
9FnYbP/z4Vsz/2yJo7ZbUVSSxwqIs8wslWY5Al2zlygS82tG+3GFOLATO2AY43H1
4OSuz3wJsbeav0PgOihmPY7ghaWoeQAmThLsMGVwZC12estR5J+4gLpVUNp3T5dD
8/JlsdeUTBVAjXZ9xpLprYu8JSmJ4TnUrc2y1twhdpbFxA2qDR2gQCFncwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTBGu/oo+ZH3QU+15yi5WLRS+j+MB8GA1UdIwQY
MBaAFG/1DMHH0GbUiB2/Tec59RAkJ01qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYl9VTXdjZlFadFNJSGI5TjV6bjFFQ1FuVFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC80Y2IwNWQtYmJkZi00MzZiLWIzYzEt
MjkzMWYyNzEyMWQ3LzEvOU1FYTctaWo1a2ZkQlQ3WG5LTGxZdEZMNlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC80Y2IwNWQtYmJkZi00MzZiLWIzYzEtMjkzMWYyNzEyMWQ3
LzEvYl9VTXdjZlFadFNJSGI5TjV6bjFFQ1FuVFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTI8MA0G
CSqGSIb3DQEBCwUAA4IBAQBBpSAFan/NaQXmtx5pUsgXT7tCi/NMHNuURDnqu80p
D0PIPyYEMaZJJ7zWCXO3dyDtIrPZ7JzDVPhoQcBx+2nzklf1o+Vy6JoDmTRu10vC
8x7OH21lhznSTHTlcqloWXCttUusH9jgldSgKdOucyv2Bz53AUJpTZjdhgTA0jNb
rM8ZJAtyDFeoosfZwxs67CTKfVFu48ziOLo7shvtozHkTT3moswK6Q8QTiBjy7Qj
77mAYkzmFY54wVG1GJNzICnUkUhcG0qC2e37dE1ySKv3WaoFf3vBnkHJJm5ktll5
eQr1CA7X7krhWB1JV1AawqPAPdC24OuRYVpKvjGwjZQ+
-----END CERTIFICATE-----