Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0GwtoUzvyeaOyVgiz5_5u_fQDK4.roa
File:                     0GwtoUzvyeaOyVgiz5_5u_fQDK4.roa (raw, json)
Hash identifier:          ZzkFfie4rwQqLWELgA2gskNhetqEHZ8eQDpZfZACQJA=
Subject key identifier:   D0:6C:2D:A1:4C:EF:C9:E6:8E:C9:58:22:CF:9F:F9:BB:F7:D0:0C:AE
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019E7E80229F5F256E28708572C87F855508
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0GwtoUzvyeaOyVgiz5_5u_fQDK4.roa
Signing time:             Sun 31 May 2026 14:46:27 +0000
ROA not before:           Sun 31 May 2026 14:46:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        91.109.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7e:80:22:9f:5f:25:6e:28:70:85:72:c8:7f:85:55:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: May 31 14:46:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d06c2da14cefc9e68ec95822cf9ff9bbf7d00cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d8:6e:c1:83:d0:64:4d:2d:84:19:ed:37:6f:
                    e6:bb:a7:3e:ee:8a:47:b5:0a:2c:e1:28:2a:8e:a2:
                    d1:24:1a:04:e0:04:2e:d4:dc:3e:ca:b1:28:52:97:
                    9c:3f:c9:92:ab:16:47:6d:8e:a0:71:21:ab:65:1b:
                    fa:2a:7c:80:62:81:52:a0:0d:da:60:eb:8a:60:dc:
                    24:df:26:f4:a6:c1:e5:95:0e:bd:41:2e:08:12:dd:
                    34:3e:c4:5c:35:d2:e9:35:12:b5:fc:db:01:b9:9d:
                    1a:1d:f9:fc:7d:45:43:8f:cc:8a:8e:45:0d:5f:1f:
                    95:32:77:1c:cc:4f:f9:6f:26:94:f5:93:09:89:26:
                    d5:35:dc:19:09:84:97:04:95:2a:dd:50:a2:41:ad:
                    bc:47:a4:b0:cd:15:2e:d6:61:d5:ee:6f:7e:24:73:
                    20:95:d0:8a:2c:f7:2e:8c:b4:58:dd:2f:77:98:e1:
                    2a:42:f8:e4:6b:55:c6:e8:46:44:a5:4c:c5:a5:31:
                    2f:f9:12:40:9d:b5:21:02:d9:0e:7a:88:34:65:23:
                    f0:64:eb:5d:6c:67:f9:57:7c:5d:5e:b9:9f:7a:3b:
                    ee:a3:2e:6f:46:b3:09:c9:ec:c0:a6:f3:79:f5:09:
                    1b:57:ec:07:d4:ce:76:5b:35:2f:55:fe:02:48:20:
                    d7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:6C:2D:A1:4C:EF:C9:E6:8E:C9:58:22:CF:9F:F9:BB:F7:D0:0C:AE
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0GwtoUzvyeaOyVgiz5_5u_fQDK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:fe:19:ca:fd:25:91:a8:e8:09:5d:e7:da:82:41:c9:87:01:
         b9:18:1a:35:0c:a8:80:26:19:f3:f3:47:d3:e5:64:4b:e4:31:
         73:54:5e:29:18:60:8d:6d:8f:ab:8f:38:10:85:92:a5:c6:40:
         3e:d2:06:86:49:92:0e:55:31:78:19:c2:f0:0a:13:2b:87:46:
         e4:c1:4f:e5:5b:43:9d:4e:74:32:13:0c:c1:79:75:24:15:a4:
         19:22:f9:a4:fd:b3:01:b7:fa:f7:50:bb:b2:77:1d:43:13:0a:
         a3:80:c5:71:0a:88:69:a0:3f:33:ba:4c:35:8a:93:a0:d4:b3:
         2a:3f:7f:94:2b:0d:92:82:a8:32:50:e2:ce:66:53:d3:3d:7b:
         97:97:db:20:09:0e:3f:9b:f0:fb:80:ac:b2:cb:cb:ad:12:82:
         6f:fe:2c:74:82:5d:d4:3d:0e:4c:2f:19:38:32:b6:b6:fc:23:
         19:66:99:24:8b:d3:a0:a1:0f:6f:85:31:aa:69:62:03:35:01:
         0c:dd:00:13:70:96:8e:8a:da:4b:f8:f1:8c:c3:db:43:79:83:
         ef:21:39:cc:33:75:35:73:98:eb:eb:60:36:f7:fe:c1:7c:49:
         6d:66:95:32:77:01:d4:36:9a:ba:07:28:cb:ad:dd:a8:7e:06:
         d3:17:81:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5+gCKfXyVuKHCFcsh/hVUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwNTMxMTQ0NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDZjMmRhMTRjZWZjOWU2OGVjOTU4MjJjZjlmZjliYmY3ZDAwY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9huwYPQZE0thBntN2/mu6c+7opH
tQos4SgqjqLRJBoE4AQu1Nw+yrEoUpecP8mSqxZHbY6gcSGrZRv6KnyAYoFSoA3a
YOuKYNwk3yb0psHllQ69QS4IEt00PsRcNdLpNRK1/NsBuZ0aHfn8fUVDj8yKjkUN
Xx+VMncczE/5byaU9ZMJiSbVNdwZCYSXBJUq3VCiQa28R6SwzRUu1mHV7m9+JHMg
ldCKLPcujLRY3S93mOEqQvjka1XG6EZEpUzFpTEv+RJAnbUhAtkOeog0ZSPwZOtd
bGf5V3xdXrmfejvuoy5vRrMJyezApvN59QkbV+wH1M52WzUvVf4CSCDX0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBsLaFM78nmjslYIs+f+bv30AyuMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvMEd3dG9VenZ5ZWFPeVZnaXo1XzV1X2ZRREs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW20vMA0G
CSqGSIb3DQEBCwUAA4IBAQBc/hnK/SWRqOgJXefagkHJhwG5GBo1DKiAJhnz80fT
5WRL5DFzVF4pGGCNbY+rjzgQhZKlxkA+0gaGSZIOVTF4GcLwChMrh0bkwU/lW0Od
TnQyEwzBeXUkFaQZIvmk/bMBt/r3ULuydx1DEwqjgMVxCohpoD8zukw1ipOg1LMq
P3+UKw2SgqgyUOLOZlPTPXuXl9sgCQ4/m/D7gKyyy8utEoJv/ix0gl3UPQ5MLxk4
Mra2/CMZZpkki9OgoQ9vhTGqaWIDNQEM3QATcJaOitpL+PGMw9tDeYPvITnMM3U1
c5jr62A29/7BfEltZpUydwHUNpq6ByjLrd2ofgbTF4HU
-----END CERTIFICATE-----