Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/f3mf-dMP4SQheIwutrUiUleHb98.roa
File:                     f3mf-dMP4SQheIwutrUiUleHb98.roa (raw, json)
Hash identifier:          +qavYKqze36TJN+0/GZiHsCrGskAVVYXAHeeQ9YEX7M=
Subject key identifier:   7F:79:9F:F9:D3:0F:E1:24:21:78:8C:2E:B6:B5:22:52:57:87:6F:DF
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019EB5F5622DFA0DEB275E13A8D1C84FCC57
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/f3mf-dMP4SQheIwutrUiUleHb98.roa
Signing time:             Thu 11 Jun 2026 09:13:38 +0000
ROA not before:           Thu 11 Jun 2026 09:13:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        194.61.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:f5:62:2d:fa:0d:eb:27:5e:13:a8:d1:c8:4f:cc:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun 11 09:13:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f799ff9d30fe12421788c2eb6b5225257876fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:13:02:ca:f3:a2:fc:b1:4c:fa:dd:a0:56:b4:
                    19:a5:e8:73:47:16:09:93:3e:be:5b:13:c2:5d:aa:
                    1e:e2:d5:6f:ee:52:de:58:18:56:44:8d:16:5f:7b:
                    17:0a:8d:7f:48:d9:56:55:7d:53:9e:6f:8c:b3:80:
                    fe:bb:5d:c0:7d:ef:d6:06:1b:2d:42:c3:6a:45:86:
                    44:a0:d3:40:7f:b9:35:43:f1:30:02:fb:34:f2:a7:
                    25:98:39:b5:6e:67:d6:f7:49:51:42:93:7d:a5:af:
                    22:16:af:68:95:b5:67:c4:15:0d:5c:b8:ec:cb:8f:
                    d1:da:0c:f1:ed:f2:d0:31:d3:08:a3:71:61:dd:60:
                    eb:52:72:c4:a8:68:06:ff:8b:90:62:f7:a4:cd:d2:
                    2d:0b:48:c6:eb:a2:cd:51:c1:e6:c9:80:6c:58:96:
                    58:77:8b:0f:b4:56:79:0c:c9:6e:90:d7:3f:5c:87:
                    61:b4:57:c6:d3:16:41:a0:b7:74:33:e1:d4:09:3c:
                    9f:66:49:0a:16:3c:ec:63:cd:a9:72:bc:c6:2d:df:
                    70:1d:7f:8e:09:83:b9:2f:df:b2:f1:3c:e3:93:3b:
                    9e:0d:e7:06:38:5b:ab:06:17:4a:4b:5d:a2:b3:8c:
                    27:ee:46:b1:f0:d2:8d:f2:12:49:8e:91:52:48:ba:
                    cd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:79:9F:F9:D3:0F:E1:24:21:78:8C:2E:B6:B5:22:52:57:87:6F:DF
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/f3mf-dMP4SQheIwutrUiUleHb98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:ad:84:c5:12:7e:ab:2f:c1:e1:07:21:92:c8:37:f2:6f:49:
         28:b3:ae:8a:00:a2:bb:3d:79:ab:41:13:d7:84:d4:04:5a:aa:
         37:1c:b1:43:8b:cf:1c:81:e3:c7:2f:37:19:ba:37:ca:a1:ca:
         e8:9f:37:00:a3:32:28:b9:43:59:c2:dd:54:33:58:3f:da:8e:
         01:56:b9:1f:07:e4:a4:8a:1e:dc:73:b6:84:3e:57:16:f5:c8:
         d5:e0:01:f6:24:02:f7:6b:1d:3a:92:e9:74:0b:c9:37:99:84:
         e9:ca:05:06:8f:0f:14:1b:ca:a6:17:6e:01:b0:b1:bf:25:d4:
         52:e7:18:4b:10:9b:e6:89:6d:bb:77:76:51:ec:e8:5b:92:3f:
         a9:28:90:15:54:97:dd:b7:c9:d0:72:98:0f:49:b5:1d:2f:6b:
         ca:80:5d:a1:8e:1d:d4:37:49:4e:e6:64:1f:3a:09:04:c8:a0:
         37:0d:a2:9b:f8:9d:3b:c9:12:81:72:15:e7:55:c2:eb:6e:b8:
         f9:c0:16:88:04:9a:5d:4d:9d:e4:f4:a5:c4:46:50:15:b7:82:
         de:09:6a:fb:6d:83:e1:4d:40:51:bc:8f:2d:78:f7:cc:22:f0:
         25:09:a4:ba:b2:9f:ec:1d:e0:01:75:0e:df:07:a9:ac:0a:5e:
         5f:90:7d:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ619WIt+g3rJ14TqNHIT8xXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNjExMDkxMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc5OWZmOWQzMGZlMTI0MjE3ODhjMmViNmI1MjI1MjU3ODc2ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRMCyvOi/LFM+t2gVrQZpehzRxYJ
kz6+WxPCXaoe4tVv7lLeWBhWRI0WX3sXCo1/SNlWVX1Tnm+Ms4D+u13Afe/WBhst
QsNqRYZEoNNAf7k1Q/EwAvs08qclmDm1bmfW90lRQpN9pa8iFq9olbVnxBUNXLjs
y4/R2gzx7fLQMdMIo3Fh3WDrUnLEqGgG/4uQYvekzdItC0jG66LNUcHmyYBsWJZY
d4sPtFZ5DMlukNc/XIdhtFfG0xZBoLd0M+HUCTyfZkkKFjzsY82pcrzGLd9wHX+O
CYO5L9+y8TzjkzueDecGOFurBhdKS12is4wn7kax8NKN8hJJjpFSSLrN6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH95n/nTD+EkIXiMLra1IlJXh2/fMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZjNtZi1kTVA0U1FoZUl3dXRyVWlVbGVIYjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1KMA0G
CSqGSIb3DQEBCwUAA4IBAQBnrYTFEn6rL8HhByGSyDfyb0kos66KAKK7PXmrQRPX
hNQEWqo3HLFDi88cgePHLzcZujfKocronzcAozIouUNZwt1UM1g/2o4BVrkfB+Sk
ih7cc7aEPlcW9cjV4AH2JAL3ax06kul0C8k3mYTpygUGjw8UG8qmF24BsLG/JdRS
5xhLEJvmiW27d3ZR7Ohbkj+pKJAVVJfdt8nQcpgPSbUdL2vKgF2hjh3UN0lO5mQf
OgkEyKA3DaKb+J07yRKBchXnVcLrbrj5wBaIBJpdTZ3k9KXERlAVt4LeCWr7bYPh
TUBRvI8tePfMIvAlCaS6sp/sHeABdQ7fB6msCl5fkH3t
-----END CERTIFICATE-----