Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/w66ZldWus98F7FLtFE_HfwzAVOw.roa
File:                     w66ZldWus98F7FLtFE_HfwzAVOw.roa (raw, json)
Hash identifier:          dMhZ2iCHZg0KsJ/1R4eui0OO1+pgGYsJE5mhqZ9ftyc=
Subject key identifier:   C3:AE:99:95:D5:AE:B3:DF:05:EC:52:ED:14:4F:C7:7F:0C:C0:54:EC
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       019E6055CEA45F93278BDDD181712CEC441D
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/w66ZldWus98F7FLtFE_HfwzAVOw.roa
Signing time:             Mon 25 May 2026 18:11:36 +0000
ROA not before:           Mon 25 May 2026 18:11:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32787
IP address blocks:        193.126.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:60:55:ce:a4:5f:93:27:8b:dd:d1:81:71:2c:ec:44:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: May 25 18:11:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3ae9995d5aeb3df05ec52ed144fc77f0cc054ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:29:8c:e9:e0:1f:1e:84:fd:25:a3:b3:d4:76:
                    19:f8:e2:e3:15:63:2c:a2:5f:fc:29:f3:51:1f:21:
                    fd:8d:d6:05:7e:88:6d:3d:af:9c:1d:67:60:d8:b5:
                    2d:6e:d6:a2:df:cb:23:40:c0:e5:3f:d1:ea:2c:39:
                    e9:c5:28:74:61:29:6e:6f:b7:68:f4:6f:93:34:f2:
                    28:2a:ca:95:4e:b8:9c:8d:ef:a0:7c:55:d0:43:58:
                    b1:c9:d1:88:7e:c2:87:ca:f5:5a:7d:a8:9c:af:f9:
                    5a:45:9a:85:91:01:0d:3c:c9:5a:69:c8:7f:38:c2:
                    f1:9b:da:2d:88:f7:de:1a:26:bc:bf:6c:9f:34:fa:
                    6a:7b:33:c6:7f:b0:80:fe:96:e7:d7:75:f5:6a:1c:
                    30:06:3a:34:61:61:ba:08:22:2b:9b:fc:c6:d5:f6:
                    a3:54:f8:95:34:5b:61:2d:82:5b:0e:ec:7f:95:fc:
                    8f:f0:66:d3:75:28:a8:21:3c:f2:2d:1b:71:a8:fa:
                    ca:bc:8b:c1:4a:c9:a6:f8:f2:b2:96:78:e1:07:c3:
                    aa:34:e5:e2:c2:15:53:a1:fd:71:42:31:94:ac:97:
                    8a:08:35:0d:ff:86:1d:23:f9:66:f1:78:d6:12:b1:
                    38:fe:ea:2d:2b:6c:20:29:b1:11:b9:27:c7:94:ae:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:AE:99:95:D5:AE:B3:DF:05:EC:52:ED:14:4F:C7:7F:0C:C0:54:EC
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/w66ZldWus98F7FLtFE_HfwzAVOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.126.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:cd:9b:52:52:2b:06:14:d0:88:da:6a:99:e7:67:71:a7:35:
         d8:33:3e:a9:37:fe:5a:63:62:02:33:ca:01:e4:3f:1e:fd:9d:
         5e:9e:64:ce:2c:2a:42:7c:41:10:0a:00:a3:7e:06:77:cb:c7:
         58:85:41:1f:33:aa:15:e0:23:0c:16:ca:79:c0:8b:ca:44:82:
         5d:69:97:a1:86:d5:e2:30:ad:91:58:35:44:17:35:4b:2b:e4:
         54:6c:f9:35:34:1b:d0:e7:75:18:d9:3b:14:e4:ef:f9:99:c3:
         d1:b4:57:49:ef:38:b5:39:85:20:95:b9:34:d4:58:f7:fd:ee:
         9b:a9:af:f7:17:df:91:b0:c7:75:84:c7:38:0a:96:cb:9d:84:
         aa:ca:56:a6:23:8e:21:09:55:3d:91:ce:18:e9:f8:ad:e4:4b:
         8a:18:42:c8:6e:75:62:29:10:ea:16:7c:1c:23:89:6a:ce:b0:
         ad:05:8e:19:dd:84:75:37:1c:28:5a:55:6c:9f:67:2b:e2:92:
         36:47:64:0a:13:6b:5c:87:a6:82:d6:d3:e6:75:f8:09:1f:97:
         d3:73:92:83:f8:90:b0:7a:2e:6b:40:e7:2d:16:88:18:5a:7c:
         5a:9c:b1:62:15:d7:b9:7c:ed:4e:78:3a:81:2a:4f:d9:95:b0:
         87:81:37:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5gVc6kX5Mni93RgXEs7EQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjYwNTI1MTgxMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2FlOTk5NWQ1YWViM2RmMDVlYzUyZWQxNDRmYzc3ZjBjYzA1NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SmM6eAfHoT9JaOz1HYZ+OLjFWMs
ol/8KfNRHyH9jdYFfohtPa+cHWdg2LUtbtai38sjQMDlP9HqLDnpxSh0YSlub7do
9G+TNPIoKsqVTricje+gfFXQQ1ixydGIfsKHyvVafaicr/laRZqFkQENPMlaach/
OMLxm9otiPfeGia8v2yfNPpqezPGf7CA/pbn13X1ahwwBjo0YWG6CCIrm/zG1faj
VPiVNFthLYJbDux/lfyP8GbTdSioITzyLRtxqPrKvIvBSsmm+PKylnjhB8OqNOXi
whVTof1xQjGUrJeKCDUN/4YdI/lm8XjWErE4/uotK2wgKbERuSfHlK6UMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOumZXVrrPfBexS7RRPx38MwFTsMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvdzY2WmxkV3VzOThGN0ZMdEZFX0hmd3pBVk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwX5zMA0G
CSqGSIb3DQEBCwUAA4IBAQCfzZtSUisGFNCI2mqZ52dxpzXYMz6pN/5aY2ICM8oB
5D8e/Z1enmTOLCpCfEEQCgCjfgZ3y8dYhUEfM6oV4CMMFsp5wIvKRIJdaZehhtXi
MK2RWDVEFzVLK+RUbPk1NBvQ53UY2TsU5O/5mcPRtFdJ7zi1OYUglbk01Fj3/e6b
qa/3F9+RsMd1hMc4CpbLnYSqylamI44hCVU9kc4Y6fit5EuKGELIbnViKRDqFnwc
I4lqzrCtBY4Z3YR1NxwoWlVsn2cr4pI2R2QKE2tch6aC1tPmdfgJH5fTc5KD+JCw
ei5rQOctFogYWnxanLFiFde5fO1OeDqBKk/ZlbCHgTeq
-----END CERTIFICATE-----