Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qojg36YESZFzgpL8lTzi_iN7ob8.roa
File:                     Qojg36YESZFzgpL8lTzi_iN7ob8.roa (raw, json)
Hash identifier:          zhGEZnPqP4nZqYiXcbbVbF0iJysOxxPssoCgV8XcS8k=
Subject key identifier:   42:88:E0:DF:A6:04:49:91:73:82:92:FC:95:3C:E2:FE:23:7B:A1:BF
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EAD6AB4F9EC37D16F48C80D663FE58E24
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qojg36YESZFzgpL8lTzi_iN7ob8.roa
Signing time:             Tue 09 Jun 2026 17:25:11 +0000
ROA not before:           Tue 09 Jun 2026 17:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        194.231.194.0/24 maxlen: 24
                          195.162.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:6a:b4:f9:ec:37:d1:6f:48:c8:0d:66:3f:e5:8e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  9 17:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4288e0dfa6044991738292fc953ce2fe237ba1bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6b:d7:40:e8:7b:58:a3:f0:08:23:c6:aa:f2:
                    f6:51:a7:05:fb:16:72:c0:15:56:5a:14:8b:7c:c7:
                    e3:79:ba:89:2a:45:a7:9b:9b:b4:7c:53:2f:2d:16:
                    16:6f:0d:bb:5b:2e:cb:9e:e1:e5:f0:43:53:f4:b8:
                    ee:f2:a4:47:47:f5:3f:07:f0:73:fc:ba:d9:5c:e3:
                    86:7d:f6:0f:c7:09:1c:aa:dd:ca:c4:b7:d9:81:22:
                    3c:fa:8a:06:5e:43:dd:c1:18:60:28:36:d6:1d:58:
                    3e:9d:d2:68:fd:ed:93:2c:12:ea:1b:83:ea:ff:70:
                    c2:e8:09:54:95:68:e8:de:8e:7e:68:9d:f8:a4:91:
                    3c:ad:e8:72:26:83:6e:51:d1:1f:d7:19:6e:af:02:
                    ea:b9:6a:aa:3b:8c:0f:cd:cf:b4:15:38:66:82:fc:
                    88:2a:c6:59:78:9d:da:c5:b0:1c:20:b4:6a:ca:38:
                    6a:83:2f:1a:4c:92:a6:8a:11:ec:fa:91:fd:0c:61:
                    23:fa:fa:b7:9c:14:e3:51:9a:d9:45:fc:db:6c:98:
                    80:0f:45:bd:c9:ae:ae:98:16:28:35:9a:e7:31:fb:
                    cb:1b:77:06:f3:71:cd:0b:fe:87:ad:3e:95:38:06:
                    3b:9a:8a:80:c3:11:61:bf:2b:d9:b6:e7:7e:07:97:
                    58:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:88:E0:DF:A6:04:49:91:73:82:92:FC:95:3C:E2:FE:23:7B:A1:BF
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qojg36YESZFzgpL8lTzi_iN7ob8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.194.0/24
                  195.162.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:85:e6:c0:c3:59:27:bc:5b:44:c4:bd:e6:8e:b2:6a:41:d4:
         d4:63:06:ee:09:1f:23:46:e5:a4:40:64:c8:0b:47:00:08:cd:
         d3:0a:7c:42:1d:7a:90:7b:bd:b0:3f:9a:f9:a1:2c:ac:31:74:
         d4:1d:4d:b8:bb:07:e7:b2:37:45:64:ed:d2:ea:76:2d:0f:88:
         a7:ee:2d:04:a6:47:83:6c:04:8a:be:75:62:66:40:2c:aa:c1:
         47:e4:e7:94:bf:a6:e1:24:3e:06:b1:d3:ce:43:31:6f:17:fe:
         5d:ea:7b:b2:be:83:55:2f:f8:6c:64:81:c1:f1:6c:70:d3:19:
         5a:0f:6f:0d:40:df:3a:b7:44:fe:1a:21:43:34:64:11:41:2b:
         5c:f0:c9:d1:1f:bb:dc:e8:42:30:75:e3:9c:a1:f5:b1:61:9b:
         49:03:ce:0c:4a:30:c5:40:64:8e:cc:5f:ed:0b:43:9b:59:a1:
         45:33:4b:24:b8:28:17:3c:6f:44:f7:9c:90:a7:a2:a5:f2:65:
         d1:ac:7d:63:54:bb:79:5c:2f:91:14:84:c9:35:a8:00:6d:04:
         8e:70:8c:13:f3:41:d1:1b:7d:5c:0d:13:55:44:c5:4d:94:f3:
         ed:8e:02:7a:7f:6f:fc:79:ec:b8:08:4b:a4:8e:9c:17:d4:17:
         0e:eb:eb:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6tarT57DfRb0jIDWY/5Y4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjA5MTcyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg4ZTBkZmE2MDQ0OTkxNzM4MjkyZmM5NTNjZTJmZTIzN2JhMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2vXQOh7WKPwCCPGqvL2UacF+xZy
wBVWWhSLfMfjebqJKkWnm5u0fFMvLRYWbw27Wy7LnuHl8ENT9Lju8qRHR/U/B/Bz
/LrZXOOGffYPxwkcqt3KxLfZgSI8+ooGXkPdwRhgKDbWHVg+ndJo/e2TLBLqG4Pq
/3DC6AlUlWjo3o5+aJ34pJE8rehyJoNuUdEf1xlurwLquWqqO4wPzc+0FThmgvyI
KsZZeJ3axbAcILRqyjhqgy8aTJKmihHs+pH9DGEj+vq3nBTjUZrZRfzbbJiAD0W9
ya6umBYoNZrnMfvLG3cG83HNC/6HrT6VOAY7moqAwxFhvyvZtud+B5dY7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEKI4N+mBEmRc4KS/JU84v4je6G/MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUW9qZzM2WUVTWkZ6Z3BMOGxUemlfaU43b2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwufCAwQA
w6L3MA0GCSqGSIb3DQEBCwUAA4IBAQA7hebAw1knvFtExL3mjrJqQdTUYwbuCR8j
RuWkQGTIC0cACM3TCnxCHXqQe72wP5r5oSysMXTUHU24uwfnsjdFZO3S6nYtD4in
7i0EpkeDbASKvnViZkAsqsFH5OeUv6bhJD4GsdPOQzFvF/5d6nuyvoNVL/hsZIHB
8Wxw0xlaD28NQN86t0T+GiFDNGQRQStc8MnRH7vc6EIwdeOcofWxYZtJA84MSjDF
QGSOzF/tC0ObWaFFM0skuCgXPG9E95yQp6Kl8mXRrH1jVLt5XC+RFITJNagAbQSO
cIwT80HRG31cDRNVRMVNlPPtjgJ6f2/8eey4CEukjpwX1BcO6+u3
-----END CERTIFICATE-----