Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/VUOJ3dhr5MADXvFGVsiGfEFzNSA.roa
File:                     VUOJ3dhr5MADXvFGVsiGfEFzNSA.roa (raw, json)
Hash identifier:          7DajvQYVgcISmFRds0kYAQD88gp9gdRfgy5opT6tR4A=
Subject key identifier:   55:43:89:DD:D8:6B:E4:C0:03:5E:F1:46:56:C8:86:7C:41:73:35:20
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D6B4C60FC773C48AF7139142632A00BB8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/VUOJ3dhr5MADXvFGVsiGfEFzNSA.roa
Signing time:             Wed 08 Apr 2026 04:14:20 +0000
ROA not before:           Wed 08 Apr 2026 04:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154402
IP address blocks:        194.231.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Apr 2026 14:24:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6b:4c:60:fc:77:3c:48:af:71:39:14:26:32:a0:0b:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr  8 04:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=554389ddd86be4c0035ef14656c8867c41733520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:65:59:20:1e:6e:c3:11:20:51:e9:1b:13:3d:
                    f0:0f:08:90:cc:f6:dd:7f:01:90:d0:c7:a9:5b:f1:
                    e8:3d:e4:c2:39:c1:e5:10:5e:cf:1c:30:df:ca:de:
                    da:be:f0:94:08:7d:8e:36:ab:d6:6c:12:10:70:43:
                    f6:90:00:bf:18:fb:b5:be:20:9b:6d:fb:21:30:68:
                    b1:b0:08:46:4b:4f:95:52:70:0d:80:3c:41:29:44:
                    d3:24:d4:ff:27:0a:95:21:7b:c1:a7:ff:b6:34:c0:
                    b5:ed:b1:d7:93:8d:7f:4d:7c:c2:b5:54:e3:e1:55:
                    32:73:66:40:b3:c9:20:c1:41:19:da:84:ba:d7:f6:
                    96:58:48:ec:e8:61:45:2d:a8:bd:70:e0:ed:d6:ad:
                    a6:cf:63:09:8c:60:01:9e:42:d4:07:89:d6:67:30:
                    61:61:6f:ba:16:aa:ee:f6:ac:73:bb:6d:01:77:ce:
                    94:3c:58:32:9d:e7:3d:9c:a9:d3:90:b1:81:9d:9d:
                    aa:ad:cc:01:11:31:47:9d:a1:fb:e1:20:f6:38:a1:
                    b0:e0:87:53:75:13:f4:91:9d:06:81:2f:e6:f4:83:
                    60:86:66:b0:ba:ce:61:fc:0e:9d:33:f2:43:88:4e:
                    55:de:28:fa:63:45:97:99:4b:39:7a:6f:37:5b:66:
                    8d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:43:89:DD:D8:6B:E4:C0:03:5E:F1:46:56:C8:86:7C:41:73:35:20
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/VUOJ3dhr5MADXvFGVsiGfEFzNSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a5:1a:67:58:63:82:a2:2f:fd:be:5f:db:ab:81:f7:de:e6:
         3f:44:74:19:db:83:6b:65:c3:ab:b0:18:22:fa:02:86:f2:f5:
         28:d4:40:ea:b0:dc:e3:54:17:5e:e1:f0:e2:27:dc:56:40:b0:
         af:61:b4:62:6a:ed:dd:39:86:ba:61:a0:4a:47:55:31:73:65:
         4a:7e:76:3a:fc:2f:3e:56:3a:6b:16:d6:a0:c9:5e:c0:5f:29:
         4a:f5:55:bf:45:48:5c:79:21:f9:a8:be:53:0d:0c:0b:37:a3:
         ac:27:88:be:59:98:bb:5c:d4:a4:ce:9c:63:51:34:0b:3e:f9:
         91:1c:0a:fc:ea:eb:26:07:7d:b3:cc:f6:ae:d7:2c:e8:ce:97:
         35:86:7d:28:f6:9c:a7:39:94:70:a5:08:c2:b4:a7:5a:16:04:
         6b:6e:ad:07:bd:2f:dd:a8:59:39:33:43:e4:0c:cb:ed:aa:21:
         ee:00:e1:00:79:68:e9:a3:69:64:e0:31:88:6a:08:94:78:9d:
         53:48:d8:b3:26:18:96:93:a4:02:32:f0:45:b1:71:96:cd:29:
         67:2b:16:83:78:a3:77:c3:e0:f0:de:fe:2f:fb:3c:7b:f8:b8:
         6d:07:be:da:d1:9f:6c:36:74:54:94:c0:6a:9c:67:1b:e1:50:
         29:47:42:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1rTGD8dzxIr3E5FCYyoAu4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDA4MDQxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQzODlkZGQ4NmJlNGMwMDM1ZWYxNDY1NmM4ODY3YzQxNzMzNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WVZIB5uwxEgUekbEz3wDwiQzPbd
fwGQ0MepW/HoPeTCOcHlEF7PHDDfyt7avvCUCH2ONqvWbBIQcEP2kAC/GPu1viCb
bfshMGixsAhGS0+VUnANgDxBKUTTJNT/JwqVIXvBp/+2NMC17bHXk41/TXzCtVTj
4VUyc2ZAs8kgwUEZ2oS61/aWWEjs6GFFLai9cODt1q2mz2MJjGABnkLUB4nWZzBh
YW+6Fqru9qxzu20Bd86UPFgynec9nKnTkLGBnZ2qrcwBETFHnaH74SD2OKGw4IdT
dRP0kZ0GgS/m9INghmawus5h/A6dM/JDiE5V3ij6Y0WXmUs5em83W2aN0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVDid3Ya+TAA17xRlbIhnxBczUgMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVlVPSjNkaHI1TUFEWHZGR1ZzaUdmRUZ6TlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueMMA0G
CSqGSIb3DQEBCwUAA4IBAQCLpRpnWGOCoi/9vl/bq4H33uY/RHQZ24NrZcOrsBgi
+gKG8vUo1EDqsNzjVBde4fDiJ9xWQLCvYbRiau3dOYa6YaBKR1Uxc2VKfnY6/C8+
VjprFtagyV7AXylK9VW/RUhceSH5qL5TDQwLN6OsJ4i+WZi7XNSkzpxjUTQLPvmR
HAr86usmB32zzPau1yzozpc1hn0o9pynOZRwpQjCtKdaFgRrbq0HvS/dqFk5M0Pk
DMvtqiHuAOEAeWjpo2lk4DGIagiUeJ1TSNizJhiWk6QCMvBFsXGWzSlnKxaDeKN3
w+Dw3v4v+zx7+LhtB77a0Z9sNnRUlMBqnGcb4VApR0K+
-----END CERTIFICATE-----