Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yga3sru13JJ5mEALcdqG5rT2dMw.roa
File:                     yga3sru13JJ5mEALcdqG5rT2dMw.roa (raw, json)
Hash identifier:          6GQh4LjvxRVmR22A+aQaH1Y6AXCspo+pxOhRnrGoKkU=
Subject key identifier:   CA:06:B7:B2:BB:B5:DC:92:79:98:40:0B:71:DA:86:E6:B4:F6:74:CC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DBFB4BFD4FEAC5322F887D7F2E1D705D8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yga3sru13JJ5mEALcdqG5rT2dMw.roa
Signing time:             Fri 24 Apr 2026 13:36:26 +0000
ROA not before:           Fri 24 Apr 2026 13:36:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142240
IP address blocks:        194.231.148.0/24 maxlen: 24
                          194.231.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 01:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:b4:bf:d4:fe:ac:53:22:f8:87:d7:f2:e1:d7:05:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 24 13:36:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca06b7b2bbb5dc927998400b71da86e6b4f674cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7b:af:22:63:2e:bb:be:e1:0f:d0:7c:fd:62:
                    c3:7b:61:16:ec:c2:27:67:4f:2a:d3:75:37:d3:7e:
                    f7:62:55:bf:2a:0c:20:e9:a8:7d:3e:50:6e:60:0a:
                    be:35:10:70:3d:60:00:6e:28:7b:8b:52:58:16:10:
                    dd:24:5a:ea:54:76:a4:0a:2b:fe:56:90:65:a0:7e:
                    71:9b:a9:79:39:9b:56:1c:95:72:a7:66:3c:12:22:
                    48:ad:12:8e:cd:e4:2d:28:c9:07:89:de:f1:f3:24:
                    34:4a:79:e3:76:e6:5b:18:50:ff:17:f3:a7:97:c1:
                    4d:95:cc:ae:fc:8b:69:1d:ae:1c:6d:14:6b:2f:ab:
                    cc:e1:25:21:ac:67:75:b1:99:cb:60:50:82:9b:1b:
                    1d:b4:de:16:9d:4b:05:47:c3:6c:27:4d:61:ec:2b:
                    02:18:49:8c:91:80:2c:fb:4a:a9:ba:bc:78:da:db:
                    5a:3d:df:e7:b1:49:7a:aa:1f:31:c0:55:30:c5:a9:
                    10:39:b4:6d:25:7c:33:18:e0:96:9f:23:e7:5f:3b:
                    74:e0:51:45:3e:c2:09:65:8d:eb:77:1e:7f:83:5d:
                    6d:0f:25:d6:ea:11:54:6e:8b:78:97:3c:ad:95:fd:
                    72:68:9e:a8:23:c9:eb:69:b6:49:55:43:bb:ce:b6:
                    ff:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:B7:B2:BB:B5:DC:92:79:98:40:0B:71:DA:86:E6:B4:F6:74:CC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yga3sru13JJ5mEALcdqG5rT2dMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.148.0/24
                  194.231.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b3:f9:7c:2f:0d:cf:d1:b9:b7:26:9c:a2:ac:fb:2a:ac:58:
         b5:a9:f5:a0:06:b7:27:c7:6d:b2:2f:50:02:1a:41:0b:52:96:
         6c:be:61:40:99:54:14:20:3d:5d:b8:fd:01:c9:92:1d:7c:95:
         de:8e:23:9f:37:48:cd:75:24:f8:36:10:cd:2a:36:68:0a:b1:
         79:4a:fa:40:98:58:db:4e:e7:fb:27:fe:97:25:5f:13:8e:30:
         e4:48:89:d1:65:f6:b4:79:7a:e2:36:7c:9a:c4:a7:be:55:60:
         63:06:51:e8:fb:8c:3d:11:34:90:41:0b:c1:46:f7:2a:f2:27:
         40:63:fa:a2:15:17:f3:26:8a:1e:e2:49:d0:fe:1a:34:db:07:
         4b:ff:3c:a9:12:a2:47:d1:5f:7e:2b:16:36:8d:39:6e:8d:4c:
         70:bb:d5:bd:58:9c:6f:18:f3:eb:ae:25:78:8c:6a:26:a2:7d:
         43:9b:0b:37:ea:ca:0c:c5:39:25:d8:4e:16:21:eb:53:11:4a:
         b8:53:7f:9f:37:ce:47:38:26:ac:88:08:69:55:a2:2a:ce:10:
         ff:a5:66:42:fe:9a:7b:24:00:54:6a:75:3c:77:3e:5f:86:e8:
         f2:6f:06:b1:bc:3c:6d:f0:b6:a7:88:43:d4:0b:73:82:3b:a4:
         63:00:3c:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2/tL/U/qxTIviH1/Lh1wXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDI0MTMzNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA2YjdiMmJiYjVkYzkyNzk5ODQwMGI3MWRhODZlNmI0ZjY3NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXuvImMuu77hD9B8/WLDe2EW7MIn
Z08q03U30373YlW/Kgwg6ah9PlBuYAq+NRBwPWAAbih7i1JYFhDdJFrqVHakCiv+
VpBloH5xm6l5OZtWHJVyp2Y8EiJIrRKOzeQtKMkHid7x8yQ0SnnjduZbGFD/F/On
l8FNlcyu/ItpHa4cbRRrL6vM4SUhrGd1sZnLYFCCmxsdtN4WnUsFR8NsJ01h7CsC
GEmMkYAs+0qpurx42ttaPd/nsUl6qh8xwFUwxakQObRtJXwzGOCWnyPnXzt04FFF
PsIJZY3rdx5/g11tDyXW6hFUbot4lzytlf1yaJ6oI8nrabZJVUO7zrb/QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMoGt7K7tdySeZhAC3Hahua09nTMMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveWdhM3NydTEzSko1bUVBTGNkcUc1clQyZE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwueUAwQA
wufLMA0GCSqGSIb3DQEBCwUAA4IBAQCes/l8Lw3P0bm3JpyirPsqrFi1qfWgBrcn
x22yL1ACGkELUpZsvmFAmVQUID1duP0ByZIdfJXejiOfN0jNdST4NhDNKjZoCrF5
SvpAmFjbTuf7J/6XJV8TjjDkSInRZfa0eXriNnyaxKe+VWBjBlHo+4w9ETSQQQvB
Rvcq8idAY/qiFRfzJooe4knQ/ho02wdL/zypEqJH0V9+KxY2jTlujUxwu9W9WJxv
GPPrriV4jGomon1Dmws36soMxTkl2E4WIetTEUq4U3+fN85HOCasiAhpVaIqzhD/
pWZC/pp7JABUanU8dz5fhujybwaxvDxt8LaniEPUC3OCO6RjADxB
-----END CERTIFICATE-----