Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/G-yw8d4tGfvu1V1RtqHrB0f1A7w.roa
File:                     G-yw8d4tGfvu1V1RtqHrB0f1A7w.roa (raw, json)
Hash identifier:          FCGFh2yYxIfN7yEpFKXYoDozhL/55pv9VOGSxlFFrP0=
Subject key identifier:   1B:EC:B0:F1:DE:2D:19:FB:EE:D5:5D:51:B6:A1:EB:07:47:F5:03:BC
Certificate issuer:       /CN=33f50a8de971f8547f5b56c97c36c287ef54bdb8
Certificate serial:       019E3073D0C00E433F4A17E1FAE3F1C9D392
Authority key identifier: 33:F5:0A:8D:E9:71:F8:54:7F:5B:56:C9:7C:36:C2:87:EF:54:BD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_UKjelx-FR_W1bJfDbCh-9Uvbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/G-yw8d4tGfvu1V1RtqHrB0f1A7w.roa
Signing time:             Sat 16 May 2026 11:02:36 +0000
ROA not before:           Sat 16 May 2026 11:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206388
IP address blocks:        91.242.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/M_UKjelx-FR_W1bJfDbCh-9Uvbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/M_UKjelx-FR_W1bJfDbCh-9Uvbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_UKjelx-FR_W1bJfDbCh-9Uvbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:73:d0:c0:0e:43:3f:4a:17:e1:fa:e3:f1:c9:d3:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33f50a8de971f8547f5b56c97c36c287ef54bdb8
        Validity
            Not Before: May 16 11:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1becb0f1de2d19fbeed55d51b6a1eb0747f503bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a7:71:b2:a1:a2:83:4e:f7:3f:b2:15:1e:bc:
                    76:3d:bf:8a:7e:c4:7a:0d:dc:ce:19:66:47:2d:5e:
                    dc:60:ef:e9:07:88:c0:8c:bf:6b:9f:90:44:55:bf:
                    f7:27:1a:21:a2:6d:4a:77:24:fd:9d:ec:b3:21:18:
                    be:f6:0f:c5:5f:c8:19:18:b4:b4:ce:e5:f7:fc:4b:
                    1f:d6:ec:9f:b2:d3:98:bc:68:a5:74:ed:5a:f4:ec:
                    62:46:b6:c3:d1:4f:c5:34:29:9c:d5:ca:ca:95:9b:
                    66:b2:ac:3f:f3:30:3c:08:44:b6:6e:03:7f:8c:cc:
                    1e:0c:ad:2c:d4:25:19:12:ce:f7:0b:4d:ec:8d:46:
                    cc:66:9a:22:c8:3c:53:2e:41:57:66:76:2a:0b:a4:
                    1d:3f:cb:84:45:d2:8f:8b:b5:89:62:19:69:01:4c:
                    93:e4:fc:81:81:c0:48:6c:2d:10:8d:44:78:d9:8f:
                    dc:b6:c8:46:01:f0:41:b8:f8:8e:dd:a4:9a:2d:2a:
                    04:b2:04:5b:d6:3e:6a:0c:b0:91:ad:10:eb:26:41:
                    21:f2:56:11:e8:03:fd:61:df:5f:9e:9e:8e:c5:6a:
                    81:9c:75:b8:94:0f:c6:25:e4:33:d8:6d:37:a6:49:
                    33:6c:f6:bb:81:48:77:a2:75:07:c3:27:5c:4f:cc:
                    71:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EC:B0:F1:DE:2D:19:FB:EE:D5:5D:51:B6:A1:EB:07:47:F5:03:BC
            X509v3 Authority Key Identifier:
                keyid:33:F5:0A:8D:E9:71:F8:54:7F:5B:56:C9:7C:36:C2:87:EF:54:BD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_UKjelx-FR_W1bJfDbCh-9Uvbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/G-yw8d4tGfvu1V1RtqHrB0f1A7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c8fd07-d5c7-4ed3-8075-274f10a5e1e3/1/M_UKjelx-FR_W1bJfDbCh-9Uvbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:99:ad:7b:fa:00:21:08:9a:5e:6f:a1:d7:df:11:68:61:04:
         fd:67:a2:05:16:3c:0e:a0:95:07:62:66:6c:43:3b:47:2b:d3:
         4f:11:45:10:ba:fb:e2:a0:53:51:23:4b:ae:c2:ee:85:8d:66:
         e3:d8:06:c2:fe:81:33:97:5b:b0:b3:6a:3a:c3:13:51:22:75:
         2c:ff:b5:2b:b1:f1:24:ca:60:1d:a5:d1:29:fc:91:39:ff:57:
         2c:fa:e4:b0:9a:fd:63:ed:88:ad:fb:e3:00:fd:7a:72:0e:56:
         45:6a:3a:81:5c:23:9e:fa:8e:ff:af:87:8b:fa:40:3f:29:a1:
         38:49:a5:02:0c:5e:0b:6a:46:19:8d:dc:60:0c:69:25:23:9f:
         a3:38:d8:cb:f7:7e:3e:cd:9a:5c:b4:db:5f:4d:0d:55:3e:cd:
         f9:19:4b:b2:c6:82:bd:28:7d:77:b4:bd:c4:d5:46:1a:f4:1a:
         0c:89:5e:2e:b0:c2:de:b8:4a:e1:78:8f:dd:de:00:3d:3a:2c:
         8b:f8:86:67:0e:f0:e1:8c:00:df:77:77:79:63:7a:c5:21:3e:
         fd:2d:ff:94:a8:17:b4:e0:6c:54:46:66:a3:3f:db:d6:9c:66:
         5b:ce:7b:b9:db:ff:02:73:9f:a8:f7:af:c5:1b:eb:8f:b5:d2:
         2b:85:6c:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4wc9DADkM/Shfh+uPxydOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZjUwYThkZTk3MWY4NTQ3ZjViNTZjOTdjMzZjMjg3ZWY1
NGJkYjgwHhcNMjYwNTE2MTEwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmVjYjBmMWRlMmQxOWZiZWVkNTVkNTFiNmExZWIwNzQ3ZjUwM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvadxsqGig073P7IVHrx2Pb+KfsR6
DdzOGWZHLV7cYO/pB4jAjL9rn5BEVb/3Jxohom1KdyT9neyzIRi+9g/FX8gZGLS0
zuX3/Esf1uyfstOYvGildO1a9OxiRrbD0U/FNCmc1crKlZtmsqw/8zA8CES2bgN/
jMweDK0s1CUZEs73C03sjUbMZpoiyDxTLkFXZnYqC6QdP8uERdKPi7WJYhlpAUyT
5PyBgcBIbC0QjUR42Y/ctshGAfBBuPiO3aSaLSoEsgRb1j5qDLCRrRDrJkEh8lYR
6AP9Yd9fnp6OxWqBnHW4lA/GJeQz2G03pkkzbPa7gUh3onUHwydcT8xxVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvssPHeLRn77tVdUbah6wdH9QO8MB8GA1UdIwQY
MBaAFDP1Co3pcfhUf1tWyXw2wofvVL24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV9VS2plbHgtRlJfVzFiSmZEYkNoLTlVdmJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jOGZkMDctZDVjNy00ZWQzLTgwNzUt
Mjc0ZjEwYTVlMWUzLzEvRy15dzhkNHRHZnZ1MVYxUnRxSHJCMGYxQTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jOGZkMDctZDVjNy00ZWQzLTgwNzUtMjc0ZjEwYTVlMWUz
LzEvTV9VS2plbHgtRlJfVzFiSmZEYkNoLTlVdmJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/IsMA0G
CSqGSIb3DQEBCwUAA4IBAQCxma17+gAhCJpeb6HX3xFoYQT9Z6IFFjwOoJUHYmZs
QztHK9NPEUUQuvvioFNRI0uuwu6FjWbj2AbC/oEzl1uws2o6wxNRInUs/7UrsfEk
ymAdpdEp/JE5/1cs+uSwmv1j7Yit++MA/XpyDlZFajqBXCOe+o7/r4eL+kA/KaE4
SaUCDF4LakYZjdxgDGklI5+jONjL934+zZpctNtfTQ1VPs35GUuyxoK9KH13tL3E
1UYa9BoMiV4usMLeuErheI/d3gA9OiyL+IZnDvDhjADfd3d5Y3rFIT79Lf+UqBe0
4GxURmajP9vWnGZbznu52/8Cc5+o96/FG+uPtdIrhWyO
-----END CERTIFICATE-----