Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/L_lurfVMTqwpO3u6xE9qRKV5Qgc.roa
File:                     L_lurfVMTqwpO3u6xE9qRKV5Qgc.roa (raw, json)
Hash identifier:          l23OrKr9WvvSQM+tVJnmi0UwpooxXlvEinD6ejP+N/U=
Subject key identifier:   2F:F9:6E:AD:F5:4C:4E:AC:29:3B:7B:BA:C4:4F:6A:44:A5:79:42:07
Certificate issuer:       /CN=09253886a0250a04ec69be00bbf8433c2f014b7c
Certificate serial:       019ECA7A46A8CFF914CE40E4AAAA646F7BF7
Authority key identifier: 09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/L_lurfVMTqwpO3u6xE9qRKV5Qgc.roa
Signing time:             Mon 15 Jun 2026 08:51:11 +0000
ROA not before:           Mon 15 Jun 2026 08:51:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219450
IP address blocks:        194.110.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:7a:46:a8:cf:f9:14:ce:40:e4:aa:aa:64:6f:7b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09253886a0250a04ec69be00bbf8433c2f014b7c
        Validity
            Not Before: Jun 15 08:51:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ff96eadf54c4eac293b7bbac44f6a44a5794207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3a:80:01:11:2a:9b:47:5d:a8:34:56:90:8e:
                    71:07:66:d0:47:84:a9:2a:32:4e:47:e1:ef:82:5b:
                    6c:9b:b1:99:1f:dc:7a:58:db:1e:be:f4:1b:fe:f6:
                    d9:b4:23:2e:80:45:23:75:48:c6:42:fe:fd:cf:cf:
                    4c:86:8a:fb:56:09:b6:2f:a6:c0:84:5c:fd:90:7d:
                    7c:62:24:72:dd:5a:fc:8f:ac:35:f8:68:0e:00:2a:
                    e1:61:86:53:6c:60:c8:51:26:ed:bc:be:e5:9b:e5:
                    6a:47:7b:de:90:3f:5a:d4:0b:e4:5e:48:7c:8f:ee:
                    40:3c:d8:ee:a0:73:e3:9e:a4:a2:56:3e:b3:f2:6b:
                    ef:b8:d6:58:d8:c9:75:0b:58:56:67:e0:6a:85:9c:
                    49:1e:3f:9c:82:4f:63:f2:1e:35:9b:ec:2a:f9:29:
                    6f:5e:11:b2:7f:cd:66:e9:9b:27:2c:74:79:3e:ec:
                    83:dc:6f:ea:e6:63:03:46:39:0f:fd:e9:23:7a:2d:
                    f4:c3:c2:17:dd:1c:00:c8:0f:94:e7:70:1e:c4:34:
                    0c:26:04:ac:02:37:0c:94:e9:9f:08:9b:5c:52:06:
                    a3:fb:0d:db:7a:17:b4:61:53:e8:03:20:7b:c7:37:
                    ad:c0:a8:bd:6e:6f:7e:a6:46:5f:3d:14:0c:ca:99:
                    4e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F9:6E:AD:F5:4C:4E:AC:29:3B:7B:BA:C4:4F:6A:44:A5:79:42:07
            X509v3 Authority Key Identifier:
                keyid:09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/L_lurfVMTqwpO3u6xE9qRKV5Qgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:48:f2:a9:fa:17:1d:d5:b6:fc:51:6a:62:03:f8:fd:99:ee:
         35:c5:e3:d3:df:f1:35:d0:74:71:d1:6e:22:8a:4e:44:22:9d:
         9d:f6:3e:d2:90:51:bb:da:16:9e:82:ce:d4:bf:87:3a:a8:8c:
         cd:8f:a3:7e:24:7a:bf:c5:4d:4d:67:d3:bb:28:66:4d:05:68:
         50:e7:5a:d6:59:7b:54:a9:2e:8a:3b:a8:f4:ae:cc:6f:d1:d7:
         bb:2b:00:84:68:86:58:f1:17:90:cd:bf:cd:9c:9e:ba:d8:ed:
         5c:90:5d:08:e1:bd:bb:3b:4e:ea:9b:8a:d8:cc:28:54:0c:df:
         f4:b1:57:d6:63:46:3a:fd:59:65:4d:f9:f7:74:85:c9:1e:80:
         c9:66:95:92:e1:73:ab:23:27:68:eb:48:51:1e:8d:14:e6:d5:
         8e:73:a2:3a:fd:8e:f7:e5:42:1f:d8:d4:3f:51:db:53:ea:10:
         18:1d:f7:35:44:b2:77:42:6b:49:9e:b2:e0:c5:c6:7e:15:d2:
         65:9c:bb:c7:32:72:b7:b2:28:32:c8:54:86:a0:46:42:b5:84:
         52:40:68:ba:d6:fb:98:51:3b:b8:06:ee:d3:a2:c9:ed:31:68:
         49:ea:5b:63:59:a0:68:57:5d:3d:8e:6c:9f:a6:50:89:97:4c:
         d8:ef:e0:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Kekaoz/kUzkDkqqpkb3v3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MjUzODg2YTAyNTBhMDRlYzY5YmUwMGJiZjg0MzNjMmYw
MTRiN2MwHhcNMjYwNjE1MDg1MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmY5NmVhZGY1NGM0ZWFjMjkzYjdiYmFjNDRmNmE0NGE1Nzk0MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzqAAREqm0ddqDRWkI5xB2bQR4Sp
KjJOR+Hvgltsm7GZH9x6WNsevvQb/vbZtCMugEUjdUjGQv79z89Mhor7Vgm2L6bA
hFz9kH18YiRy3Vr8j6w1+GgOACrhYYZTbGDIUSbtvL7lm+VqR3vekD9a1AvkXkh8
j+5APNjuoHPjnqSiVj6z8mvvuNZY2Ml1C1hWZ+BqhZxJHj+cgk9j8h41m+wq+Slv
XhGyf81m6ZsnLHR5PuyD3G/q5mMDRjkP/ekjei30w8IX3RwAyA+U53AexDQMJgSs
AjcMlOmfCJtcUgaj+w3behe0YVPoAyB7xzetwKi9bm9+pkZfPRQMyplOfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/5bq31TE6sKTt7usRPakSleUIHMB8GA1UdIwQY
MBaAFAklOIagJQoE7Gm+ALv4QzwvAUt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAt
MTE0YWQ0MWNmMzMxLzEvTF9sdXJmVk1UcXdwTzN1NnhFOXFSS1Y1UWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAtMTE0YWQ0MWNmMzMx
LzEvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6pMA0G
CSqGSIb3DQEBCwUAA4IBAQCsSPKp+hcd1bb8UWpiA/j9me41xePT3/E10HRx0W4i
ik5EIp2d9j7SkFG72haegs7Uv4c6qIzNj6N+JHq/xU1NZ9O7KGZNBWhQ51rWWXtU
qS6KO6j0rsxv0de7KwCEaIZY8ReQzb/NnJ662O1ckF0I4b27O07qm4rYzChUDN/0
sVfWY0Y6/VllTfn3dIXJHoDJZpWS4XOrIydo60hRHo0U5tWOc6I6/Y735UIf2NQ/
UdtT6hAYHfc1RLJ3QmtJnrLgxcZ+FdJlnLvHMnK3sigyyFSGoEZCtYRSQGi61vuY
UTu4Bu7TosntMWhJ6ltjWaBoV109jmyfplCJl0zY7+BE
-----END CERTIFICATE-----