Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/TYV20I1tmXmrFyD5hD9FE4IPKWU.roa
File:                     TYV20I1tmXmrFyD5hD9FE4IPKWU.roa (raw, json)
Hash identifier:          cuvSEP8hQjrQh4a+NJD6WQS8i4OZ31Rtmx8MtCDraCQ=
Subject key identifier:   4D:85:76:D0:8D:6D:99:79:AB:17:20:F9:84:3F:45:13:82:0F:29:65
Certificate issuer:       /CN=5e177bf7d0435441d1adb148a22cefe1d6dcc0fb
Certificate serial:       019DB9B0D389060087D63280A2131C706E20
Authority key identifier: 5E:17:7B:F7:D0:43:54:41:D1:AD:B1:48:A2:2C:EF:E1:D6:DC:C0:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xhd799BDVEHRrbFIoizv4dbcwPs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/TYV20I1tmXmrFyD5hD9FE4IPKWU.roa
Signing time:             Thu 23 Apr 2026 09:34:26 +0000
ROA not before:           Thu 23 Apr 2026 09:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215442
IP address blocks:        194.187.254.0/24 maxlen: 24
                          2a14:b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/Xhd799BDVEHRrbFIoizv4dbcwPs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/Xhd799BDVEHRrbFIoizv4dbcwPs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xhd799BDVEHRrbFIoizv4dbcwPs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:b0:d3:89:06:00:87:d6:32:80:a2:13:1c:70:6e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e177bf7d0435441d1adb148a22cefe1d6dcc0fb
        Validity
            Not Before: Apr 23 09:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d8576d08d6d9979ab1720f9843f4513820f2965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b9:f2:66:93:66:b3:bd:64:1f:a3:3b:ae:94:
                    62:42:cd:14:66:4b:7e:74:78:2c:dc:55:9a:32:7f:
                    b2:5a:5a:3f:33:53:d6:e9:af:02:0f:fc:79:4e:2d:
                    ef:8b:58:db:20:6d:a7:af:f5:68:80:05:43:87:f8:
                    df:bc:7c:5a:4d:68:26:0a:ab:a1:a9:84:70:87:7c:
                    21:b9:42:cf:e4:7b:39:d0:a3:21:94:4a:df:26:47:
                    2d:e5:d2:be:93:86:21:4f:8a:2e:90:6b:32:7d:f1:
                    51:d6:cd:ea:96:b1:87:b7:14:12:4d:74:8f:45:7e:
                    f4:2b:92:77:05:ee:49:9c:c5:36:7b:fd:c8:b8:a0:
                    fa:f9:64:69:36:a9:a8:7d:70:9d:e2:a0:31:0b:26:
                    45:b9:32:8c:26:9b:bc:11:96:ec:91:dd:23:70:6d:
                    39:78:0c:d9:32:38:fd:77:9d:c3:da:f3:22:57:6f:
                    29:1f:ca:ba:2e:84:c9:2c:c5:74:3f:d0:59:3f:07:
                    b2:58:53:fb:03:2a:d0:9a:b2:b8:40:28:84:8d:d1:
                    b5:93:aa:32:54:c0:0a:d3:bb:0c:27:fb:01:0f:13:
                    a5:96:72:7a:33:54:fa:83:b0:6b:97:b6:aa:73:62:
                    33:5f:85:ac:07:a2:6e:c5:b8:2d:01:e1:fe:97:b0:
                    2f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:85:76:D0:8D:6D:99:79:AB:17:20:F9:84:3F:45:13:82:0F:29:65
            X509v3 Authority Key Identifier:
                keyid:5E:17:7B:F7:D0:43:54:41:D1:AD:B1:48:A2:2C:EF:E1:D6:DC:C0:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xhd799BDVEHRrbFIoizv4dbcwPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/TYV20I1tmXmrFyD5hD9FE4IPKWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/7687b5-3498-435d-95c4-62478f0da807/1/Xhd799BDVEHRrbFIoizv4dbcwPs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.254.0/24
                IPv6:
                  2a14:b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:64:aa:9b:63:d5:fd:31:24:5a:85:f1:59:78:05:6a:14:d4:
         e7:39:d3:1e:fc:d1:86:f9:e0:4b:e4:76:c9:a6:c4:31:80:f9:
         d2:75:15:d8:f7:44:62:a2:b9:ee:a1:7f:c9:55:48:3d:e3:1d:
         c6:57:ea:e7:81:45:b2:bd:7c:00:57:bd:ea:f3:33:ba:2c:79:
         e6:41:1c:60:58:5a:14:a1:56:45:2c:5a:da:cf:f8:8a:b8:76:
         8e:cd:f3:a7:45:8c:fa:a2:18:44:d1:e8:a7:80:eb:fb:ea:ad:
         e2:4d:2a:59:d1:a0:2b:a3:17:d2:25:8d:18:66:50:5b:48:e0:
         0d:2b:43:9b:4a:6e:c5:f6:3d:e7:87:d8:1d:75:87:c5:69:1e:
         39:eb:7b:91:b7:37:5a:6e:46:8a:f6:16:a7:35:f0:f7:1d:8b:
         ad:a2:e8:9c:82:84:6b:bd:1f:31:84:e9:0e:94:e4:75:4c:4f:
         92:fb:69:45:53:66:55:6e:7d:65:a9:4b:fc:f4:ef:b9:3f:8e:
         5f:55:91:e1:81:21:b9:c0:03:e6:91:7e:f4:e1:10:c2:09:a4:
         44:98:c3:09:e1:d1:7c:45:0a:bd:88:fa:dc:f5:ae:8a:a8:80:
         d2:8d:4c:ca:57:4e:f4:ca:d9:fb:2d:ba:a4:d1:cd:bd:e2:fb:
         a7:cb:a0:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ25sNOJBgCH1jKAohMccG4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMTc3YmY3ZDA0MzU0NDFkMWFkYjE0OGEyMmNlZmUxZDZk
Y2MwZmIwHhcNMjYwNDIzMDkzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDg1NzZkMDhkNmQ5OTc5YWIxNzIwZjk4NDNmNDUxMzgyMGYyOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrnyZpNms71kH6M7rpRiQs0UZkt+
dHgs3FWaMn+yWlo/M1PW6a8CD/x5Ti3vi1jbIG2nr/VogAVDh/jfvHxaTWgmCquh
qYRwh3whuULP5Hs50KMhlErfJkct5dK+k4YhT4oukGsyffFR1s3qlrGHtxQSTXSP
RX70K5J3Be5JnMU2e/3IuKD6+WRpNqmofXCd4qAxCyZFuTKMJpu8EZbskd0jcG05
eAzZMjj9d53D2vMiV28pH8q6LoTJLMV0P9BZPweyWFP7AyrQmrK4QCiEjdG1k6oy
VMAK07sMJ/sBDxOllnJ6M1T6g7Brl7aqc2IzX4WsB6JuxbgtAeH+l7AvSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE2FdtCNbZl5qxcg+YQ/RROCDyllMB8GA1UdIwQY
MBaAFF4Xe/fQQ1RB0a2xSKIs7+HW3MD7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGhkNzk5QkRWRUhScmJGSW9penY0ZGJjd1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS83Njg3YjUtMzQ5OC00MzVkLTk1YzQt
NjI0NzhmMGRhODA3LzEvVFlWMjBJMXRtWG1yRnlENWhEOUZFNElQS1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS83Njg3YjUtMzQ5OC00MzVkLTk1YzQtNjI0NzhmMGRhODA3
LzEvWGhkNzk5QkRWRUhScmJGSW9penY0ZGJjd1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwrv+MA0E
AgACMAcDBQMqFAtAMA0GCSqGSIb3DQEBCwUAA4IBAQCbZKqbY9X9MSRahfFZeAVq
FNTnOdMe/NGG+eBL5HbJpsQxgPnSdRXY90RiornuoX/JVUg94x3GV+rngUWyvXwA
V73q8zO6LHnmQRxgWFoUoVZFLFraz/iKuHaOzfOnRYz6ohhE0eingOv76q3iTSpZ
0aAroxfSJY0YZlBbSOANK0ObSm7F9j3nh9gddYfFaR4563uRtzdabkaK9hanNfD3
HYutouicgoRrvR8xhOkOlOR1TE+S+2lFU2ZVbn1lqUv89O+5P45fVZHhgSG5wAPm
kX704RDCCaREmMMJ4dF8RQq9iPrc9a6KqIDSjUzKV070ytn7Lbqk0c294vuny6C1
-----END CERTIFICATE-----