Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/rM87y2TNY04ZUBsvbWAK2PD2DFQ.roa
File:                     rM87y2TNY04ZUBsvbWAK2PD2DFQ.roa (raw, json)
Hash identifier:          izh62xNZPL6q8fNdrdzu8ymlwNgh6Iq+rgdBJDo2fDw=
Subject key identifier:   AC:CF:3B:CB:64:CD:63:4E:19:50:1B:2F:6D:60:0A:D8:F0:F6:0C:54
Certificate issuer:       /CN=08d51cae877df40a5d39412605070841bd102c54
Certificate serial:       019EB6F7282962AD4C8EE78382496C5813E3
Authority key identifier: 08:D5:1C:AE:87:7D:F4:0A:5D:39:41:26:05:07:08:41:BD:10:2C:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNUcrod99ApdOUEmBQcIQb0QLFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/rM87y2TNY04ZUBsvbWAK2PD2DFQ.roa
Signing time:             Thu 11 Jun 2026 13:55:11 +0000
ROA not before:           Thu 11 Jun 2026 13:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        185.27.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/CNUcrod99ApdOUEmBQcIQb0QLFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/CNUcrod99ApdOUEmBQcIQb0QLFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNUcrod99ApdOUEmBQcIQb0QLFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:f7:28:29:62:ad:4c:8e:e7:83:82:49:6c:58:13:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d51cae877df40a5d39412605070841bd102c54
        Validity
            Not Before: Jun 11 13:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=accf3bcb64cd634e19501b2f6d600ad8f0f60c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d9:d8:e6:a5:c4:af:12:2d:67:3a:49:76:8d:
                    a3:99:dd:e9:30:73:a9:d1:40:0b:28:a1:22:7b:ae:
                    7b:ba:e4:99:34:be:7d:81:b3:7c:f7:b1:0d:6c:aa:
                    55:10:c6:53:90:d9:07:81:b6:c9:1b:ac:85:72:2f:
                    0a:95:fb:79:45:80:46:cf:a9:1b:d3:f6:45:4e:0a:
                    24:d1:d3:38:3e:2d:bf:4d:3e:20:33:4e:64:43:fa:
                    57:ce:21:21:9a:39:55:88:8e:c5:36:49:b2:5a:fa:
                    09:35:e2:c7:97:08:d1:89:05:f6:94:bf:33:1c:ea:
                    72:af:d6:c5:2f:9d:11:05:5b:94:51:a2:7e:ed:81:
                    7c:92:53:20:a2:16:b6:4f:04:47:f6:f2:08:65:c6:
                    43:03:68:ae:fd:6d:b7:9d:f8:d6:97:b7:54:a0:c0:
                    f3:af:02:6b:3b:21:21:83:bb:11:54:09:f6:70:b6:
                    63:4d:10:19:0e:f5:53:d0:d8:2c:bb:42:7c:26:0a:
                    72:bb:5e:d8:fe:c8:b6:ed:fd:2b:38:61:64:be:cb:
                    28:7a:c8:d9:1c:36:42:91:d7:2d:da:10:71:3b:65:
                    3d:f9:e2:42:ae:e0:b8:60:86:35:a6:a6:3c:da:0f:
                    89:e5:b8:80:ef:89:13:e5:da:6b:4c:12:60:5d:8b:
                    c5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:CF:3B:CB:64:CD:63:4E:19:50:1B:2F:6D:60:0A:D8:F0:F6:0C:54
            X509v3 Authority Key Identifier:
                keyid:08:D5:1C:AE:87:7D:F4:0A:5D:39:41:26:05:07:08:41:BD:10:2C:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNUcrod99ApdOUEmBQcIQb0QLFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/rM87y2TNY04ZUBsvbWAK2PD2DFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/a6b009-2d0b-48dd-825e-4b4d1ad96c0e/1/CNUcrod99ApdOUEmBQcIQb0QLFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:97:a4:b7:e1:d3:43:e5:46:e8:fb:e8:b6:19:00:5b:2c:5e:
         ee:ff:50:7d:7b:c2:e7:f2:12:0f:4e:d4:0d:7d:b6:c2:ba:64:
         a8:6b:ef:1b:99:38:a1:d0:eb:c5:58:ad:e5:41:e3:1d:11:b9:
         f7:f1:d8:7b:eb:aa:db:47:02:db:1a:5a:9d:88:c7:ee:e5:22:
         76:06:f6:a2:3c:53:38:74:c9:1a:40:df:62:f8:df:b2:0a:b0:
         4e:92:27:ef:e1:87:2e:ba:64:18:36:c4:35:b5:f0:fa:ee:d7:
         e2:65:bd:9c:2f:a5:8d:bf:b2:fa:4f:2b:59:13:a0:a5:39:4b:
         fc:42:90:c2:31:16:99:85:f3:1e:85:77:35:3d:ac:13:a3:e9:
         60:26:14:8b:69:8b:31:aa:2b:89:d2:0b:0e:4d:42:c8:f1:4f:
         de:15:2b:f9:a6:5e:c0:df:33:95:8f:d9:a6:db:57:4a:82:5a:
         3f:62:6f:c4:ed:02:53:ff:63:63:8e:84:46:cb:08:19:79:3f:
         66:54:d3:cb:e1:90:d1:66:17:79:ed:2f:37:9c:1f:f1:0b:2d:
         20:9e:8a:4a:57:6e:5f:55:e3:44:97:c0:a9:4e:82:8f:89:75:
         c8:5d:59:d1:c8:e5:53:06:fc:4c:67:49:83:e8:fa:ac:4a:f6:
         ed:1c:90:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ629ygpYq1MjueDgklsWBPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDUxY2FlODc3ZGY0MGE1ZDM5NDEyNjA1MDcwODQxYmQx
MDJjNTQwHhcNMjYwNjExMTM1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2NmM2JjYjY0Y2Q2MzRlMTk1MDFiMmY2ZDYwMGFkOGYwZjYwYzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNnY5qXErxItZzpJdo2jmd3pMHOp
0UALKKEie657uuSZNL59gbN897ENbKpVEMZTkNkHgbbJG6yFci8Klft5RYBGz6kb
0/ZFTgok0dM4Pi2/TT4gM05kQ/pXziEhmjlViI7FNkmyWvoJNeLHlwjRiQX2lL8z
HOpyr9bFL50RBVuUUaJ+7YF8klMgoha2TwRH9vIIZcZDA2iu/W23nfjWl7dUoMDz
rwJrOyEhg7sRVAn2cLZjTRAZDvVT0Ngsu0J8Jgpyu17Y/si27f0rOGFkvssoesjZ
HDZCkdct2hBxO2U9+eJCruC4YIY1pqY82g+J5biA74kT5dprTBJgXYvF1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzPO8tkzWNOGVAbL21gCtjw9gxUMB8GA1UdIwQY
MBaAFAjVHK6HffQKXTlBJgUHCEG9ECxUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05VY3JvZDk5QXBkT1VFbUJRY0lRYjBRTEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9hNmIwMDktMmQwYi00OGRkLTgyNWUt
NGI0ZDFhZDk2YzBlLzEvck04N3kyVE5ZMDRaVUJzdmJXQUsyUEQyREZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9hNmIwMDktMmQwYi00OGRkLTgyNWUtNGI0ZDFhZDk2YzBl
LzEvQ05VY3JvZDk5QXBkT1VFbUJRY0lRYjBRTEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRstMA0G
CSqGSIb3DQEBCwUAA4IBAQCml6S34dND5Ubo++i2GQBbLF7u/1B9e8Ln8hIPTtQN
fbbCumSoa+8bmTih0OvFWK3lQeMdEbn38dh766rbRwLbGlqdiMfu5SJ2BvaiPFM4
dMkaQN9i+N+yCrBOkifv4YcuumQYNsQ1tfD67tfiZb2cL6WNv7L6TytZE6ClOUv8
QpDCMRaZhfMehXc1PawTo+lgJhSLaYsxqiuJ0gsOTULI8U/eFSv5pl7A3zOVj9mm
21dKglo/Ym/E7QJT/2NjjoRGywgZeT9mVNPL4ZDRZhd57S83nB/xCy0gnopKV25f
VeNEl8CpToKPiXXIXVnRyOVTBvxMZ0mD6PqsSvbtHJCo
-----END CERTIFICATE-----