Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ui5AfarnAqcSUhegv-LWHJEfX1M.roa
File:                     ui5AfarnAqcSUhegv-LWHJEfX1M.roa (raw, json)
Hash identifier:          Utg8xJNe03TH4ny50wSw8ZmTXWZk8J571ltZsTZxufU=
Subject key identifier:   BA:2E:40:7D:AA:E7:02:A7:12:52:17:A0:BF:E2:D6:1C:91:1F:5F:53
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019D9D994680B4F475F10407A35428D6D92C
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ui5AfarnAqcSUhegv-LWHJEfX1M.roa
Signing time:             Fri 17 Apr 2026 22:39:21 +0000
ROA not before:           Fri 17 Apr 2026 22:39:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198846
IP address blocks:        77.92.152.0/24 maxlen: 24
                          78.135.86.0/24 maxlen: 24
                          2a10:9440:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 21:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9d:99:46:80:b4:f4:75:f1:04:07:a3:54:28:d6:d9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Apr 17 22:39:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba2e407daae702a7125217a0bfe2d61c911f5f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:32:06:eb:ae:63:e1:33:27:d4:4b:64:10:3a:
                    be:56:40:e2:4c:46:db:1d:60:36:24:af:70:84:d5:
                    9c:52:f9:a0:9f:ec:29:e9:14:e6:99:ff:18:9f:48:
                    f1:03:eb:c4:1d:dd:8b:cf:20:02:6c:b0:12:56:69:
                    7a:26:e8:37:97:37:f7:4b:2f:13:19:7d:21:d4:6a:
                    21:6b:fa:ba:2a:b0:6c:49:8a:e6:f5:ed:ae:33:ec:
                    39:c6:72:cb:48:4b:61:6c:3c:8d:98:de:7e:a7:88:
                    f4:40:53:dd:48:1c:0f:ea:1a:6c:f3:49:65:b8:3f:
                    bb:a6:e8:71:25:ac:13:5f:c1:73:7c:7f:80:83:a6:
                    bd:b1:0c:ab:e8:5e:67:2c:ff:70:96:04:6a:ae:d4:
                    c6:d4:61:2f:fe:bd:78:6a:50:68:84:f9:2d:75:b0:
                    db:1c:a1:3c:e5:fe:45:e4:8d:58:ee:a2:7e:db:9b:
                    e7:7d:43:6f:88:b1:59:80:a4:69:1b:1f:e2:e6:d9:
                    ee:68:80:23:7e:c8:9a:20:58:2e:1e:00:56:11:85:
                    c3:c5:b9:44:30:43:b8:ce:40:dd:a1:2e:97:ca:45:
                    50:28:ba:53:71:17:9b:1f:4d:c8:8d:c2:27:98:67:
                    b8:07:6d:f2:78:bf:a8:7a:3d:91:90:bc:81:68:90:
                    74:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:2E:40:7D:AA:E7:02:A7:12:52:17:A0:BF:E2:D6:1C:91:1F:5F:53
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ui5AfarnAqcSUhegv-LWHJEfX1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.152.0/24
                  78.135.86.0/24
                IPv6:
                  2a10:9440:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:1f:af:58:ce:88:d4:4a:31:37:37:da:64:dc:60:d2:73:58:
         dc:a7:12:c6:bf:f4:4d:57:c7:45:c8:62:12:a5:9c:91:2b:d3:
         4d:f7:f3:61:13:a4:83:d8:12:1f:f1:ec:79:f1:b1:bc:4c:27:
         bc:7f:21:70:aa:75:c5:fa:87:7a:a2:76:a5:59:07:c8:df:96:
         5a:09:f5:94:2d:83:4d:29:48:8d:84:3e:21:f1:ad:d0:50:42:
         bd:0b:92:26:e8:a2:3d:85:6c:11:bd:8d:2c:cd:30:c7:ac:99:
         64:20:ac:cd:7f:48:1b:5a:ec:15:b9:bb:02:09:fd:02:c9:5d:
         5a:59:8f:72:ca:ff:3b:d7:e9:04:7f:24:27:d7:66:ac:a9:69:
         e3:e4:fe:b4:de:85:a2:8b:e1:46:7d:6c:44:f5:9f:23:46:da:
         5a:8c:3a:8f:87:a9:ea:ee:4a:46:77:3e:6f:54:9a:8f:33:58:
         f0:7f:64:cb:04:a1:59:d1:cf:fd:52:47:ad:fa:3a:2f:c0:d9:
         a7:1b:24:f5:fb:7f:01:d5:6e:02:04:9d:96:46:1e:3a:ba:bf:
         7d:a1:be:82:f0:9f:d1:ac:e1:fe:27:44:ee:86:e4:43:1f:e9:
         da:0a:78:65:a6:29:84:cf:ca:3b:43:d3:8a:88:34:f2:04:85:
         4f:50:b0:84
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ2dmUaAtPR18QQHo1Qo1tksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwNDE3MjIzOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTJlNDA3ZGFhZTcwMmE3MTI1MjE3YTBiZmUyZDYxYzkxMWY1ZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DIG665j4TMn1EtkEDq+VkDiTEbb
HWA2JK9whNWcUvmgn+wp6RTmmf8Yn0jxA+vEHd2LzyACbLASVml6Jug3lzf3Sy8T
GX0h1Goha/q6KrBsSYrm9e2uM+w5xnLLSEthbDyNmN5+p4j0QFPdSBwP6hps80ll
uD+7puhxJawTX8FzfH+Ag6a9sQyr6F5nLP9wlgRqrtTG1GEv/r14alBohPktdbDb
HKE85f5F5I1Y7qJ+25vnfUNviLFZgKRpGx/i5tnuaIAjfsiaIFguHgBWEYXDxblE
MEO4zkDdoS6XykVQKLpTcRebH03IjcInmGe4B23yeL+oej2RkLyBaJB0AwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLouQH2q5wKnElIXoL/i1hyRH19TMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvdWk1QWZhcm5BcWNTVWhlZ3YtTFdISkVmWDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQATVyYAwQA
TodWMA8EAgACMAkDBwAqEJRAAAEwDQYJKoZIhvcNAQELBQADggEBABgfr1jOiNRK
MTc32mTcYNJzWNynEsa/9E1Xx0XIYhKlnJEr003382ETpIPYEh/x7HnxsbxMJ7x/
IXCqdcX6h3qidqVZB8jflloJ9ZQtg00pSI2EPiHxrdBQQr0Lkibooj2FbBG9jSzN
MMesmWQgrM1/SBta7BW5uwIJ/QLJXVpZj3LK/zvX6QR/JCfXZqypaePk/rTehaKL
4UZ9bET1nyNG2lqMOo+HqeruSkZ3Pm9Umo8zWPB/ZMsEoVnRz/1SR636Oi/A2acb
JPX7fwHVbgIEnZZGHjq6v32hvoLwn9Gs4f4nRO6G5EMf6doKeGWmKYTPyjtD04qI
NPIEhU9QsIQ=
-----END CERTIFICATE-----