Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/jYQejTs_VCB1cpCr7qrPeVI5_VI.roa
File:                     jYQejTs_VCB1cpCr7qrPeVI5_VI.roa (raw, json)
Hash identifier:          RuEfXGQ8FdYs+It13SdSHwiFRFM5ZGec+HI06Kuq/Ik=
Subject key identifier:   8D:84:1E:8D:3B:3F:54:20:75:72:90:AB:EE:AA:CF:79:52:39:FD:52
Certificate issuer:       /CN=a4f6d657c0fa21828d313507354dec1481580ed6
Certificate serial:       019E206C6B855EC08CDFFBE3339578F2D5F2
Authority key identifier: A4:F6:D6:57:C0:FA:21:82:8D:31:35:07:35:4D:EC:14:81:58:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPbWV8D6IYKNMTUHNU3sFIFYDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/jYQejTs_VCB1cpCr7qrPeVI5_VI.roa
Signing time:             Wed 13 May 2026 08:20:36 +0000
ROA not before:           Wed 13 May 2026 08:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25255
IP address blocks:        151.5.88.0/22 maxlen: 22
                          151.5.88.0/23 maxlen: 23
                          151.5.90.0/23 maxlen: 23
                          151.5.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/pPbWV8D6IYKNMTUHNU3sFIFYDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/pPbWV8D6IYKNMTUHNU3sFIFYDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPbWV8D6IYKNMTUHNU3sFIFYDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:6c:6b:85:5e:c0:8c:df:fb:e3:33:95:78:f2:d5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f6d657c0fa21828d313507354dec1481580ed6
        Validity
            Not Before: May 13 08:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d841e8d3b3f5420757290abeeaacf795239fd52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:f0:f8:5f:52:02:ad:bc:fc:1b:1a:2e:e2:1f:
                    24:90:b1:d6:1b:ce:c7:42:0f:63:68:7b:24:48:49:
                    3e:ea:6f:72:cd:19:11:6b:bc:31:6b:d6:2b:b5:ac:
                    0c:fc:a0:00:e8:19:b2:5d:fd:87:68:ec:6b:cf:5d:
                    b0:90:1a:28:5a:80:31:37:16:f1:23:93:1b:09:33:
                    32:a5:09:d5:4d:e7:69:3b:f6:b5:1e:5e:0c:af:09:
                    1a:43:74:f4:5c:a1:36:5f:b6:f8:fa:98:12:65:9f:
                    64:f9:51:96:4e:03:50:13:cf:84:ab:10:af:46:b5:
                    df:9f:54:f8:52:83:0b:c4:49:79:d1:3d:d3:1f:42:
                    02:ce:9b:b0:7e:6b:9a:10:42:53:72:d1:1a:47:e5:
                    87:c5:1e:f7:06:6e:61:98:f1:10:54:61:6c:bc:78:
                    4f:ce:d8:c6:37:5f:24:0b:3f:b6:09:e6:bf:69:ed:
                    eb:dc:36:f5:71:1a:e6:47:99:47:0e:75:b8:9d:8b:
                    50:a7:32:4a:b8:fc:09:64:6e:cc:dd:ee:51:d4:7f:
                    61:73:f4:41:09:fb:1a:f8:d5:76:44:ec:8e:a2:94:
                    43:da:4e:8a:40:f0:49:35:89:a2:41:3e:f3:04:eb:
                    b3:02:ca:d3:01:f4:d4:e4:1e:57:c7:cb:c9:6f:9b:
                    eb:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:84:1E:8D:3B:3F:54:20:75:72:90:AB:EE:AA:CF:79:52:39:FD:52
            X509v3 Authority Key Identifier:
                keyid:A4:F6:D6:57:C0:FA:21:82:8D:31:35:07:35:4D:EC:14:81:58:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPbWV8D6IYKNMTUHNU3sFIFYDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/jYQejTs_VCB1cpCr7qrPeVI5_VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/239397-3477-4379-ac46-5c2763648f1c/1/pPbWV8D6IYKNMTUHNU3sFIFYDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.5.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:84:f6:8d:3e:1d:da:2e:e2:c3:8d:35:dc:16:2c:c4:12:af:
         f1:d2:65:86:02:8e:81:a8:8a:dd:af:b4:50:1d:6d:ba:0e:19:
         04:bc:06:a8:d7:b4:f3:17:3b:93:fa:a7:4e:87:02:7d:05:d7:
         72:d1:82:ce:b9:2e:94:df:51:23:83:aa:27:99:57:17:19:dc:
         0d:37:4e:22:6c:7d:47:1c:42:1b:f8:4a:dd:3f:7d:54:2d:30:
         8f:f7:06:d0:64:e9:be:51:22:24:25:ae:3a:ad:00:19:b4:b4:
         57:bb:93:e3:5a:aa:74:0f:3d:54:aa:83:02:ce:d5:fa:11:99:
         1d:dc:e5:14:dd:70:30:eb:93:4c:90:44:5f:e9:1b:89:76:c0:
         3d:6c:b2:31:c5:bc:59:b2:e8:c8:36:1d:4e:5f:18:99:f9:20:
         41:be:52:7e:52:b8:e6:3b:56:be:c8:1e:4a:72:ab:2a:77:56:
         58:16:6f:ba:af:f4:e3:40:a1:74:14:90:d7:10:e3:a2:dc:f0:
         2a:b1:20:04:fe:f4:f0:76:8d:c9:fb:83:1c:b2:7c:74:06:35:
         41:0e:74:f5:db:4e:82:8b:03:75:03:5b:28:08:23:c0:98:13:
         2b:53:43:49:71:7e:73:40:00:52:da:62:c6:8c:0e:94:6f:3a:
         63:a1:73:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gbGuFXsCM3/vjM5V48tXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjZkNjU3YzBmYTIxODI4ZDMxMzUwNzM1NGRlYzE0ODE1
ODBlZDYwHhcNMjYwNTEzMDgyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg0MWU4ZDNiM2Y1NDIwNzU3MjkwYWJlZWFhY2Y3OTUyMzlmZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9vD4X1ICrbz8Gxou4h8kkLHWG87H
Qg9jaHskSEk+6m9yzRkRa7wxa9YrtawM/KAA6BmyXf2HaOxrz12wkBooWoAxNxbx
I5MbCTMypQnVTedpO/a1Hl4MrwkaQ3T0XKE2X7b4+pgSZZ9k+VGWTgNQE8+EqxCv
RrXfn1T4UoMLxEl50T3TH0ICzpuwfmuaEEJTctEaR+WHxR73Bm5hmPEQVGFsvHhP
ztjGN18kCz+2Cea/ae3r3Db1cRrmR5lHDnW4nYtQpzJKuPwJZG7M3e5R1H9hc/RB
Cfsa+NV2ROyOopRD2k6KQPBJNYmiQT7zBOuzAsrTAfTU5B5Xx8vJb5vrowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2EHo07P1QgdXKQq+6qz3lSOf1SMB8GA1UdIwQY
MBaAFKT21lfA+iGCjTE1BzVN7BSBWA7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBiV1Y4RDZJWUtOTVRVSE5VM3NGSUZZRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8yMzkzOTctMzQ3Ny00Mzc5LWFjNDYt
NWMyNzYzNjQ4ZjFjLzEvallRZWpUc19WQ0IxY3BDcjdxclBlVkk1X1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8yMzkzOTctMzQ3Ny00Mzc5LWFjNDYtNWMyNzYzNjQ4ZjFj
LzEvcFBiV1Y4RDZJWUtOTVRVSE5VM3NGSUZZRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDlwVYMA0G
CSqGSIb3DQEBCwUAA4IBAQAchPaNPh3aLuLDjTXcFizEEq/x0mWGAo6BqIrdr7RQ
HW26DhkEvAao17TzFzuT+qdOhwJ9Bddy0YLOuS6U31Ejg6onmVcXGdwNN04ibH1H
HEIb+ErdP31ULTCP9wbQZOm+USIkJa46rQAZtLRXu5PjWqp0Dz1UqoMCztX6EZkd
3OUU3XAw65NMkERf6RuJdsA9bLIxxbxZsujINh1OXxiZ+SBBvlJ+UrjmO1a+yB5K
cqsqd1ZYFm+6r/TjQKF0FJDXEOOi3PAqsSAE/vTwdo3J+4Mcsnx0BjVBDnT1206C
iwN1A1soCCPAmBMrU0NJcX5zQABS2mLGjA6UbzpjoXMj
-----END CERTIFICATE-----