Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/zO5zaPfAU_WOrCSlNRCPHYyExaQ.roa
File:                     zO5zaPfAU_WOrCSlNRCPHYyExaQ.roa (raw, json)
Hash identifier:          3A28xy/zcM7UqXUvvI8yJ+JLhZsOGWIKL5lp3c/NVyk=
Subject key identifier:   CC:EE:73:68:F7:C0:53:F5:8E:AC:24:A5:35:10:8F:1D:8C:84:C5:A4
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019E937C32013BD34299CC6C34F050E27796
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/zO5zaPfAU_WOrCSlNRCPHYyExaQ.roa
Signing time:             Thu 04 Jun 2026 16:34:10 +0000
ROA not before:           Thu 04 Jun 2026 16:34:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197170
IP address blocks:        94.26.106.0/24 maxlen: 24
                          192.109.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:7c:32:01:3b:d3:42:99:cc:6c:34:f0:50:e2:77:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Jun  4 16:34:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccee7368f7c053f58eac24a535108f1d8c84c5a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ef:b7:8b:c3:7a:37:98:d4:83:83:26:fa:07:
                    f0:7d:08:e8:5e:90:66:15:00:92:2e:1f:f8:f3:fb:
                    e4:02:99:5d:e9:f0:fc:a9:5c:cd:96:dd:61:fc:c0:
                    ed:00:df:06:f1:71:e7:d5:9c:5a:76:fd:73:6c:73:
                    32:8a:29:6d:13:39:b3:64:94:83:29:c5:82:d7:5a:
                    db:1a:6f:0f:51:d5:18:01:e3:b1:9a:0c:cf:4e:01:
                    3f:83:9a:89:1c:a1:da:13:8a:2e:ec:10:90:c7:e3:
                    49:b6:3e:b0:7f:98:5f:1a:cb:3b:48:df:b4:c5:ed:
                    4e:9e:7a:51:a3:1e:bd:ad:b6:c7:80:31:dc:2a:6f:
                    0b:ef:2c:a8:13:56:95:26:83:c4:c9:92:76:38:e5:
                    46:da:d2:72:79:38:bc:a9:d7:23:0c:b4:dc:10:fa:
                    a1:ef:0f:65:a0:6a:eb:c8:5a:04:85:43:15:1c:b1:
                    64:2f:f6:f4:ff:ae:65:18:65:cf:bd:46:53:40:4c:
                    d7:47:53:fe:a9:22:35:fa:2a:7c:09:56:1a:e8:96:
                    ef:02:28:40:4a:71:9d:01:ae:a1:0d:8c:7d:13:47:
                    dc:05:94:34:15:09:cd:a4:6a:5b:f1:8e:97:7a:21:
                    3c:9f:f5:44:0b:bf:16:6c:fa:9b:d1:4e:b4:07:5a:
                    38:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:73:68:F7:C0:53:F5:8E:AC:24:A5:35:10:8F:1D:8C:84:C5:A4
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/zO5zaPfAU_WOrCSlNRCPHYyExaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.106.0/24
                  192.109.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:c8:1c:c0:46:2c:37:61:97:51:82:e8:32:c3:2d:82:f6:f5:
         56:fa:f4:cd:c9:95:90:12:4f:db:2d:68:b5:98:5c:66:96:e7:
         66:f9:c1:c3:a7:d9:96:ff:a1:49:98:33:5f:14:e0:ce:ed:d6:
         b8:84:c9:66:e2:dd:d1:2e:b6:28:7e:44:8d:5f:25:f6:ab:ac:
         69:f9:58:48:6e:67:78:02:9d:f1:87:69:59:8a:68:18:6b:2d:
         5e:7b:5f:ac:8f:7e:1c:67:b7:38:36:a1:77:21:fb:20:e1:c7:
         9a:6f:42:22:d6:a0:ae:50:a9:fe:9d:98:f1:80:69:bd:a0:88:
         24:22:4e:dd:e8:21:cc:c1:e6:12:9d:79:71:2c:35:ce:a6:c7:
         de:06:ca:45:dc:9f:a4:bf:b9:a6:df:1f:64:8c:45:b6:d2:01:
         f1:23:74:29:b0:7d:a7:e5:52:42:fd:ae:be:56:69:93:6a:0a:
         48:9d:15:31:5c:6f:36:13:a7:61:4d:ac:17:cf:51:83:ba:dc:
         ef:01:c6:d1:06:60:a3:42:83:2a:33:25:a9:8c:34:ed:52:91:
         8a:92:49:a2:07:78:ed:80:9e:78:c3:ca:59:2e:24:2e:02:63:
         60:66:6f:70:2e:a5:07:a3:c4:5d:41:d3:3b:1e:a9:6e:ba:99:
         a0:62:02:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6TfDIBO9NCmcxsNPBQ4neWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjYwNjA0MTYzNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VlNzM2OGY3YzA1M2Y1OGVhYzI0YTUzNTEwOGYxZDhjODRjNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu+3i8N6N5jUg4Mm+gfwfQjoXpBm
FQCSLh/48/vkApld6fD8qVzNlt1h/MDtAN8G8XHn1Zxadv1zbHMyiiltEzmzZJSD
KcWC11rbGm8PUdUYAeOxmgzPTgE/g5qJHKHaE4ou7BCQx+NJtj6wf5hfGss7SN+0
xe1OnnpRox69rbbHgDHcKm8L7yyoE1aVJoPEyZJ2OOVG2tJyeTi8qdcjDLTcEPqh
7w9loGrryFoEhUMVHLFkL/b0/65lGGXPvUZTQEzXR1P+qSI1+ip8CVYa6JbvAihA
SnGdAa6hDYx9E0fcBZQ0FQnNpGpb8Y6XeiE8n/VEC78WbPqb0U60B1o4ewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMzuc2j3wFP1jqwkpTUQjx2MhMWkMB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEvek81emFQZkFVX1dPckNTbE5SQ1BIWXlFeGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXhpqAwQA
wG3IMA0GCSqGSIb3DQEBCwUAA4IBAQDQyBzARiw3YZdRgugywy2C9vVW+vTNyZWQ
Ek/bLWi1mFxmludm+cHDp9mW/6FJmDNfFODO7da4hMlm4t3RLrYofkSNXyX2q6xp
+VhIbmd4Ap3xh2lZimgYay1ee1+sj34cZ7c4NqF3Ifsg4ceab0Ii1qCuUKn+nZjx
gGm9oIgkIk7d6CHMweYSnXlxLDXOpsfeBspF3J+kv7mm3x9kjEW20gHxI3QpsH2n
5VJC/a6+VmmTagpInRUxXG82E6dhTawXz1GDutzvAcbRBmCjQoMqMyWpjDTtUpGK
kkmiB3jtgJ54w8pZLiQuAmNgZm9wLqUHo8RdQdM7HqluupmgYgLd
-----END CERTIFICATE-----