Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-YJ2fRyWFwPYJhxsITvn47yG42E.roa
File:                     1-YJ2fRyWFwPYJhxsITvn47yG42E.roa (raw, json)
Hash identifier:          mzu7qcNmmLefm3mEmJZtKgTVljCSbd6Ge0W/Rih6+rk=
Subject key identifier:   F9:82:76:7D:1C:96:17:03:D8:26:1C:6C:21:3B:E7:E3:BC:86:E3:61
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E15B2C18D8809A6B9886348C7B56CFDF1
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-YJ2fRyWFwPYJhxsITvn47yG42E.roa
Signing time:             Mon 11 May 2026 06:21:36 +0000
ROA not before:           Mon 11 May 2026 06:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        87.229.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:b2:c1:8d:88:09:a6:b9:88:63:48:c7:b5:6c:fd:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 11 06:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f982767d1c961703d8261c6c213be7e3bc86e361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8c:68:68:08:8a:ba:9d:a3:9f:e4:ad:65:00:
                    3f:02:be:57:e9:28:65:a7:24:b6:29:8c:f2:ca:bf:
                    e3:fb:72:84:72:83:7f:ab:0b:39:4a:73:a4:40:cd:
                    02:ca:9c:c9:18:66:4b:90:1f:49:9f:7f:a1:1c:b0:
                    84:86:c3:0f:ee:59:3a:56:21:02:de:dd:ab:a3:e8:
                    ac:ec:01:51:b1:94:c7:38:76:b8:9a:ac:27:b8:b7:
                    7c:b0:54:bc:ee:48:d1:4b:5e:d2:67:c8:db:14:e2:
                    7e:da:63:26:05:0e:7a:d0:d2:00:be:00:45:b9:ac:
                    2f:03:20:bb:3e:48:fe:95:6f:b9:33:ba:e7:cf:7f:
                    6a:81:97:28:5c:bb:e6:27:15:35:0e:b6:25:73:2f:
                    df:d2:02:87:10:75:bc:5b:97:a1:3c:2f:59:75:ad:
                    93:a8:42:4a:ad:4d:c6:6d:76:c8:78:51:8a:dc:c1:
                    b0:cb:d8:d0:fe:36:18:66:6b:39:5d:ff:fe:72:34:
                    74:9e:a0:b4:86:4f:6e:a8:48:25:1b:eb:04:f6:8b:
                    05:7d:0c:50:45:44:a0:f3:67:32:54:46:66:54:49:
                    f0:e0:e2:38:ef:2f:5c:fd:38:9a:c5:c6:40:bf:42:
                    ec:9b:ad:a5:89:d4:7f:ef:09:21:bc:13:a4:5b:49:
                    e3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:82:76:7D:1C:96:17:03:D8:26:1C:6C:21:3B:E7:E3:BC:86:E3:61
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/1-YJ2fRyWFwPYJhxsITvn47yG42E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:34:60:21:67:e4:ea:96:d2:7b:bb:09:6a:5e:92:cb:7c:0a:
         9e:ac:e2:fd:a8:c0:fb:29:69:f6:41:0a:b9:21:34:10:c1:63:
         4c:9e:4e:82:af:c2:db:81:1b:57:36:90:68:61:56:10:c3:b5:
         92:95:fc:17:70:6f:93:46:04:bf:ce:c5:c6:71:f7:92:58:8a:
         5d:a4:15:fb:a8:95:bd:94:36:04:ef:ac:70:39:e2:53:f9:79:
         fe:32:c3:95:7e:98:7c:39:c2:7a:b6:00:65:d3:1e:a3:fb:3e:
         22:90:46:65:ee:4b:b6:72:d5:02:8a:29:38:a1:98:c2:25:76:
         3c:c2:94:48:45:e6:27:54:01:58:ee:f7:ce:dd:cf:17:e3:b9:
         53:91:ca:5e:63:fe:bd:b7:15:1a:6b:a2:3a:d9:50:97:9b:be:
         bc:72:b0:c0:42:47:75:c9:4f:27:d3:82:61:e2:3f:e4:5a:59:
         65:f6:95:f0:30:4c:ff:b6:c3:4a:23:64:b6:69:f5:91:3c:47:
         af:ef:14:6a:ed:18:78:e4:eb:1f:1b:56:83:72:7c:89:89:b1:
         3b:51:0f:33:37:bf:8e:03:17:4e:97:02:6c:b1:94:c7:76:6a:
         24:a6:a8:1d:a1:45:d8:5b:de:5d:c5:89:99:8f:28:31:6a:42:
         40:08:07:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4VssGNiAmmuYhjSMe1bP3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNTExMDYyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgyNzY3ZDFjOTYxNzAzZDgyNjFjNmMyMTNiZTdlM2JjODZlMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIxoaAiKup2jn+StZQA/Ar5X6Shl
pyS2KYzyyr/j+3KEcoN/qws5SnOkQM0CypzJGGZLkB9Jn3+hHLCEhsMP7lk6ViEC
3t2ro+is7AFRsZTHOHa4mqwnuLd8sFS87kjRS17SZ8jbFOJ+2mMmBQ560NIAvgBF
uawvAyC7Pkj+lW+5M7rnz39qgZcoXLvmJxU1DrYlcy/f0gKHEHW8W5ehPC9Zda2T
qEJKrU3GbXbIeFGK3MGwy9jQ/jYYZms5Xf/+cjR0nqC0hk9uqEglG+sE9osFfQxQ
RUSg82cyVEZmVEnw4OI47y9c/TiaxcZAv0Lsm62lidR/7wkhvBOkW0njGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmCdn0clhcD2CYcbCE75+O8huNhMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMS1ZSjJmUnlXRndQWUpoeHNJVHZuNDd5RzQyRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTcvMjY3MjhlLWRkYzctNGIwZi05ZDFlLTk1OTNhNDg4YWZj
Yy8xL2UxNDM5dU81dlJ6emFFdWNBOEE2MGNwa0pKYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFflMjAN
BgkqhkiG9w0BAQsFAAOCAQEAPTRgIWfk6pbSe7sJal6Sy3wKnqzi/ajA+ylp9kEK
uSE0EMFjTJ5Ogq/C24EbVzaQaGFWEMO1kpX8F3Bvk0YEv87FxnH3kliKXaQV+6iV
vZQ2BO+scDniU/l5/jLDlX6YfDnCerYAZdMeo/s+IpBGZe5LtnLVAoopOKGYwiV2
PMKUSEXmJ1QBWO73zt3PF+O5U5HKXmP+vbcVGmuiOtlQl5u+vHKwwEJHdclPJ9OC
YeI/5FpZZfaV8DBM/7bDSiNktmn1kTxHr+8Uau0YeOTrHxtWg3J8iYmxO1EPMze/
jgMXTpcCbLGUx3ZqJKaoHaFF2FveXcWJmY8oMWpCQAgHEg==
-----END CERTIFICATE-----