Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/S4fQra7FyBw6bk4R_f3Q2_hJKXI.roa
File:                     S4fQra7FyBw6bk4R_f3Q2_hJKXI.roa (raw, json)
Hash identifier:          RRFhdOKlXoVTT56pkyBH3PAGnDc0y17VQSEe9gDkJk4=
Subject key identifier:   4B:87:D0:AD:AE:C5:C8:1C:3A:6E:4E:11:FD:FD:D0:DB:F8:49:29:72
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       019E47B0E9561EB85E911BA0027F3D449402
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/S4fQra7FyBw6bk4R_f3Q2_hJKXI.roa
Signing time:             Wed 20 May 2026 23:20:36 +0000
ROA not before:           Wed 20 May 2026 23:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        159.197.224.0/19 maxlen: 24
                          159.197.224.0/20 maxlen: 24
                          159.197.240.0/20 maxlen: 24
                          161.8.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jun 2026 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:b0:e9:56:1e:b8:5e:91:1b:a0:02:7f:3d:44:94:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: May 20 23:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b87d0adaec5c81c3a6e4e11fdfdd0dbf8492972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4d:0a:06:58:eb:03:aa:db:7b:08:56:df:dc:
                    a5:14:02:9c:1d:4b:52:c6:e4:4b:e3:53:ce:63:ee:
                    1c:69:4e:f7:38:16:65:61:4c:fe:e7:a3:c5:f5:58:
                    92:3e:0f:2b:3e:d0:ca:08:50:5c:86:18:5e:97:dc:
                    d2:ee:23:f9:dc:36:43:1d:b6:3a:e4:f6:70:75:c4:
                    2c:17:82:4f:3f:c0:e2:2e:c4:31:9c:de:a5:5f:9e:
                    ec:13:45:c9:38:40:11:10:50:4a:fb:29:50:0e:9b:
                    3a:a9:fb:d4:ff:4c:3a:c6:f1:15:6a:e7:35:8e:24:
                    11:6c:5d:8f:92:0f:74:5d:14:52:c6:e1:c2:f6:4a:
                    18:aa:93:dc:9b:54:bc:64:6e:20:e7:99:6d:37:b2:
                    d7:4b:e9:0a:e0:b7:ca:cd:0d:b5:2b:33:d7:a4:6f:
                    12:3d:ac:2d:94:79:73:5a:f3:73:fc:27:8e:35:e7:
                    32:15:53:20:57:0d:c0:63:c0:69:6d:dc:6d:f2:a3:
                    a4:62:55:6f:40:a4:7e:61:9d:e4:9d:21:27:1b:09:
                    36:2b:ff:ad:c5:9b:a8:93:b7:6e:81:97:15:6f:bd:
                    8e:fb:40:a0:31:1a:b0:12:d8:8d:bf:07:d2:11:e2:
                    3e:25:55:76:54:55:cc:81:5e:08:c7:de:17:47:e6:
                    90:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:87:D0:AD:AE:C5:C8:1C:3A:6E:4E:11:FD:FD:D0:DB:F8:49:29:72
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/S4fQra7FyBw6bk4R_f3Q2_hJKXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19
                  161.8.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         68:73:9f:ff:50:d4:c6:f5:20:b5:25:e3:fc:64:ff:6c:44:e5:
         a5:e9:13:6d:e6:5b:b6:10:02:f6:4c:06:6d:28:b2:23:9d:f9:
         ca:54:43:d1:33:54:38:56:47:af:2f:2a:fe:0a:1d:58:76:4b:
         2d:77:08:c5:65:a7:fe:3d:7d:64:13:30:d3:c4:7e:dc:83:ac:
         50:13:c2:d0:7a:a2:8f:d1:c0:d6:76:f8:81:5e:d3:76:03:4c:
         a4:c8:e4:62:45:c4:59:7d:e4:fa:c0:20:d9:52:46:4c:fa:78:
         49:f5:7c:bf:87:55:91:89:4c:1e:64:53:58:6a:85:45:18:40:
         f5:b6:1e:66:b1:db:c5:e2:0e:e4:0e:31:94:f6:ac:93:3c:ea:
         bf:51:fd:76:5c:f0:07:dd:a8:7b:2b:31:8e:15:f3:e1:ba:b0:
         53:96:41:35:57:3e:44:05:7a:5e:e2:af:51:c1:8e:0b:1c:13:
         f8:3f:4b:38:c9:e1:b2:8c:2b:d8:71:43:99:1d:e6:c0:d2:89:
         a7:a4:85:4e:f5:49:bc:f4:7b:99:19:df:97:4d:1f:b9:40:f9:
         9a:19:ae:f8:34:73:82:1c:2d:9e:50:2c:f7:f7:fd:d0:4d:0a:
         48:cb:27:e4:b5:83:39:d6:6f:81:b0:99:3a:53:39:8c:b3:b0:
         d9:e1:29:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5HsOlWHrhekRugAn89RJQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjYwNTIwMjMyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjg3ZDBhZGFlYzVjODFjM2E2ZTRlMTFmZGZkZDBkYmY4NDkyOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU0KBljrA6rbewhW39ylFAKcHUtS
xuRL41POY+4caU73OBZlYUz+56PF9ViSPg8rPtDKCFBchhhel9zS7iP53DZDHbY6
5PZwdcQsF4JPP8DiLsQxnN6lX57sE0XJOEAREFBK+ylQDps6qfvU/0w6xvEVauc1
jiQRbF2Pkg90XRRSxuHC9koYqpPcm1S8ZG4g55ltN7LXS+kK4LfKzQ21KzPXpG8S
PawtlHlzWvNz/CeONecyFVMgVw3AY8Bpbdxt8qOkYlVvQKR+YZ3knSEnGwk2K/+t
xZuok7dugZcVb72O+0CgMRqwEtiNvwfSEeI+JVV2VFXMgV4Ix94XR+aQlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEuH0K2uxcgcOm5OEf390Nv4SSlyMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvUzRmUXJhN0Z5Qnc2Yms0Ul9mM1EyX2hKS1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFn8XgAwQF
oQiAMA0GCSqGSIb3DQEBCwUAA4IBAQBoc5//UNTG9SC1JeP8ZP9sROWl6RNt5lu2
EAL2TAZtKLIjnfnKVEPRM1Q4VkevLyr+Ch1YdkstdwjFZaf+PX1kEzDTxH7cg6xQ
E8LQeqKP0cDWdviBXtN2A0ykyORiRcRZfeT6wCDZUkZM+nhJ9Xy/h1WRiUweZFNY
aoVFGED1th5msdvF4g7kDjGU9qyTPOq/Uf12XPAH3ah7KzGOFfPhurBTlkE1Vz5E
BXpe4q9RwY4LHBP4P0s4yeGyjCvYcUOZHebA0omnpIVO9Um89HuZGd+XTR+5QPma
Ga74NHOCHC2eUCz39/3QTQpIyyfktYM51m+BsJk6UzmMs7DZ4Ska
-----END CERTIFICATE-----