Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4IdsjnThncy8CG7B4TEdC8OXYTg.roa
File:                     4IdsjnThncy8CG7B4TEdC8OXYTg.roa (raw, json)
Hash identifier:          qFz8bZzW9j+BuaK9Mq/+zPbN9lxrJMGuuYqn1jNVi7U=
Subject key identifier:   E0:87:6C:8E:74:E1:9D:CC:BC:08:6E:C1:E1:31:1D:0B:C3:97:61:38
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019DE4340B114312D404511CF01EDFAF18AD
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4IdsjnThncy8CG7B4TEdC8OXYTg.roa
Signing time:             Fri 01 May 2026 15:41:49 +0000
ROA not before:           Fri 01 May 2026 15:41:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49505
IP address blocks:        207.89.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:34:0b:11:43:12:d4:04:51:1c:f0:1e:df:af:18:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: May  1 15:41:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0876c8e74e19dccbc086ec1e1311d0bc3976138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cb:ed:dc:fe:4b:7b:e4:8c:2c:71:a3:87:89:
                    20:3e:76:02:3d:7a:c4:e8:e4:79:8a:5a:28:f0:b0:
                    9e:d0:ea:19:f6:2b:95:de:5c:a6:30:1c:50:13:ba:
                    e6:64:e6:d1:fa:ac:69:2f:fa:19:2a:4b:9d:bb:29:
                    b6:14:6b:ed:0c:45:b7:64:05:59:96:dc:9d:f4:03:
                    55:11:ca:2d:01:fc:03:2f:1e:87:fe:b6:af:6a:c0:
                    b3:d9:6a:a8:ac:6a:96:50:d2:9e:71:10:0c:78:65:
                    af:86:23:e2:ad:8a:3a:2d:da:3f:ed:f1:a2:f4:d9:
                    23:d2:03:63:e8:9a:36:98:86:9d:ed:45:63:64:ef:
                    da:19:f3:ae:2f:78:00:a3:16:ea:b6:1f:d6:5b:db:
                    84:da:54:09:6f:81:ba:ff:69:51:68:61:fb:16:b3:
                    25:93:4a:b8:45:76:17:c4:35:3f:12:ab:b1:a2:6e:
                    c7:dd:44:73:48:19:fe:8b:12:0c:de:8c:e5:92:a0:
                    c5:2e:30:df:67:62:df:5e:b4:18:84:87:80:57:32:
                    18:15:0d:df:f6:ce:11:eb:83:ef:4f:ad:02:e1:4c:
                    a6:96:6c:05:16:8f:27:42:83:f9:02:14:6d:61:99:
                    a8:14:bd:91:bb:d9:47:09:1e:f2:e6:e0:94:ee:3c:
                    1a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:87:6C:8E:74:E1:9D:CC:BC:08:6E:C1:E1:31:1D:0B:C3:97:61:38
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4IdsjnThncy8CG7B4TEdC8OXYTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.89.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:c0:20:a1:e3:a6:2f:5d:99:00:fc:c4:8e:78:47:aa:3a:2b:
         bb:21:a4:9c:b9:2e:12:31:74:26:ce:60:0f:38:fc:5e:8a:9d:
         6c:05:07:d8:b9:b4:50:05:f4:5e:2b:b6:de:2e:8b:b4:02:d8:
         26:92:6f:91:b7:84:cf:22:e2:2b:d9:dd:0d:0c:ab:63:d6:a0:
         ee:f3:bc:ee:c3:93:6c:d7:c4:97:04:92:ea:91:ea:08:37:eb:
         dc:f7:f0:1c:9e:96:91:03:67:6b:58:a8:67:6b:d6:d2:69:6b:
         02:22:8e:da:b8:a5:c4:38:88:f1:17:bd:41:4d:c2:2f:d6:d1:
         b9:f1:06:94:d7:96:ff:e8:23:a7:3d:7d:65:fd:49:45:15:a2:
         4d:30:e4:4c:f4:2f:92:b0:99:61:61:b6:3d:18:8c:4e:34:21:
         72:0d:43:e0:aa:c1:6c:54:03:4f:a2:9f:de:7b:e0:9d:5d:96:
         69:f5:4a:36:36:40:d1:0c:30:f1:f5:55:9e:f8:7d:0c:a9:b7:
         8e:8e:d8:3a:14:e5:3b:8f:ae:c3:6f:55:78:bf:4c:8e:3a:a7:
         2c:0c:8f:5f:72:e6:51:2b:7e:d2:7b:fa:ce:2a:ae:22:22:44:
         e3:4b:8a:f8:69:07:92:4d:52:45:1b:01:2a:49:c9:32:bd:65:
         f2:c5:7e:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3kNAsRQxLUBFEc8B7frxitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNTAxMTU0MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg3NmM4ZTc0ZTE5ZGNjYmMwODZlYzFlMTMxMWQwYmMzOTc2MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8vt3P5Le+SMLHGjh4kgPnYCPXrE
6OR5iloo8LCe0OoZ9iuV3lymMBxQE7rmZObR+qxpL/oZKkuduym2FGvtDEW3ZAVZ
ltyd9ANVEcotAfwDLx6H/ravasCz2WqorGqWUNKecRAMeGWvhiPirYo6Ldo/7fGi
9Nkj0gNj6Jo2mIad7UVjZO/aGfOuL3gAoxbqth/WW9uE2lQJb4G6/2lRaGH7FrMl
k0q4RXYXxDU/Equxom7H3URzSBn+ixIM3ozlkqDFLjDfZ2LfXrQYhIeAVzIYFQ3f
9s4R64PvT60C4UymlmwFFo8nQoP5AhRtYZmoFL2Ru9lHCR7y5uCU7jwaAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCHbI504Z3MvAhuweExHQvDl2E4MB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvNElkc2puVGhuY3k4Q0c3QjRURWRDOE9YWVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz1kTMA0G
CSqGSIb3DQEBCwUAA4IBAQAcwCCh46YvXZkA/MSOeEeqOiu7IaScuS4SMXQmzmAP
OPxeip1sBQfYubRQBfReK7beLou0Atgmkm+Rt4TPIuIr2d0NDKtj1qDu87zuw5Ns
18SXBJLqkeoIN+vc9/AcnpaRA2drWKhna9bSaWsCIo7auKXEOIjxF71BTcIv1tG5
8QaU15b/6COnPX1l/UlFFaJNMORM9C+SsJlhYbY9GIxONCFyDUPgqsFsVANPop/e
e+CdXZZp9Uo2NkDRDDDx9VWe+H0MqbeOjtg6FOU7j67Db1V4v0yOOqcsDI9fcuZR
K37Se/rOKq4iIkTjS4r4aQeSTVJFGwEqSckyvWXyxX4J
-----END CERTIFICATE-----