Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bjU3ifwDG34SU0YbFkpFdn6Ajj8.roa
File:                     bjU3ifwDG34SU0YbFkpFdn6Ajj8.roa (raw, json)
Hash identifier:          0a5LAsf62LC5STihweccK4HoKCQo5vDU27VsfHucMIA=
Subject key identifier:   6E:35:37:89:FC:03:1B:7E:12:53:46:1B:16:4A:45:76:7E:80:8E:3F
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019E6DC1A4145EF055051BC549C5559F9488
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bjU3ifwDG34SU0YbFkpFdn6Ajj8.roa
Signing time:             Thu 28 May 2026 08:44:27 +0000
ROA not before:           Thu 28 May 2026 08:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58351
IP address blocks:        46.17.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:c1:a4:14:5e:f0:55:05:1b:c5:49:c5:55:9f:94:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: May 28 08:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e353789fc031b7e1253461b164a45767e808e3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2d:69:8d:70:95:1b:8c:36:d2:43:72:fa:47:
                    74:26:e6:2c:21:66:98:af:50:d6:07:84:37:63:e0:
                    ad:fc:74:09:5e:49:7c:e1:df:5d:1c:55:2c:bf:68:
                    d9:8f:2d:7c:4b:19:97:8b:f9:93:0e:0a:b9:4c:b4:
                    0f:81:97:41:52:d7:aa:33:18:97:43:fc:1d:ae:32:
                    fb:23:0c:01:c6:17:89:81:26:2f:bb:1d:c2:85:cd:
                    fb:72:3b:4b:62:7b:d9:ab:58:35:e7:60:c2:8c:07:
                    48:ce:0a:5a:ac:da:76:bc:96:93:f7:5d:b9:19:42:
                    98:3b:d5:ce:8c:d3:19:3e:9b:c3:60:f6:e7:10:de:
                    b5:e8:51:08:d2:7b:6d:20:96:92:b5:70:35:d3:7f:
                    df:d8:12:4f:2f:e6:89:2a:7d:30:15:fa:42:2d:04:
                    9a:fd:3d:08:d2:93:1b:b7:a3:43:01:6d:f9:a0:08:
                    41:48:d8:c7:80:0a:2f:a0:54:f3:43:b2:83:81:d7:
                    ad:27:f0:14:a2:1d:73:36:f5:bd:7d:20:37:96:c2:
                    4e:77:06:be:ff:52:7c:fb:8b:11:c9:83:3c:16:c7:
                    06:31:06:6c:d7:aa:3b:88:c3:77:1a:ad:cf:1b:aa:
                    48:30:df:bd:d4:96:8a:e2:ae:90:d4:b1:88:25:8e:
                    53:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:35:37:89:FC:03:1B:7E:12:53:46:1B:16:4A:45:76:7E:80:8E:3F
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bjU3ifwDG34SU0YbFkpFdn6Ajj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:0a:12:74:2a:5f:d7:09:d1:9e:f1:b5:13:98:94:ea:fe:
         ae:16:85:3d:b8:cc:72:3d:d7:31:56:d0:f1:3e:90:95:02:96:
         84:5e:64:78:9b:73:9e:ec:f6:bd:6d:01:01:b3:f0:2e:6a:46:
         9b:c6:07:d0:48:bf:44:47:9a:d2:89:28:05:ac:8d:60:cf:5f:
         73:aa:03:40:f5:1e:4b:fb:3b:b5:29:99:85:3f:42:c2:a7:94:
         0c:db:86:6e:db:0a:ed:fe:5a:96:94:27:9b:7f:18:ea:b1:be:
         f6:61:03:fe:75:03:83:58:de:31:54:ae:26:db:d0:af:33:95:
         88:ab:d2:6a:85:c2:32:a5:d6:f2:8d:79:49:63:e0:38:3c:89:
         88:ae:d3:fe:49:43:12:c2:9f:17:a2:8e:08:f0:cb:39:e1:e2:
         ba:1e:f9:09:a8:dd:0e:00:a6:49:6c:4d:cb:a4:cc:0f:63:77:
         31:71:93:da:fb:b2:b5:36:cf:d5:9d:94:96:69:f7:f2:77:6a:
         0b:58:54:40:db:5f:35:c3:8a:3e:bd:a0:4e:0c:35:f7:0a:79:
         5a:54:3f:34:59:42:40:02:1e:e6:69:59:aa:e5:57:2e:df:08:
         f1:f7:06:a3:2a:ed:d6:a7:47:f6:d8:7c:31:8e:c8:be:3f:4f:
         5b:02:16:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5twaQUXvBVBRvFScVVn5SIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNTI4MDg0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTM1Mzc4OWZjMDMxYjdlMTI1MzQ2MWIxNjRhNDU3NjdlODA4ZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1pjXCVG4w20kNy+kd0JuYsIWaY
r1DWB4Q3Y+Ct/HQJXkl84d9dHFUsv2jZjy18SxmXi/mTDgq5TLQPgZdBUteqMxiX
Q/wdrjL7IwwBxheJgSYvux3Chc37cjtLYnvZq1g152DCjAdIzgparNp2vJaT9125
GUKYO9XOjNMZPpvDYPbnEN616FEI0nttIJaStXA103/f2BJPL+aJKn0wFfpCLQSa
/T0I0pMbt6NDAW35oAhBSNjHgAovoFTzQ7KDgdetJ/AUoh1zNvW9fSA3lsJOdwa+
/1J8+4sRyYM8FscGMQZs16o7iMN3Gq3PG6pIMN+91JaK4q6Q1LGIJY5TtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG41N4n8Axt+ElNGGxZKRXZ+gI4/MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvYmpVM2lmd0RHMzRTVTBZYkZrcEZkbjZBamo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhH+MA0G
CSqGSIb3DQEBCwUAA4IBAQA3rQoSdCpf1wnRnvG1E5iU6v6uFoU9uMxyPdcxVtDx
PpCVApaEXmR4m3Oe7Pa9bQEBs/AuakabxgfQSL9ER5rSiSgFrI1gz19zqgNA9R5L
+zu1KZmFP0LCp5QM24Zu2wrt/lqWlCebfxjqsb72YQP+dQODWN4xVK4m29CvM5WI
q9JqhcIypdbyjXlJY+A4PImIrtP+SUMSwp8Xoo4I8Ms54eK6HvkJqN0OAKZJbE3L
pMwPY3cxcZPa+7K1Ns/VnZSWaffyd2oLWFRA2181w4o+vaBODDX3CnlaVD80WUJA
Ah7maVmq5Vcu3wjx9wajKu3Wp0f22Hwxjsi+P09bAhYd
-----END CERTIFICATE-----