Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/vreEc2OnmWho3oIl6CBlNsnxezo.roa
File:                     vreEc2OnmWho3oIl6CBlNsnxezo.roa (raw, json)
Hash identifier:          jOLUteZIY8VNVz2/81/tjP8Bgl/A9IZL4IhBT2BXtsA=
Subject key identifier:   BE:B7:84:73:63:A7:99:68:68:DE:82:25:E8:20:65:36:C9:F1:7B:3A
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019E29D702A13248D2EE82FF018022C2EAD1
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/vreEc2OnmWho3oIl6CBlNsnxezo.roa
Signing time:             Fri 15 May 2026 04:13:37 +0000
ROA not before:           Fri 15 May 2026 04:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200658
IP address blocks:        31.207.6.0/24 maxlen: 24
                          72.35.245.0/24 maxlen: 24
                          104.143.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:29:d7:02:a1:32:48:d2:ee:82:ff:01:80:22:c2:ea:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May 15 04:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=beb7847363a7996868de8225e8206536c9f17b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:79:6e:32:fa:fa:88:71:6e:4e:02:8d:5f:7e:
                    c7:f6:79:7c:7f:f6:04:d3:71:95:92:ab:a4:98:53:
                    30:5e:51:69:0b:2d:1e:69:61:16:0f:4e:2a:58:93:
                    29:6d:30:c6:a2:ea:06:dc:6b:c1:aa:0c:94:6a:1c:
                    39:a9:81:4d:08:c2:c0:32:8a:a0:6e:cf:fe:ad:b5:
                    2f:4d:5a:36:fc:bb:be:13:b3:f1:48:8b:b8:0f:fa:
                    05:4e:0f:7f:01:db:54:16:9d:95:d8:49:bf:5c:ab:
                    23:9f:8c:e1:ca:f3:5b:2c:0c:33:c0:f2:b5:5d:c1:
                    64:18:d4:82:a3:d7:70:45:be:f1:7b:66:4a:aa:8c:
                    37:03:8e:0b:d5:17:12:22:04:71:e0:26:5d:d9:34:
                    f0:3c:a5:14:e1:9f:49:d2:41:2e:2a:02:17:b5:3a:
                    c4:d4:7a:67:78:97:44:12:59:b8:eb:01:0e:db:e1:
                    49:e9:a6:5a:c6:60:01:01:63:aa:c8:e1:c6:b7:4c:
                    a9:1d:30:23:54:83:d1:07:5f:22:29:80:d9:b5:75:
                    c0:5b:cf:c7:0f:fa:2b:c2:6a:b2:8d:a1:ee:7d:b4:
                    95:68:99:2d:75:30:c8:eb:6f:8d:3e:56:d2:05:38:
                    2a:47:25:59:ec:27:87:ea:d4:5f:3b:5c:5c:69:91:
                    d9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B7:84:73:63:A7:99:68:68:DE:82:25:E8:20:65:36:C9:F1:7B:3A
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/vreEc2OnmWho3oIl6CBlNsnxezo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.6.0/24
                  72.35.245.0/24
                  104.143.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:29:59:38:c4:f0:f9:06:72:85:ce:52:7f:53:aa:ba:9c:62:
         5e:53:03:37:4d:be:d4:64:14:f9:d5:b2:a5:d2:d7:ee:09:77:
         67:b4:d6:53:94:3b:57:8a:ad:cb:34:2c:d4:14:7c:a7:a7:20:
         27:97:a9:c6:40:ac:78:a0:83:f7:a8:93:b8:e0:a4:1f:b5:6b:
         6e:97:a3:16:49:3b:39:ad:a2:bf:e7:98:c0:71:61:ec:9b:8a:
         f6:d5:9f:25:34:89:c5:93:9a:e7:fd:2c:3d:23:0d:bf:be:53:
         12:55:43:60:2b:03:a4:3e:cc:9b:c9:37:23:e6:53:dd:a4:b3:
         5e:b0:34:8b:0b:da:7e:31:69:aa:ec:6b:5e:72:b3:82:22:16:
         08:a0:e0:db:51:dc:4e:2c:82:1d:06:54:de:66:db:05:c3:83:
         16:a1:f1:ca:dd:4b:bd:a6:7e:1b:04:0f:52:2f:f0:5d:5f:78:
         6c:ca:45:79:d3:bf:6d:87:a9:2d:a0:49:ad:94:9f:df:7d:19:
         f4:3a:45:d1:f7:f1:5e:97:f9:21:d9:77:92:8b:79:84:46:cf:
         01:92:e4:f0:2a:a7:86:5a:33:18:31:33:77:be:10:4b:0c:d3:
         3e:c3:88:70:d8:0b:c0:3e:1b:dd:54:fa:8d:82:b3:7b:8a:8d:
         56:05:cf:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4p1wKhMkjS7oL/AYAiwurRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTE1MDQxMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWI3ODQ3MzYzYTc5OTY4NjhkZTgyMjVlODIwNjUzNmM5ZjE3YjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XluMvr6iHFuTgKNX37H9nl8f/YE
03GVkqukmFMwXlFpCy0eaWEWD04qWJMpbTDGouoG3GvBqgyUahw5qYFNCMLAMoqg
bs/+rbUvTVo2/Lu+E7PxSIu4D/oFTg9/AdtUFp2V2Em/XKsjn4zhyvNbLAwzwPK1
XcFkGNSCo9dwRb7xe2ZKqow3A44L1RcSIgRx4CZd2TTwPKUU4Z9J0kEuKgIXtTrE
1HpneJdEElm46wEO2+FJ6aZaxmABAWOqyOHGt0ypHTAjVIPRB18iKYDZtXXAW8/H
D/orwmqyjaHufbSVaJktdTDI62+NPlbSBTgqRyVZ7CeH6tRfO1xcaZHZywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL63hHNjp5loaN6CJeggZTbJ8Xs6MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvdnJlRWMyT25tV2hvM29JbDZDQmxOc254ZXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH88GAwQA
SCP1AwQAaI/AMA0GCSqGSIb3DQEBCwUAA4IBAQAHKVk4xPD5BnKFzlJ/U6q6nGJe
UwM3Tb7UZBT51bKl0tfuCXdntNZTlDtXiq3LNCzUFHynpyAnl6nGQKx4oIP3qJO4
4KQftWtul6MWSTs5raK/55jAcWHsm4r21Z8lNInFk5rn/Sw9Iw2/vlMSVUNgKwOk
PsybyTcj5lPdpLNesDSLC9p+MWmq7GtecrOCIhYIoODbUdxOLIIdBlTeZtsFw4MW
ofHK3Uu9pn4bBA9SL/BdX3hsykV5079th6ktoEmtlJ/ffRn0OkXR9/Fel/kh2XeS
i3mERs8BkuTwKqeGWjMYMTN3vhBLDNM+w4hw2AvAPhvdVPqNgrN7io1WBc+G
-----END CERTIFICATE-----