Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/lO4aMYjTXDg82zupSKrFHWUdFXM.roa
File:                     lO4aMYjTXDg82zupSKrFHWUdFXM.roa (raw, json)
Hash identifier:          K8T/sVk5Jwp031FPajjAVDlXuxBIkzugBlo1sxxCmO4=
Subject key identifier:   94:EE:1A:31:88:D3:5C:38:3C:DB:3B:A9:48:AA:C5:1D:65:1D:15:73
Certificate issuer:       /CN=1e02b2489f4713962d105112b25276eb81f1ac90
Certificate serial:       019DDE5200B002937E4012DBE3D942BCC4F7
Authority key identifier: 1E:02:B2:48:9F:47:13:96:2D:10:51:12:B2:52:76:EB:81:F1:AC:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgKySJ9HE5YtEFESslJ264HxrJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/lO4aMYjTXDg82zupSKrFHWUdFXM.roa
Signing time:             Thu 30 Apr 2026 12:16:49 +0000
ROA not before:           Thu 30 Apr 2026 12:16:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56650
IP address blocks:        85.208.64.0/22 maxlen: 22
                          85.208.64.0/24 maxlen: 24
                          85.208.65.0/24 maxlen: 24
                          85.208.66.0/24 maxlen: 24
                          85.208.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/HgKySJ9HE5YtEFESslJ264HxrJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/HgKySJ9HE5YtEFESslJ264HxrJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgKySJ9HE5YtEFESslJ264HxrJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:52:00:b0:02:93:7e:40:12:db:e3:d9:42:bc:c4:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e02b2489f4713962d105112b25276eb81f1ac90
        Validity
            Not Before: Apr 30 12:16:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94ee1a3188d35c383cdb3ba948aac51d651d1573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:90:21:83:77:06:b8:30:e0:95:85:fa:53:
                    90:0e:c8:3c:a2:ce:93:94:74:53:67:82:c2:6e:50:
                    b6:ac:f6:cf:bd:b3:3b:17:ed:49:ca:56:6d:c6:47:
                    e8:26:9a:20:3c:1c:8c:56:7f:7c:0a:e0:19:ef:70:
                    5f:55:6f:65:93:8a:d5:f0:dd:04:a6:68:59:a9:f5:
                    bb:6c:94:70:5f:9d:6f:57:41:95:7a:4c:22:aa:bd:
                    2d:36:5a:3e:d7:06:6b:7b:40:ba:9d:1e:d1:ea:22:
                    8d:e9:e2:8e:25:99:46:f4:98:33:8b:28:da:7d:f4:
                    28:34:e0:1d:c7:71:66:60:00:ff:d6:d5:74:86:67:
                    59:1a:e0:f3:0c:53:f6:6b:8e:14:e2:64:57:02:6f:
                    84:09:64:58:e6:e3:a2:a1:0e:25:03:c0:7c:57:62:
                    a1:fa:09:0b:87:cb:ca:8c:2b:8e:67:fb:5f:9f:7e:
                    45:bc:24:ca:e7:a9:ab:a3:bc:65:c6:95:18:63:c2:
                    26:4b:df:62:f2:2a:10:7a:26:c8:2d:03:6a:41:83:
                    c3:a5:ac:7b:45:9c:11:6d:b4:a1:f0:8f:f2:ab:5c:
                    bb:62:10:92:8a:94:20:b8:bb:b0:ee:2b:0e:7f:99:
                    2f:be:82:ec:80:48:cb:1f:e0:db:68:90:5c:cf:40:
                    47:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:EE:1A:31:88:D3:5C:38:3C:DB:3B:A9:48:AA:C5:1D:65:1D:15:73
            X509v3 Authority Key Identifier:
                keyid:1E:02:B2:48:9F:47:13:96:2D:10:51:12:B2:52:76:EB:81:F1:AC:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgKySJ9HE5YtEFESslJ264HxrJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/lO4aMYjTXDg82zupSKrFHWUdFXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c0a326-88e1-42b4-9d56-0921d1bbf349/1/HgKySJ9HE5YtEFESslJ264HxrJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:1d:ef:3a:e2:01:61:62:15:7c:10:66:1c:40:c6:ea:e1:e5:
         9d:90:ac:09:e8:f2:5c:94:15:0c:bf:e4:3d:1c:90:ae:21:db:
         fc:ea:dd:e3:8e:7d:f8:94:98:94:fa:b3:84:fb:4e:0e:5c:8f:
         16:c1:28:18:ad:b1:50:09:54:ca:28:0e:6e:1b:a4:02:f3:a7:
         7d:35:89:ab:4f:36:c6:e8:e3:c3:3c:f9:6f:e1:05:9d:58:0a:
         28:33:ff:a8:66:9a:2f:4b:1b:08:a3:c1:c0:27:c9:7e:de:3b:
         81:ca:d2:30:52:58:a5:9b:29:4d:42:a4:c7:39:37:63:b1:cb:
         10:57:a9:03:b0:cc:ba:07:e4:8f:28:2a:12:32:15:33:fc:7b:
         fe:46:85:1e:eb:3b:ac:40:c1:be:c3:c7:e7:5b:b1:9c:7d:fc:
         2a:21:0b:3e:e8:21:fc:74:c1:4c:cd:b7:01:09:3f:d6:4e:7f:
         9e:3b:de:bc:85:73:fd:3b:8d:4e:54:c4:81:77:cf:71:96:f0:
         60:76:40:e1:32:45:30:ef:f6:32:82:77:f5:5d:ac:41:93:8b:
         6e:66:5e:88:51:e3:6c:02:1a:58:dc:09:86:cd:88:e5:5f:3b:
         3a:82:c4:52:ce:2a:b9:18:cc:c2:09:2c:19:d8:a2:b6:dc:89:
         f5:f2:22:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3eUgCwApN+QBLb49lCvMT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMDJiMjQ4OWY0NzEzOTYyZDEwNTExMmIyNTI3NmViODFm
MWFjOTAwHhcNMjYwNDMwMTIxNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGVlMWEzMTg4ZDM1YzM4M2NkYjNiYTk0OGFhYzUxZDY1MWQxNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAeQIYN3Brgw4JWF+lOQDsg8os6T
lHRTZ4LCblC2rPbPvbM7F+1JylZtxkfoJpogPByMVn98CuAZ73BfVW9lk4rV8N0E
pmhZqfW7bJRwX51vV0GVekwiqr0tNlo+1wZre0C6nR7R6iKN6eKOJZlG9Jgziyja
ffQoNOAdx3FmYAD/1tV0hmdZGuDzDFP2a44U4mRXAm+ECWRY5uOioQ4lA8B8V2Kh
+gkLh8vKjCuOZ/tfn35FvCTK56mro7xlxpUYY8ImS99i8ioQeibILQNqQYPDpax7
RZwRbbSh8I/yq1y7YhCSipQguLuw7isOf5kvvoLsgEjLH+DbaJBcz0BHKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTuGjGI01w4PNs7qUiqxR1lHRVzMB8GA1UdIwQY
MBaAFB4CskifRxOWLRBRErJSduuB8ayQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGdLeVNKOUhFNVl0RUZFU3NsSjI2NEh4ckpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jMGEzMjYtODhlMS00MmI0LTlkNTYt
MDkyMWQxYmJmMzQ5LzEvbE80YU1ZalRYRGc4Mnp1cFNLckZIV1VkRlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jMGEzMjYtODhlMS00MmI0LTlkNTYtMDkyMWQxYmJmMzQ5
LzEvSGdLeVNKOUhFNVl0RUZFU3NsSjI2NEh4ckpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdBAMA0G
CSqGSIb3DQEBCwUAA4IBAQBgHe864gFhYhV8EGYcQMbq4eWdkKwJ6PJclBUMv+Q9
HJCuIdv86t3jjn34lJiU+rOE+04OXI8WwSgYrbFQCVTKKA5uG6QC86d9NYmrTzbG
6OPDPPlv4QWdWAooM/+oZpovSxsIo8HAJ8l+3juBytIwUlilmylNQqTHOTdjscsQ
V6kDsMy6B+SPKCoSMhUz/Hv+RoUe6zusQMG+w8fnW7GcffwqIQs+6CH8dMFMzbcB
CT/WTn+eO968hXP9O41OVMSBd89xlvBgdkDhMkUw7/Yygnf1XaxBk4tuZl6IUeNs
AhpY3AmGzYjlXzs6gsRSziq5GMzCCSwZ2KK23In18iIj
-----END CERTIFICATE-----