Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/FFQPSEmk9qM3Y6JG6poXu9dhRAU.roa
File:                     FFQPSEmk9qM3Y6JG6poXu9dhRAU.roa (raw, json)
Hash identifier:          BnSKp1Q8nfRVrNeJwWWT/E/PUhJwMT9U7kho9ZWpI3Y=
Subject key identifier:   14:54:0F:48:49:A4:F6:A3:37:63:A2:46:EA:9A:17:BB:D7:61:44:05
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019E6E4F8A4CA428BE4C62CE58D4B26DE09C
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/FFQPSEmk9qM3Y6JG6poXu9dhRAU.roa
Signing time:             Thu 28 May 2026 11:19:26 +0000
ROA not before:           Thu 28 May 2026 11:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        79.110.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:4f:8a:4c:a4:28:be:4c:62:ce:58:d4:b2:6d:e0:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: May 28 11:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14540f4849a4f6a33763a246ea9a17bbd7614405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3b:b4:23:76:7e:55:d8:2b:e1:b5:4c:68:d7:
                    7f:86:d9:5e:9a:89:c4:e2:68:c1:1d:ee:a1:45:ae:
                    1e:50:fc:a2:d2:2e:0b:fd:4d:5f:a4:ee:4d:2d:46:
                    8f:33:c9:4e:1f:83:27:27:d1:37:4d:63:f9:35:ef:
                    ab:c7:a5:da:3f:2f:f0:23:1b:fb:54:42:63:e9:c9:
                    33:40:c2:52:42:92:74:29:42:69:0c:b3:27:60:85:
                    3d:9f:50:b0:28:a2:8b:ce:1a:0a:5b:bb:41:db:49:
                    8c:79:c1:69:df:7f:cc:b0:64:e2:36:45:c3:ee:0a:
                    ab:c5:75:2a:96:98:e1:99:c3:80:a5:ac:bc:29:ce:
                    3d:f7:dd:c6:75:91:77:f8:2e:08:b5:14:7f:f4:65:
                    60:16:96:c9:67:07:b1:23:df:78:27:61:50:a1:6b:
                    33:bb:0b:e9:80:04:e6:68:be:2e:02:b2:58:9b:83:
                    88:60:08:6a:5b:f4:d7:de:b6:a4:5d:e8:b3:41:a7:
                    9b:b6:cf:19:55:7e:b6:51:eb:b2:e0:f5:38:76:c8:
                    13:b6:cc:0a:bd:15:33:98:c9:ff:f6:e9:84:0d:d6:
                    7d:b2:79:45:60:9b:c6:bb:e1:03:7d:c4:3d:8f:5b:
                    42:d8:54:e1:0c:3c:19:a9:2a:61:ae:ce:92:aa:bb:
                    f9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:54:0F:48:49:A4:F6:A3:37:63:A2:46:EA:9A:17:BB:D7:61:44:05
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/FFQPSEmk9qM3Y6JG6poXu9dhRAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:c4:15:71:46:c1:ca:0c:1c:24:ca:f4:f4:86:b3:90:64:cf:
         b9:05:7e:93:cf:02:36:2d:54:4a:d8:32:c7:fd:d6:90:40:8b:
         86:18:7c:21:19:b4:7c:11:2a:82:99:fe:bc:1a:22:59:05:6b:
         a3:2e:5b:97:96:47:49:1d:51:eb:53:e1:51:78:1a:7c:39:db:
         ad:16:7c:38:34:c2:20:b3:62:a3:37:9f:58:01:8c:1e:de:82:
         cf:9c:87:6a:7c:10:c0:c9:d4:75:1e:ed:dd:01:19:2e:ec:ca:
         46:42:9e:8e:9d:0f:1a:fd:18:79:0a:28:7e:73:f9:0e:b5:3c:
         e6:d6:a5:9b:e1:cc:b9:09:a1:d2:05:1f:e7:60:34:1f:97:fb:
         66:b6:96:3e:e5:82:6f:d7:53:72:73:f8:f5:26:62:29:81:cc:
         6d:8b:e2:f5:1f:d6:9d:ae:a7:0f:4a:78:5c:2c:b2:14:37:ec:
         0b:30:08:38:96:28:6c:55:6e:78:d1:b0:58:13:1e:fc:9b:16:
         0f:ce:4d:81:0a:32:53:47:f7:33:fd:cd:52:c0:e4:a0:a2:d0:
         1a:76:6a:f1:d0:d1:8d:57:9b:7b:66:84:22:d2:94:14:f1:e9:
         eb:f7:41:6a:3d:9c:b6:48:81:31:60:0e:34:8f:33:cd:c0:dd:
         32:e5:ad:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5uT4pMpCi+TGLOWNSybeCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwNTI4MTExOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU0MGY0ODQ5YTRmNmEzMzc2M2EyNDZlYTlhMTdiYmQ3NjE0NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTu0I3Z+Vdgr4bVMaNd/htlemonE
4mjBHe6hRa4eUPyi0i4L/U1fpO5NLUaPM8lOH4MnJ9E3TWP5Ne+rx6XaPy/wIxv7
VEJj6ckzQMJSQpJ0KUJpDLMnYIU9n1CwKKKLzhoKW7tB20mMecFp33/MsGTiNkXD
7gqrxXUqlpjhmcOApay8Kc49993GdZF3+C4ItRR/9GVgFpbJZwexI994J2FQoWsz
uwvpgATmaL4uArJYm4OIYAhqW/TX3rakXeizQaebts8ZVX62Ueuy4PU4dsgTtswK
vRUzmMn/9umEDdZ9snlFYJvGu+EDfcQ9j1tC2FThDDwZqSphrs6Sqrv5VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRUD0hJpPajN2OiRuqaF7vXYUQFMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvRkZRUFNFbWs5cU0zWTZKRzZwb1h1OWRoUkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCT24AMA0G
CSqGSIb3DQEBCwUAA4IBAQBXxBVxRsHKDBwkyvT0hrOQZM+5BX6TzwI2LVRK2DLH
/daQQIuGGHwhGbR8ESqCmf68GiJZBWujLluXlkdJHVHrU+FReBp8OdutFnw4NMIg
s2KjN59YAYwe3oLPnIdqfBDAydR1Hu3dARku7MpGQp6OnQ8a/Rh5Cih+c/kOtTzm
1qWb4cy5CaHSBR/nYDQfl/tmtpY+5YJv11Nyc/j1JmIpgcxti+L1H9adrqcPSnhc
LLIUN+wLMAg4lihsVW540bBYEx78mxYPzk2BCjJTR/cz/c1SwOSgotAadmrx0NGN
V5t7ZoQi0pQU8enr90FqPZy2SIExYA40jzPNwN0y5a1q
-----END CERTIFICATE-----