Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d1WE9Y-bl-dyCyOc7uWWpS9ScgM.roa
File:                     d1WE9Y-bl-dyCyOc7uWWpS9ScgM.roa (raw, json)
Hash identifier:          NKQwn8ID5kOmxVWOj7bN8K5HmhhaUChKXOldko4subU=
Subject key identifier:   77:55:84:F5:8F:9B:97:E7:72:0B:23:9C:EE:E5:96:A5:2F:52:72:03
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EABF8D9E4253F68AC290339F035A8921A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d1WE9Y-bl-dyCyOc7uWWpS9ScgM.roa
Signing time:             Tue 09 Jun 2026 10:41:13 +0000
ROA not before:           Tue 09 Jun 2026 10:41:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        94.183.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:57:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:f8:d9:e4:25:3f:68:ac:29:03:39:f0:35:a8:92:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  9 10:41:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=775584f58f9b97e7720b239ceee596a52f527203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1e:4e:0a:85:09:f4:67:60:62:b7:74:45:75:
                    c1:dd:e2:46:88:07:3b:67:81:4e:56:18:42:c8:22:
                    69:34:ad:92:a8:88:7e:a0:70:24:c6:b1:38:67:f9:
                    ca:af:2e:9c:9b:ff:c3:21:05:47:de:d9:96:69:be:
                    d9:ae:a6:19:2f:75:5c:ca:d5:0e:65:89:14:d4:c4:
                    0c:73:0c:ee:42:49:ba:0c:dd:6e:e6:b1:00:ed:9b:
                    e5:8b:58:e3:80:a8:1a:6f:81:f7:e9:59:4c:de:a6:
                    f9:23:62:a1:cd:cb:6c:7c:23:06:f2:0a:42:37:8a:
                    cf:99:3c:46:b7:5f:ef:c5:73:73:48:df:39:3e:d5:
                    9b:4f:ae:c6:40:23:b6:f8:bb:39:60:ad:4d:4b:c7:
                    5f:a4:66:d3:c8:2c:87:69:21:18:92:b8:24:a5:a5:
                    4f:0e:48:5b:be:43:0d:b5:c0:64:9b:bc:f1:38:d5:
                    d1:cc:80:55:f2:a2:59:e8:00:e6:5f:db:5b:4f:72:
                    ca:53:5f:a1:39:e0:23:c7:28:92:8e:c1:e8:61:15:
                    53:55:9e:1b:b2:f7:c5:ba:33:48:18:97:54:b0:e4:
                    55:62:ed:a0:d5:be:7a:58:2a:f9:e0:51:b9:fc:a5:
                    af:dc:be:36:de:a7:7c:c2:81:17:1f:6b:e9:10:23:
                    3f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:55:84:F5:8F:9B:97:E7:72:0B:23:9C:EE:E5:96:A5:2F:52:72:03
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d1WE9Y-bl-dyCyOc7uWWpS9ScgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:e4:59:02:c5:b8:08:72:48:0b:bf:97:34:41:ff:4f:71:1b:
         bc:85:d3:e6:a1:35:87:2a:f9:1e:3b:58:77:1d:a3:4f:1a:63:
         1e:05:50:ad:b8:af:ee:ca:34:41:4b:88:e6:e2:f3:d1:cb:f5:
         07:cc:0d:69:b4:2a:c6:c2:0d:24:22:c8:d1:fa:f3:1b:ae:17:
         08:1e:40:e2:d3:db:30:52:bb:a7:e9:35:8e:e8:d7:27:50:d4:
         68:e8:b5:7b:a9:9c:74:3c:74:06:83:a8:f1:48:b8:ac:6c:22:
         cc:13:51:05:ed:6b:a3:fc:77:c5:00:9d:14:3c:b1:14:e0:e8:
         d9:37:23:c3:18:3c:ef:c4:e8:dc:bb:05:09:9c:10:e9:f0:99:
         0b:ed:60:26:7d:b1:98:e9:7a:9d:0c:83:bb:a4:eb:20:e1:8c:
         9d:4f:54:72:fd:56:7b:cd:b0:bf:bd:4b:ca:93:63:f8:3d:c3:
         28:e9:62:e4:5a:2a:00:0a:75:e4:a8:03:15:44:e0:d3:d6:54:
         62:4b:01:2d:b5:21:5a:24:aa:2b:5f:7e:f9:aa:19:1c:11:89:
         52:c6:7f:7d:47:d0:da:4a:4a:5d:05:ee:77:1f:f0:f4:66:56:
         2f:7f:8d:1d:45:12:b2:32:9c:d1:a1:31:b4:b7:a4:ec:c5:8c:
         b1:78:4a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6r+NnkJT9orCkDOfA1qJIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA5MTA0MTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU1ODRmNThmOWI5N2U3NzIwYjIzOWNlZWU1OTZhNTJmNTI3MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh5OCoUJ9GdgYrd0RXXB3eJGiAc7
Z4FOVhhCyCJpNK2SqIh+oHAkxrE4Z/nKry6cm//DIQVH3tmWab7ZrqYZL3VcytUO
ZYkU1MQMcwzuQkm6DN1u5rEA7Zvli1jjgKgab4H36VlM3qb5I2KhzctsfCMG8gpC
N4rPmTxGt1/vxXNzSN85PtWbT67GQCO2+Ls5YK1NS8dfpGbTyCyHaSEYkrgkpaVP
DkhbvkMNtcBkm7zxONXRzIBV8qJZ6ADmX9tbT3LKU1+hOeAjxyiSjsHoYRVTVZ4b
svfFujNIGJdUsORVYu2g1b56WCr54FG5/KWv3L423qd8woEXH2vpECM/XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdVhPWPm5fncgsjnO7llqUvUnIDMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZDFXRTlZLWJsLWR5Q3lPYzd1V1dwUzlTY2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrfYMA0G
CSqGSIb3DQEBCwUAA4IBAQC85FkCxbgIckgLv5c0Qf9PcRu8hdPmoTWHKvkeO1h3
HaNPGmMeBVCtuK/uyjRBS4jm4vPRy/UHzA1ptCrGwg0kIsjR+vMbrhcIHkDi09sw
Urun6TWO6NcnUNRo6LV7qZx0PHQGg6jxSLisbCLME1EF7Wuj/HfFAJ0UPLEU4OjZ
NyPDGDzvxOjcuwUJnBDp8JkL7WAmfbGY6XqdDIO7pOsg4YydT1Ry/VZ7zbC/vUvK
k2P4PcMo6WLkWioACnXkqAMVRODT1lRiSwEttSFaJKorX375qhkcEYlSxn99R9Da
SkpdBe53H/D0ZlYvf40dRRKyMpzRoTG0t6TsxYyxeErZ
-----END CERTIFICATE-----