Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/8JSZWhyUYpRy8aBCdNPv83OhLzE.roa
File:                     8JSZWhyUYpRy8aBCdNPv83OhLzE.roa (raw, json)
Hash identifier:          cRifW1LmyHI9b6LIEF+DhKfqeLjA5tpM2Wwz0m3WPJE=
Subject key identifier:   F0:94:99:5A:1C:94:62:94:72:F1:A0:42:74:D3:EF:F3:73:A1:2F:31
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       019E6810761B0E2EB63FA47113ED320C72CA
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/8JSZWhyUYpRy8aBCdNPv83OhLzE.roa
Signing time:             Wed 27 May 2026 06:12:49 +0000
ROA not before:           Wed 27 May 2026 06:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        91.149.192.0/24 maxlen: 24
                          91.149.200.0/24 maxlen: 24
                          91.149.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:10:76:1b:0e:2e:b6:3f:a4:71:13:ed:32:0c:72:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: May 27 06:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f094995a1c94629472f1a04274d3eff373a12f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:23:dd:0e:10:94:39:e0:32:42:b6:20:87:8e:
                    92:de:a5:8d:5c:9f:5f:92:b4:c0:d9:fb:8a:10:da:
                    08:3d:6e:5d:87:eb:4a:6c:c3:bd:06:cf:22:17:ee:
                    86:3a:22:e8:f1:3e:89:ea:3e:e5:fc:9a:38:6a:79:
                    36:04:63:d7:af:70:a8:6b:4b:0d:e0:4b:6b:c6:e4:
                    37:d0:e7:ea:ee:51:84:81:b4:d4:0b:95:c5:db:a3:
                    18:fa:a0:52:3a:6a:26:4c:0a:88:fb:20:20:91:43:
                    61:70:a3:98:30:a7:7d:08:c1:f3:48:ac:a2:84:5f:
                    db:2e:09:9a:85:ab:53:53:7a:b8:dc:b6:7d:61:40:
                    f7:70:cc:6a:5f:7a:79:90:88:3d:66:f0:1d:76:d9:
                    f6:3f:b0:47:26:53:29:07:b8:65:20:c8:ca:b1:52:
                    6f:03:a0:9d:16:2b:9f:b3:44:cc:b7:ae:ad:91:0b:
                    2a:91:61:1a:d0:4b:ce:e2:e6:1d:f1:c6:ab:2e:f6:
                    4f:59:e1:8e:4c:7d:87:75:31:ef:24:8a:03:79:79:
                    66:9b:32:e2:00:ba:48:32:4c:12:88:a1:4d:67:67:
                    47:a8:21:0d:02:99:c7:43:0a:6c:e4:bf:ac:9f:57:
                    7c:46:6c:9c:7c:b2:03:8c:68:e0:14:d7:ae:e4:93:
                    24:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:94:99:5A:1C:94:62:94:72:F1:A0:42:74:D3:EF:F3:73:A1:2F:31
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/8JSZWhyUYpRy8aBCdNPv83OhLzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.192.0/24
                  91.149.200.0/24
                  91.149.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:41:e4:64:d5:1a:d4:bd:7c:8f:c6:21:38:e9:3b:90:89:0d:
         cc:0b:1d:8c:25:ac:d8:ed:46:62:d5:cb:7b:4e:29:19:46:4b:
         1e:70:92:66:71:12:34:d4:11:4f:84:8e:1a:6e:63:38:a9:62:
         21:3a:9e:51:cf:6f:77:e6:5b:c8:af:99:09:3f:0f:7d:51:0d:
         27:d3:5c:2d:37:39:24:64:03:9a:de:95:b9:3f:55:f0:89:60:
         1e:53:6d:fd:fe:49:f5:5a:db:a7:e5:a4:cb:c8:a6:f6:0d:cd:
         c8:ce:2c:db:29:83:8a:dd:a6:89:c2:f3:0b:57:91:07:94:c7:
         07:5b:31:73:c4:7f:36:2f:25:0b:18:be:c6:8c:a0:ba:af:6a:
         f9:eb:c6:9e:ee:0d:12:a0:0e:7f:47:6b:ba:cc:6f:e5:0c:af:
         ce:5d:64:63:40:76:a5:04:04:02:f8:67:65:7e:a0:b1:71:9a:
         6f:f4:55:83:e9:8b:e1:f3:34:ff:3c:a5:eb:0d:e5:3f:ba:2a:
         d3:37:9f:bb:16:d3:7b:33:15:16:f4:37:99:52:61:b8:78:4b:
         fe:5c:3a:56:58:6e:23:6d:86:87:ae:4e:24:97:c6:11:1c:e9:
         d8:3c:5a:96:06:29:1b:3c:2c:c2:61:c8:5d:cb:d7:80:1a:38:
         b3:fa:95:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5oEHYbDi62P6RxE+0yDHLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjYwNTI3MDYxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk0OTk1YTFjOTQ2Mjk0NzJmMWEwNDI3NGQzZWZmMzczYTEyZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiPdDhCUOeAyQrYgh46S3qWNXJ9f
krTA2fuKENoIPW5dh+tKbMO9Bs8iF+6GOiLo8T6J6j7l/Jo4ank2BGPXr3Coa0sN
4EtrxuQ30Ofq7lGEgbTUC5XF26MY+qBSOmomTAqI+yAgkUNhcKOYMKd9CMHzSKyi
hF/bLgmahatTU3q43LZ9YUD3cMxqX3p5kIg9ZvAddtn2P7BHJlMpB7hlIMjKsVJv
A6CdFiufs0TMt66tkQsqkWEa0EvO4uYd8carLvZPWeGOTH2HdTHvJIoDeXlmmzLi
ALpIMkwSiKFNZ2dHqCENApnHQwps5L+sn1d8RmycfLIDjGjgFNeu5JMkywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPCUmVoclGKUcvGgQnTT7/NzoS8xMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvOEpTWldoeVVZcFJ5OGFCQ2ROUHY4M09oTHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW5XAAwQA
W5XIAwQAW5XnMA0GCSqGSIb3DQEBCwUAA4IBAQB2QeRk1RrUvXyPxiE46TuQiQ3M
Cx2MJazY7UZi1ct7TikZRksecJJmcRI01BFPhI4abmM4qWIhOp5Rz2935lvIr5kJ
Pw99UQ0n01wtNzkkZAOa3pW5P1XwiWAeU239/kn1Wtun5aTLyKb2Dc3IzizbKYOK
3aaJwvMLV5EHlMcHWzFzxH82LyULGL7GjKC6r2r568ae7g0SoA5/R2u6zG/lDK/O
XWRjQHalBAQC+GdlfqCxcZpv9FWD6Yvh8zT/PKXrDeU/uirTN5+7FtN7MxUW9DeZ
UmG4eEv+XDpWWG4jbYaHrk4kl8YRHOnYPFqWBikbPCzCYchdy9eAGjiz+pU6
-----END CERTIFICATE-----