Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/1oRqSxsV2wun2rFmUQT8su3qejA.roa
File:                     1oRqSxsV2wun2rFmUQT8su3qejA.roa (raw, json)
Hash identifier:          QDmySoXjV82dcuZhUbqLA64RMa4lTs06OK9T7SDlrdg=
Subject key identifier:   D6:84:6A:4B:1B:15:DB:0B:A7:DA:B1:66:51:04:FC:B2:ED:EA:7A:30
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019E7512CD53C232C7F5AD01F65D084E093F
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/1oRqSxsV2wun2rFmUQT8su3qejA.roa
Signing time:             Fri 29 May 2026 18:50:26 +0000
ROA not before:           Fri 29 May 2026 18:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        89.126.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:12:cd:53:c2:32:c7:f5:ad:01:f6:5d:08:4e:09:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: May 29 18:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6846a4b1b15db0ba7dab1665104fcb2edea7a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1f:1f:63:c5:aa:67:53:95:c0:ce:46:59:87:
                    bc:97:e8:34:47:7c:f2:a3:08:4e:e7:42:2c:fa:a4:
                    c0:04:13:3b:2b:54:32:22:80:c5:e2:07:21:12:84:
                    92:d7:a9:c1:51:fe:68:4a:59:31:55:0c:96:db:5e:
                    c4:5e:b4:dc:b2:44:33:3f:47:be:6a:76:a0:b7:0c:
                    75:63:46:d6:0d:1b:e6:87:99:87:63:ec:aa:86:31:
                    b7:91:eb:ec:0d:4b:7a:66:07:a3:09:c2:4c:53:77:
                    51:a3:ae:28:9a:a9:f9:63:5c:d4:06:82:6c:89:06:
                    e6:60:a2:60:a8:16:e6:8c:c8:9b:83:6a:9e:34:1f:
                    f9:af:bc:10:a6:f5:df:08:a8:17:bc:47:9d:b7:8b:
                    0e:ff:98:90:1b:9b:a3:28:de:a4:90:30:7b:cd:21:
                    f0:70:dd:a7:16:a7:b8:b8:83:6a:52:f8:2a:09:15:
                    12:53:e3:9f:a8:a8:90:15:81:01:d1:ea:6c:cd:98:
                    4a:e0:64:1e:ff:77:9e:80:e7:f0:71:17:0f:1d:af:
                    90:35:a3:86:ac:91:c2:6c:79:60:71:43:46:45:12:
                    25:6d:36:1a:40:90:ee:c6:fe:3e:74:cc:ce:4b:86:
                    10:38:29:d2:fe:b6:43:a6:a4:d8:b6:fa:7a:78:ee:
                    f1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:84:6A:4B:1B:15:DB:0B:A7:DA:B1:66:51:04:FC:B2:ED:EA:7A:30
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/1oRqSxsV2wun2rFmUQT8su3qejA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:38:d8:47:48:8b:74:92:bc:c7:2c:6e:1e:c4:4d:9b:ca:ef:
         96:2e:e6:4f:df:c3:e9:3c:91:ef:c4:c7:5d:31:8d:41:55:37:
         4d:db:8f:88:87:5b:be:0c:09:b4:f5:ac:52:d3:e6:36:0f:4e:
         37:8e:5e:47:5b:5d:d0:46:da:35:b5:97:43:d4:f1:db:2e:c5:
         12:7a:ff:eb:03:d0:52:74:a1:5b:b3:49:ff:3a:22:7e:5a:31:
         d7:31:f8:34:f5:c9:33:b2:05:70:41:cb:60:b0:ed:2d:8b:a1:
         d6:e5:77:c9:af:a3:87:d2:71:e9:94:d4:4f:b5:ab:e3:26:a1:
         8e:a6:f5:c6:5d:82:46:ff:00:72:33:52:24:d8:b2:bb:6a:73:
         d1:e7:b5:fa:d3:0c:bf:2d:8b:2b:d4:13:76:67:f9:51:cd:5f:
         23:5a:e8:97:0b:5c:b5:8e:1c:c6:b5:fb:db:1a:d3:ad:a1:46:
         54:6b:97:85:84:d7:ae:30:a7:dc:73:52:1b:d0:ad:89:e7:4f:
         d7:bf:1e:0b:2e:39:1f:cd:d2:5e:10:9f:80:5c:7c:8d:3a:08:
         c2:30:4b:28:a1:65:ca:08:82:dc:8f:46:6c:8c:81:fc:ab:69:
         1c:32:25:a7:6d:bd:08:95:51:db:1f:3c:1c:21:16:8e:42:64:
         02:4a:a0:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ51Es1TwjLH9a0B9l0ITgk/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNTI5MTg1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjg0NmE0YjFiMTVkYjBiYTdkYWIxNjY1MTA0ZmNiMmVkZWE3YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwB8fY8WqZ1OVwM5GWYe8l+g0R3zy
owhO50Is+qTABBM7K1QyIoDF4gchEoSS16nBUf5oSlkxVQyW217EXrTcskQzP0e+
anagtwx1Y0bWDRvmh5mHY+yqhjG3kevsDUt6ZgejCcJMU3dRo64omqn5Y1zUBoJs
iQbmYKJgqBbmjMibg2qeNB/5r7wQpvXfCKgXvEedt4sO/5iQG5ujKN6kkDB7zSHw
cN2nFqe4uINqUvgqCRUSU+OfqKiQFYEB0epszZhK4GQe/3eegOfwcRcPHa+QNaOG
rJHCbHlgcUNGRRIlbTYaQJDuxv4+dMzOS4YQOCnS/rZDpqTYtvp6eO7xmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaEaksbFdsLp9qxZlEE/LLt6nowMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvMW9ScVN4c1Yyd3VuMnJGbVVRVDhzdTNxZWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7mMA0G
CSqGSIb3DQEBCwUAA4IBAQAFONhHSIt0krzHLG4exE2byu+WLuZP38PpPJHvxMdd
MY1BVTdN24+Ih1u+DAm09axS0+Y2D043jl5HW13QRto1tZdD1PHbLsUSev/rA9BS
dKFbs0n/OiJ+WjHXMfg09ckzsgVwQctgsO0ti6HW5XfJr6OH0nHplNRPtavjJqGO
pvXGXYJG/wByM1Ik2LK7anPR57X60wy/LYsr1BN2Z/lRzV8jWuiXC1y1jhzGtfvb
GtOtoUZUa5eFhNeuMKfcc1Ib0K2J50/Xvx4LLjkfzdJeEJ+AXHyNOgjCMEsooWXK
CILcj0ZsjIH8q2kcMiWnbb0IlVHbHzwcIRaOQmQCSqCG
-----END CERTIFICATE-----