Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UE5lqxub4HZyPzOaFIeY1MynbOM.roa
File:                     UE5lqxub4HZyPzOaFIeY1MynbOM.roa (raw, json)
Hash identifier:          G/5g2S7073n0P8fSJcz9JyRKGI6p6NHbjV1Y/gWxHho=
Subject key identifier:   50:4E:65:AB:1B:9B:E0:76:72:3F:33:9A:14:87:98:D4:CC:A7:6C:E3
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019E9E77C5A9777E5B1B35AA3149C973880F
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UE5lqxub4HZyPzOaFIeY1MynbOM.roa
Signing time:             Sat 06 Jun 2026 19:45:09 +0000
ROA not before:           Sat 06 Jun 2026 19:45:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        91.234.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:77:c5:a9:77:7e:5b:1b:35:aa:31:49:c9:73:88:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jun  6 19:45:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=504e65ab1b9be076723f339a148798d4cca76ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1b:3e:51:4b:f0:f2:9c:b7:62:19:3e:ba:dc:
                    4b:07:ea:83:f3:a9:c5:ca:45:fd:97:e3:a2:65:4d:
                    be:01:15:24:1b:83:af:ec:11:67:e5:46:f4:11:9f:
                    d5:78:9d:42:43:1e:2a:c5:1f:f2:08:b8:18:d4:2f:
                    93:34:f0:21:39:81:c3:fa:f8:e2:f6:75:43:49:84:
                    57:39:d0:3f:a8:bd:ca:5c:7a:bb:d8:ea:19:05:51:
                    d8:e7:cf:68:af:21:b7:53:b9:09:d7:d9:b3:22:ce:
                    3a:47:43:29:1d:91:93:90:b1:23:e9:74:65:71:b2:
                    fb:36:16:be:2b:2b:10:1a:b2:83:38:f3:87:4a:ec:
                    f3:dc:10:18:36:af:49:b1:bc:8a:50:05:f4:1f:4f:
                    53:2b:4b:19:53:c1:50:7e:2b:b1:19:06:f3:d8:77:
                    ad:8d:bf:cc:88:26:54:7b:f5:b7:77:d2:b6:1b:4c:
                    e3:29:88:ce:87:a6:d1:1e:f3:c2:3c:24:5d:59:8b:
                    0d:02:a9:e0:0b:81:5a:c6:a5:a9:39:48:91:b1:ec:
                    03:c3:55:ec:fd:cb:26:be:c0:c7:a2:d6:3b:e4:99:
                    68:ad:de:0b:55:9a:8d:38:84:a6:fe:fe:48:ee:b6:
                    98:f0:e1:2b:84:cd:35:33:49:fd:85:54:ea:74:01:
                    4d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:4E:65:AB:1B:9B:E0:76:72:3F:33:9A:14:87:98:D4:CC:A7:6C:E3
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UE5lqxub4HZyPzOaFIeY1MynbOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fa:77:bf:39:61:cb:48:51:12:c9:71:04:93:a7:99:28:54:
         2b:4d:8e:3c:ae:91:fb:f2:05:65:f6:91:1f:49:bd:8c:42:54:
         15:b0:46:de:ff:24:0a:70:2f:df:9d:d6:00:ff:b2:a9:03:df:
         1c:41:9e:de:6f:55:43:43:f9:f6:2a:e4:2f:2f:c4:2f:58:2f:
         69:c6:9f:30:48:fe:a7:c9:ea:2a:92:9d:c4:dd:5a:ca:e9:27:
         56:5a:4f:a6:ad:a9:47:89:58:1c:be:36:e7:10:02:d3:3a:2c:
         4a:2e:de:be:56:c0:73:f5:c0:d3:26:f4:b7:c1:1c:82:8c:8e:
         c4:9c:1f:6c:13:84:ee:26:e0:55:88:09:b5:e5:10:1e:92:b3:
         d5:82:fd:87:6e:4b:20:29:89:00:02:5d:3a:3d:df:06:81:b8:
         8d:cc:94:e7:34:ff:09:a8:83:bc:34:78:f0:6c:e0:6c:6d:eb:
         52:3d:f5:6b:64:71:88:ca:ca:3b:1f:be:cb:7e:99:7b:9c:d0:
         64:cb:f9:03:e1:26:d4:34:98:00:9e:c9:ed:cc:b5:7d:09:12:
         39:27:c3:4e:29:4e:88:59:d9:83:07:cd:fb:61:9f:5e:66:ea:
         e3:9d:b6:2c:6f:26:b4:30:e3:70:6b:31:78:5a:12:0e:36:3d:
         e6:ae:ab:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ed8Wpd35bGzWqMUnJc4gPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjYwNjA2MTk0NTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDRlNjVhYjFiOWJlMDc2NzIzZjMzOWExNDg3OThkNGNjYTc2Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBs+UUvw8py3Yhk+utxLB+qD86nF
ykX9l+OiZU2+ARUkG4Ov7BFn5Ub0EZ/VeJ1CQx4qxR/yCLgY1C+TNPAhOYHD+vji
9nVDSYRXOdA/qL3KXHq72OoZBVHY589oryG3U7kJ19mzIs46R0MpHZGTkLEj6XRl
cbL7Nha+KysQGrKDOPOHSuzz3BAYNq9JsbyKUAX0H09TK0sZU8FQfiuxGQbz2Het
jb/MiCZUe/W3d9K2G0zjKYjOh6bRHvPCPCRdWYsNAqngC4FaxqWpOUiRsewDw1Xs
/csmvsDHotY75Jlord4LVZqNOISm/v5I7raY8OErhM01M0n9hVTqdAFNXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBOZasbm+B2cj8zmhSHmNTMp2zjMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvVUU1bHF4dWI0SFp5UHpPYUZJZVkxTXluYk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oWMA0G
CSqGSIb3DQEBCwUAA4IBAQAY+ne/OWHLSFESyXEEk6eZKFQrTY48rpH78gVl9pEf
Sb2MQlQVsEbe/yQKcC/fndYA/7KpA98cQZ7eb1VDQ/n2KuQvL8QvWC9pxp8wSP6n
yeoqkp3E3VrK6SdWWk+mralHiVgcvjbnEALTOixKLt6+VsBz9cDTJvS3wRyCjI7E
nB9sE4TuJuBViAm15RAekrPVgv2HbksgKYkAAl06Pd8GgbiNzJTnNP8JqIO8NHjw
bOBsbetSPfVrZHGIyso7H77Lfpl7nNBky/kD4SbUNJgAnsntzLV9CRI5J8NOKU6I
WdmDB837YZ9eZurjnbYsbya0MONwazF4WhIONj3mrqvm
-----END CERTIFICATE-----