Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/sVT6ylubpnSl9Wo3Q1UIodxgUTA.roa
File:                     sVT6ylubpnSl9Wo3Q1UIodxgUTA.roa (raw, json)
Hash identifier:          XIJ9HqJKdhG3i/7uPJ3bJoLhrTdl04nl6aE6hwyGjnU=
Subject key identifier:   B1:54:FA:CA:5B:9B:A6:74:A5:F5:6A:37:43:55:08:A1:DC:60:51:30
Certificate issuer:       /CN=974e35ec2180daebd1bf3dd44403a9e0bfcb56ca
Certificate serial:       019EB14FB582F8C2600EB20926C1EA03F117
Authority key identifier: 97:4E:35:EC:21:80:DA:EB:D1:BF:3D:D4:44:03:A9:E0:BF:CB:56:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l0417CGA2uvRvz3URAOp4L_LVso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/sVT6ylubpnSl9Wo3Q1UIodxgUTA.roa
Signing time:             Wed 10 Jun 2026 11:34:11 +0000
ROA not before:           Wed 10 Jun 2026 11:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52025
IP address blocks:        194.39.242.0/24 maxlen: 24
                          2a0c:dd00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/l0417CGA2uvRvz3URAOp4L_LVso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/l0417CGA2uvRvz3URAOp4L_LVso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l0417CGA2uvRvz3URAOp4L_LVso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:4f:b5:82:f8:c2:60:0e:b2:09:26:c1:ea:03:f1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=974e35ec2180daebd1bf3dd44403a9e0bfcb56ca
        Validity
            Not Before: Jun 10 11:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b154faca5b9ba674a5f56a37435508a1dc605130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ca:cf:b5:63:6a:ed:1a:f7:4d:60:d8:ed:33:
                    89:7d:3b:5a:ff:8e:be:4c:53:49:9a:4e:4b:f0:cc:
                    e6:f3:de:4e:3b:94:36:7e:2b:87:3f:f7:1c:64:1b:
                    b0:9d:3b:20:81:65:02:7d:aa:58:95:a6:ff:b5:57:
                    8c:31:79:2b:8a:da:f4:25:6b:8d:9b:89:c8:ab:c9:
                    15:e2:43:c5:1e:da:45:a5:08:9c:f7:54:0b:c8:50:
                    78:8f:13:61:91:1b:07:e8:08:7c:a1:05:80:24:0f:
                    b8:28:79:88:84:12:f3:fe:a3:75:ad:e9:05:bb:92:
                    fa:d8:25:36:a1:5e:19:98:da:d8:18:41:50:6a:f5:
                    cf:5c:6f:b7:33:d0:33:69:c9:2b:43:07:8d:f6:5f:
                    99:a6:e9:45:82:1f:07:2c:cc:8d:33:cf:fe:d3:75:
                    c8:e6:8b:aa:da:ef:f8:0a:c0:7b:c9:30:e4:49:60:
                    a9:f8:db:c8:af:e1:99:9c:98:32:fd:e6:3a:9a:38:
                    14:0d:99:a3:28:b5:54:7a:02:e6:e9:34:89:b3:07:
                    4a:48:a4:25:68:bc:5b:7e:92:13:fc:8d:d2:a0:2d:
                    77:03:1d:10:bc:34:4a:9d:62:0c:c0:57:71:1e:d5:
                    47:41:91:c0:17:2d:86:f6:32:30:bd:99:ac:67:b9:
                    23:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:54:FA:CA:5B:9B:A6:74:A5:F5:6A:37:43:55:08:A1:DC:60:51:30
            X509v3 Authority Key Identifier:
                keyid:97:4E:35:EC:21:80:DA:EB:D1:BF:3D:D4:44:03:A9:E0:BF:CB:56:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l0417CGA2uvRvz3URAOp4L_LVso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/sVT6ylubpnSl9Wo3Q1UIodxgUTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/df4a0a-c33d-4e0e-b15e-cdf4c6b424e1/1/l0417CGA2uvRvz3URAOp4L_LVso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.242.0/24
                IPv6:
                  2a0c:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:40:79:21:e2:94:28:34:cc:10:3a:c8:be:35:9e:02:a9:26:
         51:37:10:82:0a:81:1d:8d:66:e3:ee:94:28:31:72:4c:13:9e:
         e6:fd:44:b9:96:a0:e8:0a:2d:41:fb:0a:02:52:90:32:47:81:
         fe:29:15:18:8f:c7:17:87:a3:60:33:66:a1:e4:ec:dc:e3:c0:
         d8:a9:f7:06:d6:80:1e:06:7e:b7:b8:2c:a4:f4:6f:20:2f:b3:
         91:68:c8:71:fe:7f:10:33:0a:78:36:9b:8f:6f:10:b4:86:89:
         83:3e:80:f4:fb:07:83:2c:d1:21:57:6e:95:54:c8:30:96:ce:
         6e:8f:c4:51:0b:78:97:2e:79:2d:b2:81:be:59:6e:44:6c:d0:
         7c:80:fa:d3:e9:c0:63:a2:2b:b2:52:09:26:83:58:43:ac:32:
         c6:3a:75:29:c8:fa:a6:3b:e2:a8:96:b8:99:52:62:35:df:25:
         2e:e7:0d:65:8a:99:5c:04:ce:f6:58:6c:fe:d0:23:1a:f7:6e:
         0e:41:87:8a:f5:f1:a3:02:df:01:3a:f8:d3:63:c5:38:cf:55:
         01:d8:1c:ce:12:2e:75:a0:0c:6f:03:1f:95:a5:ba:3c:41:f3:
         df:bf:87:8d:cb:e1:4a:d8:49:90:51:43:c4:39:61:db:e0:c2:
         ff:f4:a1:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6xT7WC+MJgDrIJJsHqA/EXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NGUzNWVjMjE4MGRhZWJkMWJmM2RkNDQ0MDNhOWUwYmZj
YjU2Y2EwHhcNMjYwNjEwMTEzNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU0ZmFjYTViOWJhNjc0YTVmNTZhMzc0MzU1MDhhMWRjNjA1MTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMrPtWNq7Rr3TWDY7TOJfTta/46+
TFNJmk5L8Mzm895OO5Q2fiuHP/ccZBuwnTsggWUCfapYlab/tVeMMXkritr0JWuN
m4nIq8kV4kPFHtpFpQic91QLyFB4jxNhkRsH6Ah8oQWAJA+4KHmIhBLz/qN1rekF
u5L62CU2oV4ZmNrYGEFQavXPXG+3M9AzackrQweN9l+ZpulFgh8HLMyNM8/+03XI
5ouq2u/4CsB7yTDkSWCp+NvIr+GZnJgy/eY6mjgUDZmjKLVUegLm6TSJswdKSKQl
aLxbfpIT/I3SoC13Ax0QvDRKnWIMwFdxHtVHQZHAFy2G9jIwvZmsZ7kjvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLFU+spbm6Z0pfVqN0NVCKHcYFEwMB8GA1UdIwQY
MBaAFJdONewhgNrr0b891EQDqeC/y1bKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDA0MTdDR0EydXZSdnozVVJBT3A0TF9MVnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kZjRhMGEtYzMzZC00ZTBlLWIxNWUt
Y2RmNGM2YjQyNGUxLzEvc1ZUNnlsdWJwblNsOVdvM1ExVUlvZHhnVVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kZjRhMGEtYzMzZC00ZTBlLWIxNWUtY2RmNGM2YjQyNGUx
LzEvbDA0MTdDR0EydXZSdnozVVJBT3A0TF9MVnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwifyMA0E
AgACMAcDBQMqDN0AMA0GCSqGSIb3DQEBCwUAA4IBAQCwQHkh4pQoNMwQOsi+NZ4C
qSZRNxCCCoEdjWbj7pQoMXJME57m/US5lqDoCi1B+woCUpAyR4H+KRUYj8cXh6Ng
M2ah5Ozc48DYqfcG1oAeBn63uCyk9G8gL7ORaMhx/n8QMwp4NpuPbxC0homDPoD0
+weDLNEhV26VVMgwls5uj8RRC3iXLnktsoG+WW5EbNB8gPrT6cBjoiuyUgkmg1hD
rDLGOnUpyPqmO+KolriZUmI13yUu5w1liplcBM72WGz+0CMa924OQYeK9fGjAt8B
OvjTY8U4z1UB2BzOEi51oAxvAx+Vpbo8QfPfv4eNy+FK2EmQUUPEOWHb4ML/9KFA
-----END CERTIFICATE-----