Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/ELWCm2DUfBNvitrNlID8nDgglxY.roa
File:                     ELWCm2DUfBNvitrNlID8nDgglxY.roa (raw, json)
Hash identifier:          LnMdLptOOFbRYXfj64vft/9vyKxJPRvoWdQ0OsmJPdc=
Subject key identifier:   10:B5:82:9B:60:D4:7C:13:6F:8A:DA:CD:94:80:FC:9C:38:20:97:16
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       019F1291DC8E848DB8C495D5A46D951FB545
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/ELWCm2DUfBNvitrNlID8nDgglxY.roa
Signing time:             Mon 29 Jun 2026 08:49:36 +0000
ROA not before:           Mon 29 Jun 2026 08:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20552
IP address blocks:        91.198.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 08:49:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:91:dc:8e:84:8d:b8:c4:95:d5:a4:6d:95:1f:b5:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jun 29 08:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10b5829b60d47c136f8adacd9480fc9c38209716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:82:51:d8:c1:c5:04:d5:cc:3b:3a:a0:11:
                    7b:c1:a9:76:6e:37:d4:ee:94:07:21:c5:0b:e7:84:
                    be:18:57:9a:55:ff:4d:82:01:08:0f:81:b5:63:f3:
                    11:0d:82:7a:f5:da:94:f0:58:25:3d:31:75:42:b2:
                    f1:36:58:4b:cf:4d:a1:97:d6:86:4c:04:bf:c2:3f:
                    5f:90:9d:03:36:c1:4f:4f:dc:09:54:94:b3:05:44:
                    d9:a7:49:80:9d:fa:77:3c:3a:5c:ff:41:5d:19:39:
                    94:33:c0:13:34:af:e9:d4:bb:a0:6e:7d:a2:b6:3c:
                    18:cf:80:d2:1b:f8:04:a4:c9:26:b2:4d:0a:42:2c:
                    cd:75:49:a5:31:13:62:56:1f:85:dd:ae:29:24:3c:
                    fc:2d:25:d8:50:5f:1c:77:43:cf:ee:61:5c:c3:fd:
                    d1:c9:32:ab:e0:f6:33:f6:24:d1:68:1e:4b:99:66:
                    4d:d3:ad:77:0c:43:90:26:0c:6f:35:0e:03:5d:32:
                    8a:4b:f2:16:17:8f:aa:2a:fb:8d:87:3d:18:32:19:
                    9b:12:26:36:21:4c:1e:f0:78:c0:97:9b:81:2e:1a:
                    d4:f6:00:c2:82:f3:e6:10:5b:46:66:05:a8:1c:e7:
                    40:46:b5:a5:4b:bc:7f:05:0e:d0:85:18:0a:52:1c:
                    8e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B5:82:9B:60:D4:7C:13:6F:8A:DA:CD:94:80:FC:9C:38:20:97:16
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/ELWCm2DUfBNvitrNlID8nDgglxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:7b:11:b5:e3:e8:00:c9:20:e6:40:a1:0e:a9:d9:91:82:40:
         81:2c:ea:99:b4:f0:34:61:91:79:07:74:80:82:1a:22:0c:e7:
         34:bc:1d:b3:89:bc:db:72:a3:92:c8:8c:b0:09:19:d3:d7:35:
         9a:87:18:58:b5:be:96:4d:24:1c:5b:db:40:f8:c9:63:5d:07:
         9f:d2:6e:73:27:39:9b:be:69:e3:87:a9:26:07:a2:ff:ae:75:
         f9:b7:28:bd:87:a9:05:6e:93:57:8d:4d:ee:46:07:82:5e:a6:
         5a:00:90:b0:6a:23:44:75:42:c8:27:e8:41:1f:f1:f8:dc:a1:
         df:4d:e0:df:95:e7:a9:ab:52:a6:61:15:56:b2:44:de:b8:07:
         a6:ea:f6:c3:19:9f:43:12:80:88:8a:ae:4d:be:79:9c:d6:c1:
         49:75:fe:5f:54:c5:fc:24:85:46:43:cc:5f:c6:c7:92:79:72:
         26:43:1d:a9:15:8d:88:f5:0b:d1:e2:12:0a:16:0d:08:b0:7d:
         95:68:22:c0:18:06:b4:10:fa:06:5d:60:a1:d6:d1:b8:2e:22:
         db:bb:a6:ac:8d:bc:6a:cb:98:59:0e:85:38:d0:ef:0a:c2:b9:
         63:63:9e:af:f1:ab:4a:ad:0b:d4:a9:a3:01:27:3f:71:22:14:
         2c:00:5d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8SkdyOhI24xJXVpG2VH7VFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjYwNjI5MDg0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGI1ODI5YjYwZDQ3YzEzNmY4YWRhY2Q5NDgwZmM5YzM4MjA5NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzOCUdjBxQTVzDs6oBF7wal2bjfU
7pQHIcUL54S+GFeaVf9NggEID4G1Y/MRDYJ69dqU8FglPTF1QrLxNlhLz02hl9aG
TAS/wj9fkJ0DNsFPT9wJVJSzBUTZp0mAnfp3PDpc/0FdGTmUM8ATNK/p1Lugbn2i
tjwYz4DSG/gEpMkmsk0KQizNdUmlMRNiVh+F3a4pJDz8LSXYUF8cd0PP7mFcw/3R
yTKr4PYz9iTRaB5LmWZN0613DEOQJgxvNQ4DXTKKS/IWF4+qKvuNhz0YMhmbEiY2
IUwe8HjAl5uBLhrU9gDCgvPmEFtGZgWoHOdARrWlS7x/BQ7QhRgKUhyO2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBC1gptg1HwTb4razZSA/Jw4IJcWMB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvRUxXQ20yRFVmQk52aXRyTmxJRDhuRGdnbHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8YcMA0G
CSqGSIb3DQEBCwUAA4IBAQA8exG14+gAySDmQKEOqdmRgkCBLOqZtPA0YZF5B3SA
ghoiDOc0vB2zibzbcqOSyIywCRnT1zWahxhYtb6WTSQcW9tA+MljXQef0m5zJzmb
vmnjh6kmB6L/rnX5tyi9h6kFbpNXjU3uRgeCXqZaAJCwaiNEdULIJ+hBH/H43KHf
TeDfleepq1KmYRVWskTeuAem6vbDGZ9DEoCIiq5Nvnmc1sFJdf5fVMX8JIVGQ8xf
xseSeXImQx2pFY2I9QvR4hIKFg0IsH2VaCLAGAa0EPoGXWCh1tG4LiLbu6asjbxq
y5hZDoU40O8KwrljY56v8atKrQvUqaMBJz9xIhQsAF1M
-----END CERTIFICATE-----