Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/6ontWII5WMer-NC2JkFZC94eMPo.roa
File:                     6ontWII5WMer-NC2JkFZC94eMPo.roa (raw, json)
Hash identifier:          ikc5sMI2WQkSDX/3GmIBdgUqzy3XSw6lVBzfeyAHG84=
Subject key identifier:   EA:89:ED:58:82:39:58:C7:AB:F8:D0:B6:26:41:59:0B:DE:1E:30:FA
Certificate issuer:       /CN=0092e74582531aaafee88b9c72e8c29e454d0659
Certificate serial:       019E4E524BD11581F2760CF625A9520AFDBE
Authority key identifier: 00:92:E7:45:82:53:1A:AA:FE:E8:8B:9C:72:E8:C2:9E:45:4D:06:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/6ontWII5WMer-NC2JkFZC94eMPo.roa
Signing time:             Fri 22 May 2026 06:14:36 +0000
ROA not before:           Fri 22 May 2026 06:14:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3949
IP address blocks:        193.28.144.0/24 maxlen: 24
                          193.28.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:52:4b:d1:15:81:f2:76:0c:f6:25:a9:52:0a:fd:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0092e74582531aaafee88b9c72e8c29e454d0659
        Validity
            Not Before: May 22 06:14:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea89ed58823958c7abf8d0b62641590bde1e30fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:af:66:56:d9:fc:0c:08:d3:38:64:58:31:da:
                    92:be:52:c6:b2:ac:c8:91:9d:84:dd:fb:65:e0:a7:
                    3d:6d:b4:9f:b7:eb:a9:59:29:85:f5:12:09:5a:20:
                    66:4c:1d:d8:60:7c:62:c0:0f:d0:73:a1:f7:9c:b5:
                    15:73:46:65:20:e6:87:de:18:34:90:9a:9d:22:ab:
                    ef:16:58:61:0c:e3:b6:ff:be:77:ef:13:d9:1c:1e:
                    92:d3:25:cb:36:4a:b5:08:da:41:6e:18:14:04:07:
                    ac:b0:dd:4c:48:35:6e:2b:4b:8f:97:d5:17:d0:72:
                    fe:16:fd:c2:1a:45:57:2b:39:b1:02:b4:90:9a:98:
                    e4:c3:3c:97:99:cf:06:19:2b:27:91:06:c7:cb:7b:
                    88:44:6b:84:92:23:e4:6c:6a:bc:98:8e:78:94:f4:
                    33:80:43:96:f3:b2:83:0e:b0:e3:11:47:6e:48:47:
                    f8:61:5c:ba:d3:6a:ce:24:4b:23:63:c6:ba:5b:0b:
                    bc:ac:e8:1c:71:09:9a:27:8a:63:46:53:cf:fa:8d:
                    fa:9d:09:b3:13:be:59:eb:0d:58:24:52:b2:f7:9a:
                    0a:cf:8b:aa:bc:25:49:d3:3d:8a:e0:42:ff:84:2f:
                    71:35:2f:24:be:84:4f:01:d0:ea:00:c2:32:b6:1d:
                    be:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:89:ED:58:82:39:58:C7:AB:F8:D0:B6:26:41:59:0B:DE:1E:30:FA
            X509v3 Authority Key Identifier:
                keyid:00:92:E7:45:82:53:1A:AA:FE:E8:8B:9C:72:E8:C2:9E:45:4D:06:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/6ontWII5WMer-NC2JkFZC94eMPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.144.0/24
                  193.28.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3b:02:a3:86:6d:98:fc:95:97:eb:48:c4:62:73:cd:c5:8c:
         d2:56:80:f4:28:b8:4d:16:c1:c6:ca:f4:87:7c:6f:76:54:ae:
         7e:de:b7:ba:f6:0a:1e:eb:dd:9d:c6:bd:fb:6d:92:93:a3:f0:
         87:e8:22:4f:47:71:6e:04:0a:b9:09:dd:af:ce:0d:95:7d:49:
         c1:54:92:86:05:77:b1:e1:28:53:32:49:b7:6f:9d:a7:9d:0c:
         b6:78:67:4c:e7:ea:fc:ab:83:7c:bb:01:36:d5:51:a2:e9:d5:
         c6:19:8a:05:94:b4:a8:1b:aa:db:28:89:ff:62:b3:c5:47:e6:
         9b:48:40:52:3a:f4:11:67:ce:d4:2e:96:0a:70:6e:21:8e:0d:
         3b:c1:cb:7d:99:8f:f7:c7:58:97:f3:92:ce:b1:76:6b:c9:8f:
         44:c1:fa:6f:07:58:4d:f3:4b:53:70:ea:21:a0:86:9d:3b:2f:
         13:38:17:d0:91:a2:b2:b5:61:63:0f:32:cb:9a:94:25:b9:45:
         41:3b:b9:be:e8:06:4c:96:e9:8c:60:9b:5c:d1:b1:60:e2:45:
         15:9f:d9:08:a2:48:56:c9:c7:3b:3e:2c:bc:82:80:c0:a6:3f:
         c5:64:c2:d8:3e:d1:9d:b5:7b:7a:52:c9:59:58:75:af:aa:89:
         8a:de:a3:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5OUkvRFYHydgz2JalSCv2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOTJlNzQ1ODI1MzFhYWFmZWU4OGI5YzcyZThjMjllNDU0
ZDA2NTkwHhcNMjYwNTIyMDYxNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg5ZWQ1ODgyMzk1OGM3YWJmOGQwYjYyNjQxNTkwYmRlMWUzMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq9mVtn8DAjTOGRYMdqSvlLGsqzI
kZ2E3ftl4Kc9bbSft+upWSmF9RIJWiBmTB3YYHxiwA/Qc6H3nLUVc0ZlIOaH3hg0
kJqdIqvvFlhhDOO2/7537xPZHB6S0yXLNkq1CNpBbhgUBAessN1MSDVuK0uPl9UX
0HL+Fv3CGkVXKzmxArSQmpjkwzyXmc8GGSsnkQbHy3uIRGuEkiPkbGq8mI54lPQz
gEOW87KDDrDjEUduSEf4YVy602rOJEsjY8a6Wwu8rOgccQmaJ4pjRlPP+o36nQmz
E75Z6w1YJFKy95oKz4uqvCVJ0z2K4EL/hC9xNS8kvoRPAdDqAMIyth2+bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqJ7ViCOVjHq/jQtiZBWQveHjD6MB8GA1UdIwQY
MBaAFACS50WCUxqq/uiLnHLowp5FTQZZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpMblJZSlRHcXItNkl1Y2N1akNua1ZOQmxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83NTkxNDMtZDliZC00NmU0LTg4NjUt
OGUxZGE1MTQyYzcyLzEvNm9udFdJSTVXTWVyLU5DMkprRlpDOTRlTVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83NTkxNDMtZDliZC00NmU0LTg4NjUtOGUxZGE1MTQyYzcy
LzEvQUpMblJZSlRHcXItNkl1Y2N1akNua1ZOQmxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRyQAwQA
wRyUMA0GCSqGSIb3DQEBCwUAA4IBAQBaOwKjhm2Y/JWX60jEYnPNxYzSVoD0KLhN
FsHGyvSHfG92VK5+3re69goe692dxr37bZKTo/CH6CJPR3FuBAq5Cd2vzg2VfUnB
VJKGBXex4ShTMkm3b52nnQy2eGdM5+r8q4N8uwE21VGi6dXGGYoFlLSoG6rbKIn/
YrPFR+abSEBSOvQRZ87ULpYKcG4hjg07wct9mY/3x1iX85LOsXZryY9EwfpvB1hN
80tTcOohoIadOy8TOBfQkaKytWFjDzLLmpQluUVBO7m+6AZMlumMYJtc0bFg4kUV
n9kIokhWycc7Piy8goDApj/FZMLYPtGdtXt6UslZWHWvqomK3qOJ
-----END CERTIFICATE-----