Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/A0zEfLP6aje6siYVgtOIFTUv-gA.roa
File:                     A0zEfLP6aje6siYVgtOIFTUv-gA.roa (raw, json)
Hash identifier:          U3yH+f7j1agPNZjyy4FkXU1kfVyaRAeAIT0ypJqPwSA=
Subject key identifier:   03:4C:C4:7C:B3:FA:6A:37:BA:B2:26:15:82:D3:88:15:35:2F:FA:00
Certificate issuer:       /CN=d6f357c54949f20b400883ed8c98d3731c3cb495
Certificate serial:       019EF571C8F118965E62BD690D8CB1443B88
Authority key identifier: D6:F3:57:C5:49:49:F2:0B:40:08:83:ED:8C:98:D3:73:1C:3C:B4:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/A0zEfLP6aje6siYVgtOIFTUv-gA.roa
Signing time:             Tue 23 Jun 2026 17:05:35 +0000
ROA not before:           Tue 23 Jun 2026 17:05:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5631
IP address blocks:        185.249.80.0/22 maxlen: 22
                          2a0c:140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 11:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f5:71:c8:f1:18:96:5e:62:bd:69:0d:8c:b1:44:3b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f357c54949f20b400883ed8c98d3731c3cb495
        Validity
            Not Before: Jun 23 17:05:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=034cc47cb3fa6a37bab2261582d38815352ffa00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:98:9a:39:8e:3d:10:ed:25:9f:a2:d3:9d:dc:
                    a6:30:01:e2:a0:0c:60:51:99:8e:be:85:b6:b7:d7:
                    06:64:11:33:99:04:c1:fa:32:77:d0:55:47:f5:98:
                    6c:5d:41:91:c4:17:14:b4:29:07:b0:23:4b:d1:74:
                    be:8a:c6:e5:e1:ac:d6:ec:d1:54:c2:b5:66:cf:30:
                    3c:85:7a:f2:af:a5:77:85:6e:04:be:73:73:9f:7a:
                    93:82:40:b6:43:68:be:c0:bd:75:07:a1:d3:64:a1:
                    8b:7c:69:8a:55:dd:d3:96:80:6d:ee:fc:e1:b9:f4:
                    ee:6c:8f:01:7b:40:74:3f:07:30:63:8a:4f:bd:c0:
                    32:28:11:c3:e5:d4:0f:cd:ae:d4:92:78:ad:c3:83:
                    57:d6:ef:68:a1:e1:df:3d:eb:d0:e5:cf:5b:78:b3:
                    3a:55:1b:ea:c6:5a:d6:65:c8:bf:9c:6c:1d:1b:04:
                    ee:d5:4c:e3:78:98:50:c2:71:18:a2:b8:f9:f0:58:
                    a7:1e:da:3b:c1:92:85:14:75:64:cc:e8:ab:70:08:
                    e0:f3:57:78:e8:c6:82:35:34:20:4a:ee:2a:8a:20:
                    c6:2a:20:34:57:61:b9:34:af:42:8c:17:e4:9c:5b:
                    20:4a:a6:5e:1f:f1:a2:68:e2:cc:ec:f2:28:3e:f4:
                    77:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4C:C4:7C:B3:FA:6A:37:BA:B2:26:15:82:D3:88:15:35:2F:FA:00
            X509v3 Authority Key Identifier:
                keyid:D6:F3:57:C5:49:49:F2:0B:40:08:83:ED:8C:98:D3:73:1C:3C:B4:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/A0zEfLP6aje6siYVgtOIFTUv-gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.80.0/22
                IPv6:
                  2a0c:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:f7:a5:35:19:05:5d:8f:f2:a8:68:89:d9:8f:f0:62:69:85:
         ad:5a:5c:bc:1b:b5:15:b5:6f:c5:0b:ad:51:96:5f:e6:81:06:
         0d:79:a4:e5:19:45:ef:88:34:df:62:a2:0e:b3:28:eb:a3:ac:
         86:f3:96:2c:84:47:ec:d5:b1:e9:d9:09:74:ff:52:5b:f8:ca:
         de:91:9c:cb:c9:fd:fa:10:af:73:23:cb:78:3e:dd:b1:86:a3:
         e9:05:7c:b9:70:14:ec:69:8d:f7:b0:57:af:09:f0:0a:8a:30:
         38:f0:39:1e:dd:c3:0d:58:4c:4b:85:01:04:ef:b1:da:73:9a:
         bf:42:1f:3d:d9:35:fa:b1:e0:b9:3d:2e:1f:0d:2b:91:a6:fc:
         40:1c:73:a6:40:a6:ff:eb:7d:eb:61:d7:19:1a:8e:9d:c0:b5:
         7a:99:6f:a3:b4:ba:1a:1a:d2:4b:de:99:76:2f:37:7b:8a:90:
         ff:9d:a1:dd:95:6f:89:4b:f9:b4:7c:c1:44:17:6e:ce:16:8c:
         fb:c8:d1:4f:e1:f6:43:78:b3:a2:2b:66:12:57:17:ab:c0:c9:
         5f:86:d2:71:f4:53:25:c8:c8:77:42:9b:16:2a:32:d6:f1:b9:
         a4:f8:cb:90:e4:0a:a2:68:c3:02:8f:f3:c2:87:c6:80:e2:ba:
         62:41:01:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ71ccjxGJZeYr1pDYyxRDuIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjM1N2M1NDk0OWYyMGI0MDA4ODNlZDhjOThkMzczMWMz
Y2I0OTUwHhcNMjYwNjIzMTcwNTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRjYzQ3Y2IzZmE2YTM3YmFiMjI2MTU4MmQzODgxNTM1MmZmYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJiaOY49EO0ln6LTndymMAHioAxg
UZmOvoW2t9cGZBEzmQTB+jJ30FVH9ZhsXUGRxBcUtCkHsCNL0XS+isbl4azW7NFU
wrVmzzA8hXryr6V3hW4EvnNzn3qTgkC2Q2i+wL11B6HTZKGLfGmKVd3TloBt7vzh
ufTubI8Be0B0PwcwY4pPvcAyKBHD5dQPza7Uknitw4NX1u9ooeHfPevQ5c9beLM6
VRvqxlrWZci/nGwdGwTu1UzjeJhQwnEYorj58FinHto7wZKFFHVkzOircAjg81d4
6MaCNTQgSu4qiiDGKiA0V2G5NK9CjBfknFsgSqZeH/GiaOLM7PIoPvR34QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFANMxHyz+mo3urImFYLTiBU1L/oAMB8GA1UdIwQY
MBaAFNbzV8VJSfILQAiD7YyY03McPLSVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZOWHhVbEo4Z3RBQ0lQdGpKalRjeHc4dEpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yODFlZGItMGQ0Mi00MDdhLWI0NTkt
MDVmMDllZjg2ZTdiLzEvQTB6RWZMUDZhamU2c2lZVmd0T0lGVFV2LWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yODFlZGItMGQ0Mi00MDdhLWI0NTktMDVmMDllZjg2ZTdi
LzEvMXZOWHhVbEo4Z3RBQ0lQdGpKalRjeHc4dEpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuflQMA0E
AgACMAcDBQMqDAFAMA0GCSqGSIb3DQEBCwUAA4IBAQBV96U1GQVdj/KoaInZj/Bi
aYWtWly8G7UVtW/FC61Rll/mgQYNeaTlGUXviDTfYqIOsyjro6yG85YshEfs1bHp
2Ql0/1Jb+MrekZzLyf36EK9zI8t4Pt2xhqPpBXy5cBTsaY33sFevCfAKijA48Dke
3cMNWExLhQEE77Hac5q/Qh892TX6seC5PS4fDSuRpvxAHHOmQKb/633rYdcZGo6d
wLV6mW+jtLoaGtJL3pl2Lzd7ipD/naHdlW+JS/m0fMFEF27OFoz7yNFP4fZDeLOi
K2YSVxerwMlfhtJx9FMlyMh3QpsWKjLW8bmk+MuQ5AqiaMMCj/PCh8aA4rpiQQE7
-----END CERTIFICATE-----