Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/oKVovXTv2aNAyZu9y-AHgX6RbJ8.roa
File:                     oKVovXTv2aNAyZu9y-AHgX6RbJ8.roa (raw, json)
Hash identifier:          UsgdfjEOvyD+5ioDpDRHljoPckkLzWdsqZQnU51Gug0=
Subject key identifier:   A0:A5:68:BD:74:EF:D9:A3:40:C9:9B:BD:CB:E0:07:81:7E:91:6C:9F
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019DFF4BFCCDBBF59171D6976DABAC83BC1F
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/oKVovXTv2aNAyZu9y-AHgX6RbJ8.roa
Signing time:             Wed 06 May 2026 21:57:43 +0000
ROA not before:           Wed 06 May 2026 21:57:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        185.174.22.0/24 maxlen: 24
                          185.174.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ff:4b:fc:cd:bb:f5:91:71:d6:97:6d:ab:ac:83:bc:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: May  6 21:57:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0a568bd74efd9a340c99bbdcbe007817e916c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:69:6b:52:a6:15:55:22:f1:30:09:73:52:3a:
                    4f:aa:f1:ae:57:cf:5b:4d:8c:e5:7b:ab:93:dc:7d:
                    03:c4:0a:3a:49:52:5e:72:36:d2:29:5e:85:ff:3c:
                    99:65:58:6f:04:8d:52:01:c4:2f:b5:8f:b7:3e:38:
                    62:11:a7:72:4c:e5:8e:4e:12:0d:2f:30:de:2f:82:
                    e4:93:e6:fb:a6:a1:51:21:ab:92:bb:73:52:43:6b:
                    ce:dd:c1:de:46:86:65:a2:73:7e:e1:28:03:31:53:
                    1c:92:27:62:63:f8:9a:63:4c:22:53:e0:81:4a:1c:
                    66:de:2c:ae:e5:e3:aa:d5:d6:17:7d:81:5d:0d:e2:
                    fe:da:ca:ac:06:01:fa:db:60:70:10:63:07:5b:bd:
                    f0:4f:8e:3f:bc:ec:a5:0d:75:9a:b0:27:de:b0:43:
                    00:fe:9a:1f:ff:f4:d6:87:5d:ec:5d:e2:35:56:24:
                    7e:a0:58:3e:9c:75:e8:89:da:9b:d3:4a:5e:b2:54:
                    f9:25:99:d4:d4:bb:30:41:e6:da:00:11:d7:a5:78:
                    a7:d7:5c:8a:a4:71:63:a1:77:c1:0c:7a:f8:e8:92:
                    16:f7:cf:28:47:a4:19:78:54:f1:94:11:f3:57:49:
                    a5:28:c7:0f:b5:fd:c3:1b:62:ff:a5:d9:91:70:11:
                    c6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A5:68:BD:74:EF:D9:A3:40:C9:9B:BD:CB:E0:07:81:7E:91:6C:9F
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/oKVovXTv2aNAyZu9y-AHgX6RbJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:a2:72:40:d4:e4:82:9f:2b:9a:7d:a5:51:47:21:15:90:a1:
         9b:75:60:fc:50:9c:5d:88:06:26:ae:8b:af:16:12:89:86:34:
         e7:b8:be:d7:e1:57:9c:eb:ea:1d:35:16:cd:90:52:18:b3:e1:
         ab:01:d3:f5:c4:5e:d0:27:10:04:7d:d0:d6:83:15:76:33:c6:
         b6:58:c8:d2:f0:8d:3d:2a:1c:31:45:aa:5c:4c:32:38:fc:e2:
         66:5f:9d:3d:48:d9:97:c3:9a:84:75:0a:42:a1:34:f2:3f:d1:
         9a:42:1c:78:2c:0e:16:98:96:8d:75:f6:2a:ea:e2:af:de:ec:
         81:d9:36:4e:1f:59:7f:5a:43:00:04:5f:d2:76:5e:23:f4:69:
         b1:ad:86:67:cd:66:c3:21:b2:b3:58:0c:a0:db:06:16:b6:c3:
         62:e5:10:8e:62:92:11:45:60:b3:c3:4a:82:67:24:44:8c:ce:
         60:95:ac:ff:ce:4b:17:52:bd:cc:c4:c4:ce:aa:9b:74:8b:21:
         a7:3b:a4:ce:c8:79:a2:d3:a2:e4:e8:71:21:ea:9f:c2:73:c7:
         8f:32:61:85:b9:99:92:21:7a:34:23:a5:0b:52:84:b3:a6:46:
         bc:c5:27:58:23:de:78:c3:9e:9e:c6:82:cf:1f:6b:46:ff:a6:
         9e:b8:4d:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3/S/zNu/WRcdaXbausg7wfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwNTA2MjE1NzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGE1NjhiZDc0ZWZkOWEzNDBjOTliYmRjYmUwMDc4MTdlOTE2YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWlrUqYVVSLxMAlzUjpPqvGuV89b
TYzle6uT3H0DxAo6SVJecjbSKV6F/zyZZVhvBI1SAcQvtY+3PjhiEadyTOWOThIN
LzDeL4Lkk+b7pqFRIauSu3NSQ2vO3cHeRoZlonN+4SgDMVMckidiY/iaY0wiU+CB
Shxm3iyu5eOq1dYXfYFdDeL+2sqsBgH622BwEGMHW73wT44/vOylDXWasCfesEMA
/pof//TWh13sXeI1ViR+oFg+nHXoidqb00peslT5JZnU1LswQebaABHXpXin11yK
pHFjoXfBDHr46JIW988oR6QZeFTxlBHzV0mlKMcPtf3DG2L/pdmRcBHGhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKClaL1079mjQMmbvcvgB4F+kWyfMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvb0tWb3ZYVHYyYU5BeVp1OXktQUhnWDZSYko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBua4WMA0G
CSqGSIb3DQEBCwUAA4IBAQC4onJA1OSCnyuafaVRRyEVkKGbdWD8UJxdiAYmrouv
FhKJhjTnuL7X4Vec6+odNRbNkFIYs+GrAdP1xF7QJxAEfdDWgxV2M8a2WMjS8I09
KhwxRapcTDI4/OJmX509SNmXw5qEdQpCoTTyP9GaQhx4LA4WmJaNdfYq6uKv3uyB
2TZOH1l/WkMABF/Sdl4j9GmxrYZnzWbDIbKzWAyg2wYWtsNi5RCOYpIRRWCzw0qC
ZyREjM5glaz/zksXUr3MxMTOqpt0iyGnO6TOyHmi06Lk6HEh6p/Cc8ePMmGFuZmS
IXo0I6ULUoSzpka8xSdYI954w56exoLPH2tG/6aeuE0L
-----END CERTIFICATE-----