Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Q5C92tE2t37UtBMqw-zHumbPgxQ.roa
File:                     Q5C92tE2t37UtBMqw-zHumbPgxQ.roa (raw, json)
Hash identifier:          tly3KYH+a59AiCAVIEHbNYFLpCPBaZXHr2/DBwumJlc=
Subject key identifier:   43:90:BD:DA:D1:36:B7:7E:D4:B4:13:2A:C3:EC:C7:BA:66:CF:83:14
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019DE96738F2B9E007CF296E9EA58F1482BF
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Q5C92tE2t37UtBMqw-zHumbPgxQ.roa
Signing time:             Sat 02 May 2026 15:55:49 +0000
ROA not before:           Sat 02 May 2026 15:55:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60542
IP address blocks:        45.139.9.0/24 maxlen: 24
                          185.105.238.0/24 maxlen: 24
                          194.180.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e9:67:38:f2:b9:e0:07:cf:29:6e:9e:a5:8f:14:82:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: May  2 15:55:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4390bddad136b77ed4b4132ac3ecc7ba66cf8314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7a:30:d2:89:b5:a6:aa:e8:66:47:69:1c:9c:
                    c8:6a:c0:aa:af:ce:4d:bf:47:86:3a:64:7d:a0:b6:
                    d3:9c:91:c4:ec:2f:ea:f5:90:05:91:91:32:40:bf:
                    6d:7d:cd:bc:21:b6:66:1f:79:e9:6b:d3:41:a9:9b:
                    a0:67:9f:b0:e2:f4:54:3c:74:da:46:0b:83:ea:a7:
                    71:ef:c1:de:3c:b7:e6:54:ee:05:6e:62:e9:44:1c:
                    b5:af:66:bb:f7:aa:cf:02:99:a3:b0:e2:ba:5e:d0:
                    18:b0:36:7b:df:be:b6:c0:32:9d:68:79:0f:a0:49:
                    f6:3a:20:48:cc:d9:50:97:b1:7b:2a:a4:1a:1b:ba:
                    83:7d:5e:1b:1a:71:81:ce:40:4e:ab:fe:57:c4:5f:
                    3b:d5:fa:93:27:35:aa:7b:f7:70:9e:7f:d6:14:d3:
                    83:77:18:07:86:13:cb:11:ae:90:7c:dc:b9:29:c0:
                    d9:d5:d6:96:c4:f7:9f:69:00:e1:bd:08:be:bc:98:
                    23:1d:aa:e0:ec:93:6a:3c:8a:f8:46:a6:6e:4a:67:
                    d9:ab:b5:a0:5c:27:38:b6:61:0c:89:de:d9:5f:6d:
                    47:39:6f:e0:69:52:0c:f7:7d:19:00:c6:ef:d5:76:
                    91:83:e5:9f:9b:b0:c5:a3:21:a0:19:40:57:61:99:
                    b7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:90:BD:DA:D1:36:B7:7E:D4:B4:13:2A:C3:EC:C7:BA:66:CF:83:14
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Q5C92tE2t37UtBMqw-zHumbPgxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.9.0/24
                  185.105.238.0/24
                  194.180.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:26:e6:8f:ab:b3:3c:03:55:06:56:0c:be:dd:63:53:29:f9:
         47:d7:7d:b1:b3:5c:57:4c:30:ea:f8:2a:56:89:89:57:d8:24:
         3a:c1:1f:1e:aa:20:a7:71:dd:6e:41:8a:5d:73:9e:72:cd:e4:
         c9:69:8b:98:c6:cd:68:e9:4b:c4:3d:4d:e1:c2:35:bb:68:6e:
         50:55:f8:05:32:c5:6d:81:17:f7:07:9a:28:0c:6a:6b:e4:d2:
         55:9c:78:19:7a:1f:ab:02:fa:cb:87:cc:ed:29:d7:83:3b:ff:
         e4:90:d6:eb:67:63:77:87:17:c5:7a:4e:00:72:28:2b:5c:b4:
         b6:4c:da:be:59:17:fe:12:23:ea:16:5b:93:c5:ca:05:14:5e:
         93:fa:ad:81:0d:e7:82:59:8a:56:64:d2:ea:27:21:eb:26:7c:
         fd:62:ee:84:13:96:ce:d9:07:ac:66:1f:36:a8:9a:b3:eb:8d:
         31:eb:bf:a3:a8:87:41:4f:47:b2:01:a5:5b:37:b4:65:e8:ab:
         f1:95:32:b6:30:6f:10:fa:92:cd:ad:3c:8a:d6:ca:2f:4e:59:
         bd:c9:1f:04:51:a1:fe:e8:fb:30:cb:9a:82:36:e8:f8:7a:a8:
         62:a2:cf:c7:84:d0:e5:6b:61:6c:88:ac:18:29:83:7b:9b:15:
         20:f2:d6:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3pZzjyueAHzylunqWPFIK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjYwNTAyMTU1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkwYmRkYWQxMzZiNzdlZDRiNDEzMmFjM2VjYzdiYTY2Y2Y4MzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnow0om1pqroZkdpHJzIasCqr85N
v0eGOmR9oLbTnJHE7C/q9ZAFkZEyQL9tfc28IbZmH3npa9NBqZugZ5+w4vRUPHTa
RguD6qdx78HePLfmVO4FbmLpRBy1r2a796rPApmjsOK6XtAYsDZ73762wDKdaHkP
oEn2OiBIzNlQl7F7KqQaG7qDfV4bGnGBzkBOq/5XxF871fqTJzWqe/dwnn/WFNOD
dxgHhhPLEa6QfNy5KcDZ1daWxPefaQDhvQi+vJgjHarg7JNqPIr4RqZuSmfZq7Wg
XCc4tmEMid7ZX21HOW/gaVIM930ZAMbv1XaRg+Wfm7DFoyGgGUBXYZm3CwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEOQvdrRNrd+1LQTKsPsx7pmz4MUMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvUTVDOTJ0RTJ0MzdVdEJNcXctekh1bWJQZ3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYsJAwQA
uWnuAwQAwrTRMA0GCSqGSIb3DQEBCwUAA4IBAQA8JuaPq7M8A1UGVgy+3WNTKflH
132xs1xXTDDq+CpWiYlX2CQ6wR8eqiCncd1uQYpdc55yzeTJaYuYxs1o6UvEPU3h
wjW7aG5QVfgFMsVtgRf3B5ooDGpr5NJVnHgZeh+rAvrLh8ztKdeDO//kkNbrZ2N3
hxfFek4AcigrXLS2TNq+WRf+EiPqFluTxcoFFF6T+q2BDeeCWYpWZNLqJyHrJnz9
Yu6EE5bO2QesZh82qJqz640x67+jqIdBT0eyAaVbN7Rl6KvxlTK2MG8Q+pLNrTyK
1sovTlm9yR8EUaH+6Pswy5qCNuj4eqhios/HhNDla2FsiKwYKYN7mxUg8ta7
-----END CERTIFICATE-----