Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/orlkrCk7j2kN4JQTtPHQBI1ppv4.roa
File:                     orlkrCk7j2kN4JQTtPHQBI1ppv4.roa (raw, json)
Hash identifier:          pQvVge5sNbnnNmBAtn1qIeqUW7d2G6GN1mxMDVjqXnY=
Subject key identifier:   A2:B9:64:AC:29:3B:8F:69:0D:E0:94:13:B4:F1:D0:04:8D:69:A6:FE
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019DE93FDA278619E01066F40EAE9642864C
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/orlkrCk7j2kN4JQTtPHQBI1ppv4.roa
Signing time:             Sat 02 May 2026 15:12:49 +0000
ROA not before:           Sat 02 May 2026 15:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        194.36.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e9:3f:da:27:86:19:e0:10:66:f4:0e:ae:96:42:86:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: May  2 15:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2b964ac293b8f690de09413b4f1d0048d69a6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fe:8c:b7:03:eb:42:7c:29:39:69:27:2c:32:
                    0a:c4:79:15:38:af:97:8c:1d:79:ad:32:67:66:52:
                    cb:5e:59:f5:04:c2:9d:8a:4d:5b:29:ff:46:80:db:
                    9b:b4:7f:c0:c6:57:be:73:b8:b0:f0:fc:6d:99:46:
                    a2:d6:fc:89:87:60:0a:57:9d:47:6e:89:a0:bc:e3:
                    15:11:e0:2b:ff:f7:94:6b:22:36:9e:00:78:2d:97:
                    3c:d0:3f:01:b3:62:6b:39:cb:f9:e6:07:56:d5:c8:
                    5b:d8:01:93:20:64:59:20:53:6b:06:05:af:a8:52:
                    91:47:64:df:55:f1:38:f4:16:6f:d2:b7:a6:a2:68:
                    04:19:32:3d:c0:19:d3:54:aa:2a:8a:e3:97:eb:b3:
                    af:9d:5e:38:a9:94:7a:9d:f0:87:0b:ca:84:21:a9:
                    d1:ee:1f:78:57:4b:0a:f4:9a:6a:08:e7:3e:06:f5:
                    c7:da:ea:a7:ec:e3:b7:1f:9f:ee:7b:e3:6e:1b:bc:
                    29:3a:fe:11:2b:47:99:f3:21:e4:29:17:12:a2:5e:
                    b0:19:66:9e:3e:cc:fc:c4:bd:13:14:34:bf:9a:a8:
                    12:34:07:90:55:ab:f1:53:a3:5d:ce:0b:bf:1c:1a:
                    fb:be:2a:9a:5d:80:0b:a3:4a:f7:7a:66:86:df:f7:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B9:64:AC:29:3B:8F:69:0D:E0:94:13:B4:F1:D0:04:8D:69:A6:FE
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/orlkrCk7j2kN4JQTtPHQBI1ppv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:bd:1a:5b:e3:81:ca:8c:c9:f8:e2:ae:9b:aa:d5:f8:aa:cc:
         01:f5:b8:83:8c:e2:be:9b:e8:65:8b:05:cf:85:16:97:76:a9:
         eb:4b:9a:09:c7:53:fa:df:4e:f2:81:bf:3d:b8:e5:1f:c8:09:
         c4:d4:0d:b5:e6:04:69:26:de:b2:48:10:e5:72:32:c6:ef:85:
         fc:c7:93:e4:cf:a2:7d:75:ee:39:5d:10:70:d7:fa:5b:ac:29:
         66:2a:b4:ae:37:67:1a:43:ca:c9:a5:e9:c5:40:ac:31:67:5f:
         a4:dd:24:54:f9:09:7d:52:10:23:1b:f1:d8:35:21:74:da:c7:
         1e:29:f5:0e:a2:25:29:e7:63:7a:7b:48:4c:78:47:e6:7a:3c:
         80:44:c4:aa:b3:06:05:87:32:c4:f3:11:39:08:06:95:1f:0a:
         28:99:6f:f2:5a:e5:c2:01:4a:78:4f:f9:21:74:3f:d9:2a:45:
         58:99:07:60:b3:18:51:8d:4d:d6:34:22:ad:3b:e4:64:0f:73:
         ec:54:69:a7:ba:93:ad:09:43:a8:ff:ec:e2:12:e6:b8:c6:44:
         6f:ab:7f:20:b3:80:1f:a0:b2:4b:34:fd:1d:da:66:46:8a:e8:
         7e:5d:26:f6:7c:36:7e:ac:86:4c:70:f1:85:2c:46:87:fa:d3:
         19:8d:9f:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3pP9onhhngEGb0Dq6WQoZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjYwNTAyMTUxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmI5NjRhYzI5M2I4ZjY5MGRlMDk0MTNiNGYxZDAwNDhkNjlhNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP6MtwPrQnwpOWknLDIKxHkVOK+X
jB15rTJnZlLLXln1BMKdik1bKf9GgNubtH/Axle+c7iw8PxtmUai1vyJh2AKV51H
bomgvOMVEeAr//eUayI2ngB4LZc80D8Bs2JrOcv55gdW1chb2AGTIGRZIFNrBgWv
qFKRR2TfVfE49BZv0remomgEGTI9wBnTVKoqiuOX67OvnV44qZR6nfCHC8qEIanR
7h94V0sK9JpqCOc+BvXH2uqn7OO3H5/ue+NuG7wpOv4RK0eZ8yHkKRcSol6wGWae
Psz8xL0TFDS/mqgSNAeQVavxU6Ndzgu/HBr7viqaXYALo0r3emaG3/e6bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKK5ZKwpO49pDeCUE7Tx0ASNaab+MB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvb3Jsa3JDazdqMmtONEpRVHRQSFFCSTFwcHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSuMA0G
CSqGSIb3DQEBCwUAA4IBAQAnvRpb44HKjMn44q6bqtX4qswB9biDjOK+m+hliwXP
hRaXdqnrS5oJx1P6307ygb89uOUfyAnE1A215gRpJt6ySBDlcjLG74X8x5Pkz6J9
de45XRBw1/pbrClmKrSuN2caQ8rJpenFQKwxZ1+k3SRU+Ql9UhAjG/HYNSF02sce
KfUOoiUp52N6e0hMeEfmejyARMSqswYFhzLE8xE5CAaVHwoomW/yWuXCAUp4T/kh
dD/ZKkVYmQdgsxhRjU3WNCKtO+RkD3PsVGmnupOtCUOo/+ziEua4xkRvq38gs4Af
oLJLNP0d2mZGiuh+XSb2fDZ+rIZMcPGFLEaH+tMZjZ9B
-----END CERTIFICATE-----