Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/JYwSyuAchjIXKqx-0j7gKo4P2VU.roa
File:                     JYwSyuAchjIXKqx-0j7gKo4P2VU.roa (raw, json)
Hash identifier:          Ont+m3ZNydrhvmwI0GsT3aYVRki6QYVMqq1ZQxnAm0g=
Subject key identifier:   25:8C:12:CA:E0:1C:86:32:17:2A:AC:7E:D2:3E:E0:2A:8E:0F:D9:55
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       019E023845C1BA2FFFDBA4289C9FD7D8B9B8
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/JYwSyuAchjIXKqx-0j7gKo4P2VU.roa
Signing time:             Thu 07 May 2026 11:35:02 +0000
ROA not before:           Thu 07 May 2026 11:35:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20986
IP address blocks:        185.249.140.0/22 maxlen: 24
                          185.249.140.0/24 maxlen: 24
                          185.249.141.0/24 maxlen: 24
                          185.249.142.0/24 maxlen: 24
                          185.249.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:38:45:c1:ba:2f:ff:db:a4:28:9c:9f:d7:d8:b9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: May  7 11:35:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=258c12cae01c8632172aac7ed23ee02a8e0fd955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:6f:06:09:87:30:fc:34:0e:86:de:18:47:8a:
                    40:a0:34:dd:a4:75:c2:a2:f0:6f:45:10:60:0b:34:
                    02:bc:f2:7c:bd:72:4c:be:8b:f0:6d:88:80:ef:5f:
                    ff:02:6b:a0:96:71:43:33:3c:7f:96:ce:20:88:a4:
                    a1:67:37:2e:8c:85:7e:39:eb:10:73:ff:88:8c:7f:
                    2f:29:d2:67:f5:32:65:dc:17:28:f0:11:92:81:9a:
                    14:c8:bf:4f:55:96:84:e8:50:90:6e:77:55:1a:3a:
                    74:f2:e2:91:f5:28:cf:2d:20:3a:bf:b5:fb:c7:3b:
                    73:66:dd:dd:8e:3b:41:8b:22:94:be:4e:2c:67:0e:
                    19:ff:bb:ea:51:80:89:21:27:09:e5:73:f9:99:ce:
                    08:48:5a:b0:2b:15:5d:8b:6f:9e:29:bf:54:b3:74:
                    6b:35:80:9e:43:2f:b0:f6:63:f7:78:d6:dc:e0:c5:
                    c3:e0:a2:01:6a:49:9e:92:0b:d2:c2:a1:06:ad:b9:
                    e9:f5:97:5b:1c:9e:bc:62:ab:e2:3a:f2:8d:fb:8a:
                    65:2d:33:8a:bc:b1:e8:95:0e:c9:3b:ed:b3:a2:e7:
                    30:a5:db:bf:a1:10:ae:eb:6b:27:e6:86:b2:88:cd:
                    ef:11:43:92:13:f2:17:a6:df:0f:7d:f2:89:cd:23:
                    13:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:8C:12:CA:E0:1C:86:32:17:2A:AC:7E:D2:3E:E0:2A:8E:0F:D9:55
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/JYwSyuAchjIXKqx-0j7gKo4P2VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:41:3c:44:6d:16:33:2f:59:23:92:ec:69:d4:ff:92:f1:7f:
         4e:d2:66:b1:be:55:96:3b:aa:ca:f1:17:53:9c:4e:0b:f7:7a:
         40:94:25:6d:75:d0:3e:05:94:0f:74:6d:0d:2b:c2:57:ef:c2:
         a5:c1:6a:e6:95:96:4e:27:b8:8a:4e:ac:9f:f4:9e:87:f8:54:
         cc:fd:4b:53:f5:e5:fd:81:05:39:40:ff:47:ef:2b:12:10:aa:
         1d:13:65:cc:d7:a3:38:15:72:54:40:ee:fe:8f:94:ad:0b:da:
         c6:9c:08:83:e4:2b:b6:ab:13:2c:e6:77:b2:ae:b7:8e:c3:93:
         34:6e:43:1d:b5:ae:cd:8d:79:21:66:d4:d1:33:67:b5:7b:b3:
         45:cf:ae:43:ad:d0:4b:6e:f0:93:f0:10:e0:20:1d:0e:7b:21:
         6c:fc:b7:15:aa:11:ec:ca:ee:2e:8a:f3:ef:ef:b8:ef:fb:53:
         df:3a:4f:02:83:31:75:7b:4e:8f:e9:00:72:a3:d9:44:3f:11:
         62:4f:19:f0:95:d8:5d:7c:ec:69:c2:bb:90:91:44:82:30:08:
         48:2c:4c:7e:d8:6a:c1:12:2b:de:4a:f3:f8:09:aa:b8:ab:46:
         3b:13:ce:0c:bd:cc:90:3e:90:c5:b1:f5:64:dd:d8:5e:0c:e5:
         77:f6:d0:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4COEXBui//26QonJ/X2Lm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjYwNTA3MTEzNTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNThjMTJjYWUwMWM4NjMyMTcyYWFjN2VkMjNlZTAyYThlMGZkOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6W8GCYcw/DQOht4YR4pAoDTdpHXC
ovBvRRBgCzQCvPJ8vXJMvovwbYiA71//AmuglnFDMzx/ls4giKShZzcujIV+OesQ
c/+IjH8vKdJn9TJl3Bco8BGSgZoUyL9PVZaE6FCQbndVGjp08uKR9SjPLSA6v7X7
xztzZt3djjtBiyKUvk4sZw4Z/7vqUYCJIScJ5XP5mc4ISFqwKxVdi2+eKb9Us3Rr
NYCeQy+w9mP3eNbc4MXD4KIBakmekgvSwqEGrbnp9ZdbHJ68YqviOvKN+4plLTOK
vLHolQ7JO+2zoucwpdu/oRCu62sn5oayiM3vEUOSE/IXpt8PffKJzSMTwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWMEsrgHIYyFyqsftI+4CqOD9lVMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvSll3U3l1QWNoaklYS3F4LTBqN2dLbzRQMlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmMMA0G
CSqGSIb3DQEBCwUAA4IBAQB5QTxEbRYzL1kjkuxp1P+S8X9O0maxvlWWO6rK8RdT
nE4L93pAlCVtddA+BZQPdG0NK8JX78KlwWrmlZZOJ7iKTqyf9J6H+FTM/UtT9eX9
gQU5QP9H7ysSEKodE2XM16M4FXJUQO7+j5StC9rGnAiD5Cu2qxMs5neyrreOw5M0
bkMdta7NjXkhZtTRM2e1e7NFz65DrdBLbvCT8BDgIB0OeyFs/LcVqhHsyu4uivPv
77jv+1PfOk8CgzF1e06P6QByo9lEPxFiTxnwldhdfOxpwruQkUSCMAhILEx+2GrB
EiveSvP4Caq4q0Y7E84MvcyQPpDFsfVk3dheDOV39tC+
-----END CERTIFICATE-----