Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/sfOsjn-CrEsbuGZfo_GU02Seuc0.roa
File:                     sfOsjn-CrEsbuGZfo_GU02Seuc0.roa (raw, json)
Hash identifier:          QuCtUcV2rfjyf/avZCog8Qa9or52pG6qZ7ZDsQCk2sE=
Subject key identifier:   B1:F3:AC:8E:7F:82:AC:4B:1B:B8:66:5F:A3:F1:94:D3:64:9E:B9:CD
Certificate issuer:       /CN=4f17fe60c3aae4815ddb5bd8169ef088b0ff8800
Certificate serial:       019E16FB6D179455A977DAF627F8FACBFCC5
Authority key identifier: 4F:17:FE:60:C3:AA:E4:81:5D:DB:5B:D8:16:9E:F0:88:B0:FF:88:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Txf-YMOq5IFd21vYFp7wiLD_iAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/sfOsjn-CrEsbuGZfo_GU02Seuc0.roa
Signing time:             Mon 11 May 2026 12:20:36 +0000
ROA not before:           Mon 11 May 2026 12:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202935
IP address blocks:        176.111.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/Txf-YMOq5IFd21vYFp7wiLD_iAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/Txf-YMOq5IFd21vYFp7wiLD_iAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Txf-YMOq5IFd21vYFp7wiLD_iAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:fb:6d:17:94:55:a9:77:da:f6:27:f8:fa:cb:fc:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f17fe60c3aae4815ddb5bd8169ef088b0ff8800
        Validity
            Not Before: May 11 12:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1f3ac8e7f82ac4b1bb8665fa3f194d3649eb9cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:93:92:7d:48:e8:67:25:d2:0e:db:62:99:2b:
                    ec:75:75:b5:47:57:5d:43:80:2f:fa:e1:6c:b8:92:
                    b2:0d:cd:cb:e0:10:47:89:c3:cf:09:80:37:e3:1d:
                    66:c6:a5:1a:25:d7:b9:d5:a7:6b:58:92:d1:77:df:
                    4c:7b:6a:8f:53:94:ce:0e:97:b0:42:70:f8:43:b4:
                    a1:83:c6:aa:c2:9a:78:81:3c:1b:6b:ce:98:c8:c7:
                    82:7d:bf:24:8b:94:f4:59:f6:fa:f1:f5:45:65:1c:
                    69:ea:d6:6f:d6:3d:db:c4:fe:44:29:07:9a:6e:a0:
                    b0:07:3d:11:f8:21:33:4b:4b:68:b3:08:0a:cf:da:
                    c7:c9:42:c9:7d:fc:4d:dd:36:9f:b3:07:55:e1:dd:
                    84:02:5f:0d:6c:67:a3:65:19:97:ba:1c:04:30:d8:
                    68:89:56:b1:0a:f5:ea:f1:e6:7a:92:42:ad:1e:ad:
                    90:27:21:6b:0a:2f:43:c9:97:a8:fc:a9:8d:b8:4d:
                    3f:63:1c:df:62:ad:aa:86:ea:03:fa:e1:fd:13:b0:
                    c8:89:c5:57:c3:02:70:b9:e4:13:4c:d5:c3:24:93:
                    18:92:29:48:77:69:04:0c:b2:28:a2:25:6f:13:cc:
                    e8:30:6c:da:05:0d:c6:d1:cd:4c:84:c4:f0:4b:a0:
                    2d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F3:AC:8E:7F:82:AC:4B:1B:B8:66:5F:A3:F1:94:D3:64:9E:B9:CD
            X509v3 Authority Key Identifier:
                keyid:4F:17:FE:60:C3:AA:E4:81:5D:DB:5B:D8:16:9E:F0:88:B0:FF:88:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Txf-YMOq5IFd21vYFp7wiLD_iAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/sfOsjn-CrEsbuGZfo_GU02Seuc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c58d4-7a73-4d62-af86-26f0666590ed/1/Txf-YMOq5IFd21vYFp7wiLD_iAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:16:1b:5a:d4:7b:8c:d1:09:b1:96:3a:88:e9:d6:81:c1:14:
         6a:6b:b9:bc:ab:84:a5:18:01:bf:4c:08:57:77:4f:3a:7f:db:
         9a:31:27:8e:79:e4:08:2f:95:41:33:b9:2b:a7:e0:55:69:e9:
         d9:aa:62:e1:cb:22:6e:ab:85:8d:f6:0d:17:2d:46:ed:84:e3:
         66:c3:d9:26:24:51:11:b1:c4:7e:e1:27:5e:cf:77:ba:e3:fb:
         a2:27:97:f2:f1:be:a1:52:05:58:40:e7:4d:fc:d5:53:6b:78:
         f6:a5:9b:25:da:9a:2a:d7:bd:f0:1f:05:63:28:4b:db:f7:68:
         58:fd:fd:33:15:8b:5c:87:fc:4d:9f:da:a7:84:dc:17:47:f6:
         2e:9d:86:de:df:00:43:cd:80:b8:49:63:9f:0d:e4:27:c4:b5:
         3a:f2:1b:60:af:2a:49:1b:5d:30:d0:3b:a6:93:fb:c1:6d:c4:
         33:b2:98:5d:a3:07:c8:3b:26:15:09:30:33:ac:03:f3:f9:bd:
         e0:91:38:da:a2:d1:c7:95:54:09:db:4c:6e:81:f1:11:df:45:
         72:7e:53:ba:0c:09:8e:f0:9a:75:14:10:e9:ec:60:ae:fd:2b:
         d7:71:af:68:4c:eb:f4:7c:c1:3c:6f:30:8e:23:f0:e7:47:7e:
         c4:5d:35:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4W+20XlFWpd9r2J/j6y/zFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTdmZTYwYzNhYWU0ODE1ZGRiNWJkODE2OWVmMDg4YjBm
Zjg4MDAwHhcNMjYwNTExMTIyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYzYWM4ZTdmODJhYzRiMWJiODY2NWZhM2YxOTRkMzY0OWViOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5OSfUjoZyXSDttimSvsdXW1R1dd
Q4Av+uFsuJKyDc3L4BBHicPPCYA34x1mxqUaJde51adrWJLRd99Me2qPU5TODpew
QnD4Q7Shg8aqwpp4gTwba86YyMeCfb8ki5T0Wfb68fVFZRxp6tZv1j3bxP5EKQea
bqCwBz0R+CEzS0toswgKz9rHyULJffxN3TafswdV4d2EAl8NbGejZRmXuhwEMNho
iVaxCvXq8eZ6kkKtHq2QJyFrCi9DyZeo/KmNuE0/YxzfYq2qhuoD+uH9E7DIicVX
wwJwueQTTNXDJJMYkilId2kEDLIooiVvE8zoMGzaBQ3G0c1MhMTwS6At+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHzrI5/gqxLG7hmX6PxlNNknrnNMB8GA1UdIwQY
MBaAFE8X/mDDquSBXdtb2Bae8Iiw/4gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhmLVlNT3E1SUZkMjF2WUZwN3dpTERfaUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzU4ZDQtN2E3My00ZDYyLWFmODYt
MjZmMDY2NjU5MGVkLzEvc2ZPc2puLUNyRXNidUdaZm9fR1UwMlNldWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzU4ZDQtN2E3My00ZDYyLWFmODYtMjZmMDY2NjU5MGVk
LzEvVHhmLVlNT3E1SUZkMjF2WUZwN3dpTERfaUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG8pMA0G
CSqGSIb3DQEBCwUAA4IBAQCGFhta1HuM0QmxljqI6daBwRRqa7m8q4SlGAG/TAhX
d086f9uaMSeOeeQIL5VBM7krp+BVaenZqmLhyyJuq4WN9g0XLUbthONmw9kmJFER
scR+4Sdez3e64/uiJ5fy8b6hUgVYQOdN/NVTa3j2pZsl2poq173wHwVjKEvb92hY
/f0zFYtch/xNn9qnhNwXR/YunYbe3wBDzYC4SWOfDeQnxLU68htgrypJG10w0Dum
k/vBbcQzsphdowfIOyYVCTAzrAPz+b3gkTjaotHHlVQJ20xugfER30VyflO6DAmO
8Jp1FBDp7GCu/SvXca9oTOv0fME8bzCOI/DnR37EXTUH
-----END CERTIFICATE-----