Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vLGG4XT6U4R84GYFlgWID6FVTYo.roa
File:                     vLGG4XT6U4R84GYFlgWID6FVTYo.roa (raw, json)
Hash identifier:          1p2xRJGAzlta4N8r/znqYRxAmlFfAhoXY6HAqmiCcI8=
Subject key identifier:   BC:B1:86:E1:74:FA:53:84:7C:E0:66:05:96:05:88:0F:A1:55:4D:8A
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019E00AB8DF498908D3E3686BB36897242E8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vLGG4XT6U4R84GYFlgWID6FVTYo.roa
Signing time:             Thu 07 May 2026 04:21:43 +0000
ROA not before:           Thu 07 May 2026 04:21:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        194.231.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:00:ab:8d:f4:98:90:8d:3e:36:86:bb:36:89:72:42:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May  7 04:21:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcb186e174fa53847ce066059605880fa1554d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:0a:fc:9f:44:10:25:32:7f:79:c4:85:90:f8:
                    37:c8:0e:af:c6:9c:42:ee:f3:e7:56:a0:fc:43:ac:
                    e5:9a:90:88:04:6c:eb:bd:c9:cd:b4:23:71:4e:04:
                    8e:dc:94:0e:10:36:2b:b3:13:64:c8:bb:f2:69:5f:
                    c9:fa:4a:37:97:f2:e5:54:f2:e5:38:46:3d:79:f5:
                    af:04:56:f9:0a:17:e4:d0:a7:0e:bd:b6:70:00:8f:
                    6e:d1:04:5d:4a:5b:36:2b:f0:85:5f:81:7e:67:80:
                    60:74:0b:ba:24:78:58:5d:ef:81:33:dd:ed:c8:74:
                    b8:96:0d:99:79:f1:2a:6d:55:a4:34:f5:e9:70:1b:
                    b0:25:f6:37:b7:75:71:77:69:18:3c:f2:75:e0:a2:
                    92:e9:19:76:ca:ad:50:28:14:94:20:7a:9e:28:e8:
                    2a:97:b2:a0:5b:67:c4:41:61:40:43:cc:e3:9c:ab:
                    17:08:de:20:0e:ea:06:bb:b2:b8:04:bd:2c:38:0e:
                    1a:05:f8:d8:37:2e:76:77:aa:48:ad:2f:c2:cd:8d:
                    fe:56:d2:11:8f:50:8b:a8:f0:03:f2:5b:b1:f0:88:
                    e4:f8:26:a4:35:2d:7e:8a:69:1a:86:a0:ae:fc:75:
                    c9:30:94:40:11:7c:49:a4:94:35:75:d7:c9:58:d6:
                    84:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B1:86:E1:74:FA:53:84:7C:E0:66:05:96:05:88:0F:A1:55:4D:8A
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vLGG4XT6U4R84GYFlgWID6FVTYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:14:3b:ca:61:14:6a:c8:ff:1b:14:c9:03:aa:b0:cc:f8:99:
         7f:c8:c1:b2:b6:93:8b:fc:51:48:f4:d2:3d:4d:15:c1:7c:3f:
         aa:29:27:45:ed:c6:01:6a:68:9c:13:c9:95:ff:90:1e:13:9b:
         54:96:66:40:4f:af:20:75:fa:74:0f:9b:90:c5:47:61:e2:9f:
         9b:57:b0:9a:6d:f9:8e:66:52:38:32:22:f6:84:2f:cd:33:ff:
         34:7c:e3:47:93:c9:83:51:f5:aa:07:6e:98:06:9e:e5:50:40:
         75:41:e1:c0:dc:15:1d:07:26:fb:7a:11:b0:43:66:ff:97:4e:
         23:90:ac:6a:a7:fa:83:3c:75:b3:bd:5f:03:bf:f1:84:bf:23:
         a8:d7:6b:7e:c0:f2:9d:36:ba:07:7a:4f:89:10:05:54:21:54:
         0a:c6:ab:b7:4f:6f:8a:ec:aa:a4:1a:1a:cf:d6:36:17:e3:cc:
         41:e5:75:ff:4b:3e:49:2a:5d:83:c6:56:b2:de:40:cc:bd:74:
         06:3e:b0:2c:99:2f:f4:64:9b:66:7f:a4:34:a4:d7:a1:13:19:
         26:d5:00:13:35:3c:c1:f1:b3:5d:6e:36:25:f7:18:2c:21:da:
         4a:3f:48:c8:3e:8a:99:de:fc:38:80:f8:6f:5d:c4:63:66:35:
         35:d4:ae:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Aq430mJCNPjaGuzaJckLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNTA3MDQyMTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2IxODZlMTc0ZmE1Mzg0N2NlMDY2MDU5NjA1ODgwZmExNTU0ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Qr8n0QQJTJ/ecSFkPg3yA6vxpxC
7vPnVqD8Q6zlmpCIBGzrvcnNtCNxTgSO3JQOEDYrsxNkyLvyaV/J+ko3l/LlVPLl
OEY9efWvBFb5Chfk0KcOvbZwAI9u0QRdSls2K/CFX4F+Z4BgdAu6JHhYXe+BM93t
yHS4lg2ZefEqbVWkNPXpcBuwJfY3t3Vxd2kYPPJ14KKS6Rl2yq1QKBSUIHqeKOgq
l7KgW2fEQWFAQ8zjnKsXCN4gDuoGu7K4BL0sOA4aBfjYNy52d6pIrS/CzY3+VtIR
j1CLqPAD8lux8Ijk+CakNS1+imkahqCu/HXJMJRAEXxJpJQ1ddfJWNaEYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyxhuF0+lOEfOBmBZYFiA+hVU2KMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdkxHRzRYVDZVNFI4NEdZRmxnV0lENkZWVFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufIMA0G
CSqGSIb3DQEBCwUAA4IBAQB0FDvKYRRqyP8bFMkDqrDM+Jl/yMGytpOL/FFI9NI9
TRXBfD+qKSdF7cYBamicE8mV/5AeE5tUlmZAT68gdfp0D5uQxUdh4p+bV7CabfmO
ZlI4MiL2hC/NM/80fONHk8mDUfWqB26YBp7lUEB1QeHA3BUdByb7ehGwQ2b/l04j
kKxqp/qDPHWzvV8Dv/GEvyOo12t+wPKdNroHek+JEAVUIVQKxqu3T2+K7KqkGhrP
1jYX48xB5XX/Sz5JKl2Dxlay3kDMvXQGPrAsmS/0ZJtmf6Q0pNehExkm1QATNTzB
8bNdbjYl9xgsIdpKP0jIPoqZ3vw4gPhvXcRjZjU11K7n
-----END CERTIFICATE-----