Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/yFuVWHle_EODr6oqBjWHVTrt71M.roa
File:                     yFuVWHle_EODr6oqBjWHVTrt71M.roa (raw, json)
Hash identifier:          FvxfVlIlfPcbKHm/6ZEVqsvGQ4GeI2lbgGkgxelFrnc=
Subject key identifier:   C8:5B:95:58:79:5E:FC:43:83:AF:AA:2A:06:35:87:55:3A:ED:EF:53
Certificate issuer:       /CN=0adb9b83d8d6a3926942381389d41b248b8dcde3
Certificate serial:       019D71268624F0B280AF79015687429B63DF
Authority key identifier: 0A:DB:9B:83:D8:D6:A3:92:69:42:38:13:89:D4:1B:24:8B:8D:CD:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ctubg9jWo5JpQjgTidQbJIuNzeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/yFuVWHle_EODr6oqBjWHVTrt71M.roa
Signing time:             Thu 09 Apr 2026 07:30:43 +0000
ROA not before:           Thu 09 Apr 2026 07:30:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8534
IP address blocks:        195.250.96.0/22 maxlen: 22
                          195.250.100.0/22 maxlen: 22
                          195.250.104.0/21 maxlen: 21
                          195.250.112.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/Ctubg9jWo5JpQjgTidQbJIuNzeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/Ctubg9jWo5JpQjgTidQbJIuNzeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ctubg9jWo5JpQjgTidQbJIuNzeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:26:86:24:f0:b2:80:af:79:01:56:87:42:9b:63:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0adb9b83d8d6a3926942381389d41b248b8dcde3
        Validity
            Not Before: Apr  9 07:30:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c85b9558795efc4383afaa2a063587553aedef53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:14:6f:71:a0:e8:59:ca:e9:2e:86:dd:95:15:
                    8e:86:02:d5:8d:d5:89:ed:03:1a:87:df:6a:c4:3d:
                    0e:78:6d:8f:90:1b:5d:fc:cb:86:b0:00:69:de:33:
                    07:43:5a:75:d0:b1:10:71:ef:16:d8:b1:4b:77:d2:
                    12:5a:81:f6:ad:2e:d9:12:1b:b9:62:0e:46:d1:6a:
                    c7:11:1e:83:1f:81:7b:05:ea:39:01:d2:da:92:f0:
                    08:34:7f:77:af:67:24:c1:2b:79:35:0b:97:0d:12:
                    86:cf:6f:0c:4e:4d:b8:d4:3f:5b:3b:a3:8c:ba:60:
                    85:4f:da:29:2d:e3:1a:39:e1:ea:0c:f2:cf:b2:42:
                    95:b6:e1:3f:c1:31:dc:cb:15:fd:73:0b:09:a2:ac:
                    14:bd:8a:77:08:a5:a5:a9:cf:1f:b5:a0:57:85:8b:
                    68:99:07:25:06:63:5e:fd:9a:1c:25:15:11:bb:78:
                    ec:08:9d:b0:2c:15:25:63:9d:b0:f8:5b:47:19:df:
                    04:b3:11:1b:e9:e7:8e:ad:c9:3c:08:07:bd:f7:d4:
                    75:51:09:ac:4a:19:ea:c8:e2:c0:63:8f:2b:56:a2:
                    29:1c:96:be:ca:0a:08:25:ab:45:5b:2f:ca:85:49:
                    a0:37:4c:f8:54:ee:29:33:e9:3b:1f:79:7a:2e:c0:
                    1b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5B:95:58:79:5E:FC:43:83:AF:AA:2A:06:35:87:55:3A:ED:EF:53
            X509v3 Authority Key Identifier:
                keyid:0A:DB:9B:83:D8:D6:A3:92:69:42:38:13:89:D4:1B:24:8B:8D:CD:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ctubg9jWo5JpQjgTidQbJIuNzeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/yFuVWHle_EODr6oqBjWHVTrt71M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/6b552a-6415-4f8b-8242-12daa9b9e4d2/1/Ctubg9jWo5JpQjgTidQbJIuNzeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3d:47:51:86:1a:50:f5:67:64:0f:1e:20:f4:03:4c:ae:72:dd:
         9c:3a:53:33:60:93:0a:95:35:d1:13:6c:dc:ed:7a:2f:05:aa:
         a1:77:cb:ac:99:a5:76:8f:3b:99:44:fc:3b:b9:bc:35:b2:4f:
         27:95:16:c8:fc:4e:06:b5:4c:71:db:07:1a:a4:33:0e:fe:19:
         70:ad:22:b5:46:49:71:17:81:09:3c:1e:55:45:bd:41:30:93:
         04:5b:d8:d4:3b:03:9e:3a:10:64:3b:d4:20:dc:be:6d:b4:b6:
         ee:07:d9:06:bf:44:57:88:95:20:a7:b9:98:02:44:c0:13:9f:
         70:3d:01:d1:99:ac:ae:f4:ef:c0:aa:ba:23:36:10:a9:fa:4d:
         1a:58:b5:2c:42:30:6f:38:d5:88:cf:9a:a5:db:b7:44:1a:eb:
         91:ac:5c:40:88:42:7b:89:54:2c:3a:2c:c1:33:e8:25:1a:53:
         79:bc:6b:33:cc:3b:55:c4:39:0c:bd:34:57:5d:a8:6e:08:1b:
         02:ad:8e:d0:fc:41:bf:bc:25:b7:02:52:b5:b2:0b:22:5d:75:
         fd:d6:6e:37:85:f4:fc:18:07:3b:bc:a0:6f:91:3c:be:47:78:
         d0:05:dc:3a:77:49:a5:70:20:0a:be:6d:6a:3a:58:97:a4:bd:
         7b:72:c7:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xJoYk8LKAr3kBVodCm2PfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZGI5YjgzZDhkNmEzOTI2OTQyMzgxMzg5ZDQxYjI0OGI4
ZGNkZTMwHhcNMjYwNDA5MDczMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODViOTU1ODc5NWVmYzQzODNhZmFhMmEwNjM1ODc1NTNhZWRlZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxRvcaDoWcrpLobdlRWOhgLVjdWJ
7QMah99qxD0OeG2PkBtd/MuGsABp3jMHQ1p10LEQce8W2LFLd9ISWoH2rS7ZEhu5
Yg5G0WrHER6DH4F7Beo5AdLakvAINH93r2ckwSt5NQuXDRKGz28MTk241D9bO6OM
umCFT9opLeMaOeHqDPLPskKVtuE/wTHcyxX9cwsJoqwUvYp3CKWlqc8ftaBXhYto
mQclBmNe/ZocJRURu3jsCJ2wLBUlY52w+FtHGd8EsxEb6eeOrck8CAe999R1UQms
ShnqyOLAY48rVqIpHJa+ygoIJatFWy/KhUmgN0z4VO4pM+k7H3l6LsAbpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhblVh5XvxDg6+qKgY1h1U67e9TMB8GA1UdIwQY
MBaAFArbm4PY1qOSaUI4E4nUGySLjc3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3R1Ymc5aldvNUpwUWpnVGlkUWJKSXVOemVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My82YjU1MmEtNjQxNS00ZjhiLTgyNDIt
MTJkYWE5YjllNGQyLzEveUZ1VldIbGVfRU9EcjZvcUJqV0hWVHJ0NzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My82YjU1MmEtNjQxNS00ZjhiLTgyNDItMTJkYWE5YjllNGQy
LzEvQ3R1Ymc5aldvNUpwUWpnVGlkUWJKSXVOemVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw/pgMA0G
CSqGSIb3DQEBCwUAA4IBAQA9R1GGGlD1Z2QPHiD0A0yuct2cOlMzYJMKlTXRE2zc
7XovBaqhd8usmaV2jzuZRPw7ubw1sk8nlRbI/E4GtUxx2wcapDMO/hlwrSK1Rklx
F4EJPB5VRb1BMJMEW9jUOwOeOhBkO9Qg3L5ttLbuB9kGv0RXiJUgp7mYAkTAE59w
PQHRmayu9O/AqrojNhCp+k0aWLUsQjBvONWIz5ql27dEGuuRrFxAiEJ7iVQsOizB
M+glGlN5vGszzDtVxDkMvTRXXahuCBsCrY7Q/EG/vCW3AlK1sgsiXXX91m43hfT8
GAc7vKBvkTy+R3jQBdw6d0mlcCAKvm1qOliXpL17csd+
-----END CERTIFICATE-----