Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/1JViNUEn6ga0QROJtxU4AEvMLww.roa
File:                     1JViNUEn6ga0QROJtxU4AEvMLww.roa (raw, json)
Hash identifier:          jcckW1pekqq2a3ZEiyHcZr/yXCAySkb6WGxv2ggL9FI=
Subject key identifier:   D4:95:62:35:41:27:EA:06:B4:41:13:89:B7:15:38:00:4B:CC:2F:0C
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       019DB98D1EB0B4F70FD8F18A8928C785DA21
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/1JViNUEn6ga0QROJtxU4AEvMLww.roa
Signing time:             Thu 23 Apr 2026 08:55:26 +0000
ROA not before:           Thu 23 Apr 2026 08:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207821
IP address blocks:        94.142.230.0/23 maxlen: 24
                          94.142.230.0/24 maxlen: 24
                          94.142.231.0/24 maxlen: 24
                          2a0a:2782::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:8d:1e:b0:b4:f7:0f:d8:f1:8a:89:28:c7:85:da:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Apr 23 08:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d49562354127ea06b4411389b71538004bcc2f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f5:c3:81:8c:2d:1c:d7:2a:fe:45:33:66:46:
                    a0:5e:5e:b7:3a:9e:0f:55:1e:5a:af:2b:5a:24:33:
                    4b:b3:9a:1f:cc:38:da:a9:70:f2:82:6b:ee:9c:d5:
                    61:84:2b:e7:d4:d1:4f:7b:c4:b7:7a:81:18:a9:4f:
                    33:6e:98:5f:80:fe:17:1c:0d:cf:90:4e:ec:41:d7:
                    84:e0:64:c5:72:2c:1d:22:ac:67:a5:d4:ed:86:b7:
                    ba:77:d2:54:35:e8:ce:93:d2:35:65:e4:39:a5:c0:
                    41:52:3b:11:be:5d:83:8a:0b:76:8f:bf:f3:1a:c3:
                    48:fc:2c:69:0e:51:02:0a:2e:6e:3b:a8:fe:3f:c3:
                    ba:ad:11:70:54:2d:91:59:42:6b:73:8f:1e:ef:0c:
                    fd:01:7a:c3:94:35:14:63:a0:c6:00:0c:02:b0:11:
                    f5:ca:92:b6:82:ba:0e:1a:21:6e:b9:78:f4:13:1e:
                    ca:03:d2:60:0d:ad:fa:e4:f8:51:7c:b3:79:ea:54:
                    60:42:7e:15:c6:1e:ae:06:cc:9a:c9:34:78:9c:40:
                    35:99:4c:3b:19:dd:97:21:a5:ad:62:e4:f9:74:f4:
                    78:f7:19:e9:1e:8a:25:4e:72:f4:4b:3a:3a:50:7f:
                    64:dc:01:a5:ca:80:58:b2:58:c1:19:1d:e7:5a:bf:
                    a0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:95:62:35:41:27:EA:06:B4:41:13:89:B7:15:38:00:4B:CC:2F:0C
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/1JViNUEn6ga0QROJtxU4AEvMLww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.230.0/23
                IPv6:
                  2a0a:2782::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:a7:29:04:a3:cd:c1:e8:4c:c7:0d:76:4e:43:ff:47:35:0c:
         15:7f:be:37:d8:2f:4d:b9:cf:9c:41:cc:54:01:93:f6:23:f1:
         e8:56:fd:fc:c7:2a:8d:e6:74:bd:ce:fa:c8:32:77:2d:39:1e:
         29:34:f6:00:8c:61:3f:05:74:77:4b:6b:09:80:c5:ee:cb:eb:
         13:a5:24:a4:fe:ac:54:c3:15:9c:92:40:49:e2:ae:f3:a7:e8:
         76:53:e8:8b:e6:73:11:13:b7:af:b3:0a:1f:b1:d8:28:76:c7:
         d5:c5:eb:54:87:aa:d5:8e:0b:1d:44:ca:4b:42:f9:2e:7b:8c:
         6e:68:56:c0:69:58:71:ac:59:e7:45:a3:7e:b1:47:ed:48:0f:
         65:2b:55:de:62:5e:cc:e3:d6:9d:c4:d9:53:10:00:a0:8d:38:
         e9:e5:cb:9c:9f:ee:62:a8:ee:81:6d:6e:a0:c2:79:b3:df:41:
         f7:77:52:2e:f7:f9:79:e4:02:af:74:90:b7:74:2d:97:6e:3d:
         b6:1e:30:a2:41:83:44:a2:d4:53:5a:17:26:e2:34:39:8b:b4:
         4b:a2:d0:2e:20:1d:61:47:b0:65:50:0a:be:41:31:40:06:3c:
         6a:bb:57:31:21:c6:54:28:66:9e:51:7a:ac:94:1c:e2:06:d5:
         3d:2d:79:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ25jR6wtPcP2PGKiSjHhdohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjYwNDIzMDg1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk1NjIzNTQxMjdlYTA2YjQ0MTEzODliNzE1MzgwMDRiY2MyZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfXDgYwtHNcq/kUzZkagXl63Op4P
VR5arytaJDNLs5ofzDjaqXDygmvunNVhhCvn1NFPe8S3eoEYqU8zbphfgP4XHA3P
kE7sQdeE4GTFciwdIqxnpdTthre6d9JUNejOk9I1ZeQ5pcBBUjsRvl2Digt2j7/z
GsNI/CxpDlECCi5uO6j+P8O6rRFwVC2RWUJrc48e7wz9AXrDlDUUY6DGAAwCsBH1
ypK2groOGiFuuXj0Ex7KA9JgDa365PhRfLN56lRgQn4Vxh6uBsyayTR4nEA1mUw7
Gd2XIaWtYuT5dPR49xnpHoolTnL0Szo6UH9k3AGlyoBYsljBGR3nWr+gcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNSVYjVBJ+oGtEETibcVOABLzC8MMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvMUpWaU5VRW42Z2EwUVJPSnR4VTRBRXZNTHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBXo7mMA0E
AgACMAcDBQAqCieCMA0GCSqGSIb3DQEBCwUAA4IBAQB1pykEo83B6EzHDXZOQ/9H
NQwVf7432C9Nuc+cQcxUAZP2I/HoVv38xyqN5nS9zvrIMnctOR4pNPYAjGE/BXR3
S2sJgMXuy+sTpSSk/qxUwxWckkBJ4q7zp+h2U+iL5nMRE7evswofsdgodsfVxetU
h6rVjgsdRMpLQvkue4xuaFbAaVhxrFnnRaN+sUftSA9lK1XeYl7M49adxNlTEACg
jTjp5cucn+5iqO6BbW6gwnmz30H3d1Iu9/l55AKvdJC3dC2Xbj22HjCiQYNEotRT
Whcm4jQ5i7RLotAuIB1hR7BlUAq+QTFABjxqu1cxIcZUKGaeUXqslBziBtU9LXn0
-----END CERTIFICATE-----