Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/e-QuVbBZP0z6jQWigsOwm4hvG2M.roa
File:                     e-QuVbBZP0z6jQWigsOwm4hvG2M.roa (raw, json)
Hash identifier:          CdjN47IiM1D5TKdkRRFupYq2/j0p58OI+Xr6blmjDGY=
Subject key identifier:   7B:E4:2E:55:B0:59:3F:4C:FA:8D:05:A2:82:C3:B0:9B:88:6F:1B:63
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019DF225B0C7B42CF7C2F536A85BDFAF3764
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/e-QuVbBZP0z6jQWigsOwm4hvG2M.roa
Signing time:             Mon 04 May 2026 08:40:49 +0000
ROA not before:           Mon 04 May 2026 08:40:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214961
IP address blocks:        104.239.66.0/24 maxlen: 24
                          104.249.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:25:b0:c7:b4:2c:f7:c2:f5:36:a8:5b:df:af:37:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  4 08:40:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7be42e55b0593f4cfa8d05a282c3b09b886f1b63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0b:27:57:a4:9b:35:9e:da:6e:18:b0:42:17:
                    72:8c:98:ec:fb:20:76:a5:0b:59:78:46:ba:00:d2:
                    87:14:a9:8b:59:b6:c1:f1:7f:e7:06:44:52:e8:b4:
                    8a:b0:1e:38:87:7d:2b:af:a2:04:05:3b:ef:e6:ea:
                    15:3d:2f:20:8a:5e:14:04:f1:a8:e2:37:36:d2:6a:
                    5d:ef:90:4c:57:53:d8:3c:ce:a1:37:11:06:6e:3a:
                    cf:88:a1:0d:7d:68:b4:d0:45:16:8c:9a:86:36:1e:
                    b3:b6:00:be:2f:e2:51:4f:6c:2e:4b:b2:93:80:92:
                    16:7f:66:60:d2:a1:d2:d3:b0:6f:66:63:be:75:f7:
                    8f:dc:df:65:06:f6:35:1d:d3:ed:2b:e2:11:e3:d7:
                    20:62:00:c8:eb:f1:4d:6b:2c:00:b8:55:5e:5f:ae:
                    9a:db:24:13:78:e9:d1:23:4a:09:88:65:0c:7d:c0:
                    68:94:79:a3:06:1c:89:69:36:d6:83:f4:cd:60:fd:
                    b2:e1:86:2c:33:76:c3:19:73:f5:9c:6a:2e:f1:4d:
                    70:eb:1e:37:d2:42:38:10:c2:04:8f:3f:0f:f2:02:
                    59:85:14:a4:3f:3b:06:06:43:0d:f1:a0:bf:b7:84:
                    f7:42:23:1b:67:74:35:45:81:c2:bb:1e:03:ef:78:
                    80:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E4:2E:55:B0:59:3F:4C:FA:8D:05:A2:82:C3:B0:9B:88:6F:1B:63
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/e-QuVbBZP0z6jQWigsOwm4hvG2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.239.66.0/24
                  104.249.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:66:fc:6b:55:d3:22:3e:95:ea:a9:26:ce:59:48:70:31:9d:
         cf:9c:a8:b7:9e:ac:3c:fb:8e:ad:84:7d:9e:a4:c9:38:f6:f6:
         2a:92:dc:e4:58:33:f2:70:ce:cd:ac:14:24:95:fb:94:f9:07:
         95:84:df:95:fa:80:78:de:58:2a:59:5d:0d:17:cc:26:20:05:
         64:77:1f:25:1f:35:3a:31:0f:f0:1c:5f:f4:d2:8c:5a:57:36:
         55:53:0c:ac:0f:d9:44:d5:fa:87:df:59:71:03:fb:f8:58:7d:
         a2:90:de:02:78:a8:b6:6d:83:ce:38:41:da:93:1e:7d:c6:24:
         03:3e:18:30:eb:73:c8:3a:98:3a:90:ba:d1:8c:88:49:7b:ef:
         00:91:66:55:dc:b9:35:e8:a9:03:13:3a:04:29:58:56:a8:05:
         10:1c:b0:fd:28:d3:23:08:f4:9c:5c:a1:a3:45:d9:14:5c:a4:
         81:ba:03:91:6a:10:e8:35:7a:dd:99:37:de:fa:a8:56:dd:e5:
         45:06:00:13:af:88:e1:51:b9:ac:80:fe:9b:14:cf:2d:69:7c:
         92:68:18:09:8b:26:37:34:a0:22:5e:12:2c:8f:51:a3:ca:fa:
         14:1a:1e:d4:19:1e:dd:4d:16:40:75:16:8d:ce:ea:26:4e:d4:
         b0:00:4c:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3yJbDHtCz3wvU2qFvfrzdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA0MDg0MDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmU0MmU1NWIwNTkzZjRjZmE4ZDA1YTI4MmMzYjA5Yjg4NmYxYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowsnV6SbNZ7abhiwQhdyjJjs+yB2
pQtZeEa6ANKHFKmLWbbB8X/nBkRS6LSKsB44h30rr6IEBTvv5uoVPS8gil4UBPGo
4jc20mpd75BMV1PYPM6hNxEGbjrPiKENfWi00EUWjJqGNh6ztgC+L+JRT2wuS7KT
gJIWf2Zg0qHS07BvZmO+dfeP3N9lBvY1HdPtK+IR49cgYgDI6/FNaywAuFVeX66a
2yQTeOnRI0oJiGUMfcBolHmjBhyJaTbWg/TNYP2y4YYsM3bDGXP1nGou8U1w6x43
0kI4EMIEjz8P8gJZhRSkPzsGBkMN8aC/t4T3QiMbZ3Q1RYHCux4D73iAawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvkLlWwWT9M+o0FooLDsJuIbxtjMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZS1RdVZiQlpQMHo2alFXaWdzT3dtNGh2RzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaO9CAwQA
aPkKMA0GCSqGSIb3DQEBCwUAA4IBAQByZvxrVdMiPpXqqSbOWUhwMZ3PnKi3nqw8
+46thH2epMk49vYqktzkWDPycM7NrBQklfuU+QeVhN+V+oB43lgqWV0NF8wmIAVk
dx8lHzU6MQ/wHF/00oxaVzZVUwysD9lE1fqH31lxA/v4WH2ikN4CeKi2bYPOOEHa
kx59xiQDPhgw63PIOpg6kLrRjIhJe+8AkWZV3Lk16KkDEzoEKVhWqAUQHLD9KNMj
CPScXKGjRdkUXKSBugORahDoNXrdmTfe+qhW3eVFBgATr4jhUbmsgP6bFM8taXyS
aBgJiyY3NKAiXhIsj1GjyvoUGh7UGR7dTRZAdRaNzuomTtSwAEw2
-----END CERTIFICATE-----