Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/4Qc-yn1UzAkfErKkrOplIM1TXXc.roa
File:                     4Qc-yn1UzAkfErKkrOplIM1TXXc.roa (raw, json)
Hash identifier:          c+WtB+oW1ahwXZOb81bw0sgcuUJbYdw60b7M9e0cWc8=
Subject key identifier:   E1:07:3E:CA:7D:54:CC:09:1F:12:B2:A4:AC:EA:65:20:CD:53:5D:77
Certificate issuer:       /CN=d884bfbdb323540e5c90c009e3de6c03d6bfccd3
Certificate serial:       019DDB7B12E81798249FF518A2F9A562DEEE
Authority key identifier: D8:84:BF:BD:B3:23:54:0E:5C:90:C0:09:E3:DE:6C:03:D6:BF:CC:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2IS_vbMjVA5ckMAJ495sA9a_zNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/4Qc-yn1UzAkfErKkrOplIM1TXXc.roa
Signing time:             Wed 29 Apr 2026 23:02:49 +0000
ROA not before:           Wed 29 Apr 2026 23:02:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49864
IP address blocks:        185.64.152.0/22 maxlen: 22
                          212.89.160.0/19 maxlen: 19
                          2a04:f9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/2IS_vbMjVA5ckMAJ495sA9a_zNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/2IS_vbMjVA5ckMAJ495sA9a_zNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2IS_vbMjVA5ckMAJ495sA9a_zNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:db:7b:12:e8:17:98:24:9f:f5:18:a2:f9:a5:62:de:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d884bfbdb323540e5c90c009e3de6c03d6bfccd3
        Validity
            Not Before: Apr 29 23:02:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1073eca7d54cc091f12b2a4acea6520cd535d77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:49:f9:64:b5:b1:98:22:f8:b7:6b:43:44:
                    2b:5b:23:fe:b3:14:42:c4:3d:c5:ff:6a:f3:76:76:
                    b6:b8:cf:43:0f:f0:62:91:ba:00:57:af:66:b7:db:
                    8f:4e:30:70:b1:22:5a:38:d2:b3:e6:58:0c:7b:e4:
                    7c:9b:bd:ec:a4:4e:5b:ea:56:64:23:43:0d:21:e6:
                    dc:32:a2:41:3d:df:cb:d4:fe:5f:dc:5f:7b:76:59:
                    13:10:09:2d:d4:02:6e:86:0c:f4:ae:b9:29:06:33:
                    65:83:0f:37:97:ad:0d:ad:4e:af:96:df:ec:c7:e9:
                    c1:81:d2:88:ef:2a:4f:98:ca:85:5c:9f:5f:9b:ff:
                    ca:32:96:55:b7:2b:91:f9:36:57:e2:12:10:a9:af:
                    42:a5:4a:66:7d:f5:c1:65:d1:be:de:47:75:e5:be:
                    88:4c:5e:49:b4:cd:d1:a7:c7:7a:30:57:81:4b:fd:
                    a8:af:4a:61:0b:0b:43:60:df:f1:49:08:47:4d:fc:
                    ed:a4:41:f3:66:81:a0:d2:fb:a5:4a:94:8c:bb:a9:
                    5d:65:83:24:d8:38:3b:0e:4e:5f:4f:78:31:d9:c2:
                    c1:95:f3:cf:ea:90:21:04:4b:85:5b:cb:85:59:9c:
                    46:83:3a:9c:03:c8:c4:a0:d4:39:dc:ae:df:11:03:
                    1f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:07:3E:CA:7D:54:CC:09:1F:12:B2:A4:AC:EA:65:20:CD:53:5D:77
            X509v3 Authority Key Identifier:
                keyid:D8:84:BF:BD:B3:23:54:0E:5C:90:C0:09:E3:DE:6C:03:D6:BF:CC:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2IS_vbMjVA5ckMAJ495sA9a_zNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/4Qc-yn1UzAkfErKkrOplIM1TXXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6ef698-fb54-4611-be82-d49a2ad6f222/1/2IS_vbMjVA5ckMAJ495sA9a_zNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.152.0/22
                  212.89.160.0/19
                IPv6:
                  2a04:f9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:17:00:65:75:47:c8:b9:d8:77:62:4e:74:2a:af:78:9c:ad:
         35:58:fe:9a:7e:2a:c0:95:d8:d9:db:a0:aa:52:74:84:08:74:
         63:30:36:cf:f7:d1:a7:7e:3f:7a:5e:b2:b9:7b:55:f4:7b:20:
         8f:58:5d:ee:ad:6b:3d:5d:5f:c5:25:8c:f6:d9:9c:62:69:08:
         a8:89:07:d9:02:2f:69:4d:24:59:82:a0:43:cd:9b:bc:3f:e3:
         0c:aa:42:d3:e1:3e:a0:33:f7:7b:0f:8b:79:e8:1d:2c:ca:bd:
         26:b4:5f:3c:b0:fe:9a:a1:9c:f5:17:9b:7c:ad:f7:c3:35:57:
         09:e5:8d:70:ec:40:a7:35:8f:18:2f:ad:43:3a:cc:1b:e3:f2:
         20:5b:95:53:7f:cf:8f:f0:5d:8f:90:cb:c7:e8:ac:8b:b4:e9:
         64:d5:a0:c9:f1:3f:17:eb:1d:31:58:ca:ad:c3:76:f4:d9:ba:
         8f:7c:33:cf:80:f2:7e:29:f4:a7:30:e8:7f:72:23:48:71:a6:
         55:c3:54:14:e9:ac:c6:1c:e3:46:12:a2:9d:70:18:a0:94:6e:
         68:d1:84:1d:2a:ff:83:2c:74:27:f0:04:07:49:a1:fd:18:13:
         1a:58:4f:41:a3:cb:8a:5d:40:8d:bd:d6:66:1e:39:f3:1f:e0:
         d9:76:aa:b5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ3bexLoF5gkn/UYovmlYt7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ODRiZmJkYjMyMzU0MGU1YzkwYzAwOWUzZGU2YzAzZDZi
ZmNjZDMwHhcNMjYwNDI5MjMwMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTA3M2VjYTdkNTRjYzA5MWYxMmIyYTRhY2VhNjUyMGNkNTM1ZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq5J+WS1sZgi+LdrQ0QrWyP+sxRC
xD3F/2rzdna2uM9DD/BikboAV69mt9uPTjBwsSJaONKz5lgMe+R8m73spE5b6lZk
I0MNIebcMqJBPd/L1P5f3F97dlkTEAkt1AJuhgz0rrkpBjNlgw83l60NrU6vlt/s
x+nBgdKI7ypPmMqFXJ9fm//KMpZVtyuR+TZX4hIQqa9CpUpmffXBZdG+3kd15b6I
TF5JtM3Rp8d6MFeBS/2or0phCwtDYN/xSQhHTfztpEHzZoGg0vulSpSMu6ldZYMk
2Dg7Dk5fT3gx2cLBlfPP6pAhBEuFW8uFWZxGgzqcA8jEoNQ53K7fEQMfBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOEHPsp9VMwJHxKypKzqZSDNU113MB8GA1UdIwQY
MBaAFNiEv72zI1QOXJDACePebAPWv8zTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMklTX3ZiTWpWQTVja01BSjQ5NXNBOWFfek5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi82ZWY2OTgtZmI1NC00NjExLWJlODIt
ZDQ5YTJhZDZmMjIyLzEvNFFjLXluMVV6QWtmRXJLa3JPcGxJTTFUWFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi82ZWY2OTgtZmI1NC00NjExLWJlODItZDQ5YTJhZDZmMjIy
LzEvMklTX3ZiTWpWQTVja01BSjQ5NXNBOWFfek5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUCYAwQF
1FmgMA0EAgACMAcDBQMqBPnAMA0GCSqGSIb3DQEBCwUAA4IBAQAHFwBldUfIudh3
Yk50Kq94nK01WP6afirAldjZ26CqUnSECHRjMDbP99Gnfj96XrK5e1X0eyCPWF3u
rWs9XV/FJYz22ZxiaQioiQfZAi9pTSRZgqBDzZu8P+MMqkLT4T6gM/d7D4t56B0s
yr0mtF88sP6aoZz1F5t8rffDNVcJ5Y1w7ECnNY8YL61DOswb4/IgW5VTf8+P8F2P
kMvH6KyLtOlk1aDJ8T8X6x0xWMqtw3b02bqPfDPPgPJ+KfSnMOh/ciNIcaZVw1QU
6azGHONGEqKdcBiglG5o0YQdKv+DLHQn8AQHSaH9GBMaWE9Bo8uKXUCNvdZmHjnz
H+DZdqq1
-----END CERTIFICATE-----