Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/w_T6EFPZaUGvh3SNpHomTjYrB14.roa
File:                     w_T6EFPZaUGvh3SNpHomTjYrB14.roa (raw, json)
Hash identifier:          je+SZ/sGCgwG+Y5wOAhwYIzsnc+ZmSUeG8ZjmfJviHI=
Subject key identifier:   C3:F4:FA:10:53:D9:69:41:AF:87:74:8D:A4:7A:26:4E:36:2B:07:5E
Certificate issuer:       /CN=46d94477c8b54d12ec8b3f7b6d9ae78e510b23d8
Certificate serial:       019CB424A7598644566AEF68B6D7051921F6
Authority key identifier: 46:D9:44:77:C8:B5:4D:12:EC:8B:3F:7B:6D:9A:E7:8E:51:0B:23:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/w_T6EFPZaUGvh3SNpHomTjYrB14.roa
Signing time:             Tue 03 Mar 2026 14:40:26 +0000
ROA not before:           Tue 03 Mar 2026 14:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.205.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:24:a7:59:86:44:56:6a:ef:68:b6:d7:05:19:21:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d94477c8b54d12ec8b3f7b6d9ae78e510b23d8
        Validity
            Not Before: Mar  3 14:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3f4fa1053d96941af87748da47a264e362b075e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e3:cd:fd:69:18:92:44:1a:7a:66:bb:c3:f0:
                    51:1e:4e:58:5c:30:d4:88:79:d1:46:05:c1:bd:e2:
                    13:5c:d8:05:22:54:83:73:75:fe:57:89:94:40:3a:
                    ab:41:dc:ed:00:80:ca:9c:11:73:50:d6:72:61:67:
                    c3:26:92:bd:21:16:39:2e:c4:c0:f5:69:50:03:96:
                    5b:41:11:e5:1f:f3:bf:7f:c0:08:7c:db:09:fa:71:
                    9a:9a:02:93:0c:c5:4d:3c:60:aa:89:ab:a4:7e:15:
                    38:6a:1b:25:26:a1:37:95:a0:ab:ab:66:1b:c8:51:
                    61:54:3e:99:3f:f0:ef:8e:0b:8e:85:a2:35:5d:08:
                    ba:03:23:fd:08:cd:63:3d:75:11:fd:83:50:df:fc:
                    b6:13:f8:32:c2:3c:c6:c7:56:dd:8a:8f:cd:af:f1:
                    8c:6c:94:fb:3c:95:db:77:81:95:ae:58:e1:91:36:
                    2b:c6:77:23:4b:67:21:60:58:3a:f6:f7:79:4f:62:
                    38:27:8d:df:c5:00:74:f6:67:3c:9c:f4:5c:f8:30:
                    89:3f:82:b4:da:e1:cd:01:84:a3:41:f0:f8:c5:3d:
                    cf:d7:48:84:da:8e:e9:93:f2:e6:d1:81:fe:02:9c:
                    4f:29:e4:e7:12:39:bf:ed:1a:2b:f8:4b:4c:46:6b:
                    a4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F4:FA:10:53:D9:69:41:AF:87:74:8D:A4:7A:26:4E:36:2B:07:5E
            X509v3 Authority Key Identifier:
                keyid:46:D9:44:77:C8:B5:4D:12:EC:8B:3F:7B:6D:9A:E7:8E:51:0B:23:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/w_T6EFPZaUGvh3SNpHomTjYrB14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f1:7d:20:bb:99:1c:bc:7b:a7:0d:88:0f:88:68:aa:e5:82:
         72:10:d9:37:a4:2f:4f:a2:0b:21:d3:33:15:26:8f:66:f8:16:
         b7:dc:17:34:03:f2:6d:30:bd:4a:a2:bc:ef:0e:20:e3:e7:54:
         35:12:6b:09:06:42:f0:ca:df:79:da:3a:f2:f1:ac:30:80:df:
         a9:e4:3d:cb:b9:15:0a:c3:5b:6a:c7:7d:37:93:0a:25:27:47:
         6d:72:e7:90:9c:b9:68:b8:0f:5a:99:d6:9e:b8:a3:18:72:bf:
         37:cd:c6:23:aa:d2:bb:13:c9:74:cc:c0:3f:56:e1:d1:57:08:
         1f:c0:69:f0:53:01:d7:22:c9:61:1a:97:99:5e:3e:80:74:0e:
         57:56:86:5a:a0:9f:3b:4e:e4:94:97:87:74:f6:36:05:77:8b:
         40:ba:ae:ab:bd:d2:dc:78:f4:b8:43:19:a7:0d:26:de:f0:e9:
         43:00:66:4e:18:64:aa:ec:c9:f6:04:d9:a3:c8:f0:9a:55:d8:
         4b:67:ff:9b:2d:2f:21:1f:6e:5c:9e:f0:87:c0:93:16:bb:28:
         bb:72:5a:c7:d4:98:fe:3e:6d:7c:45:3f:26:77:fe:e1:7e:b1:
         c3:5f:78:bd:37:59:37:1a:cd:10:28:a1:33:1d:6e:72:29:c6:
         2f:25:be:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy0JKdZhkRWau9ottcFGSH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDk0NDc3YzhiNTRkMTJlYzhiM2Y3YjZkOWFlNzhlNTEw
YjIzZDgwHhcNMjYwMzAzMTQ0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y0ZmExMDUzZDk2OTQxYWY4Nzc0OGRhNDdhMjY0ZTM2MmIwNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ePN/WkYkkQaema7w/BRHk5YXDDU
iHnRRgXBveITXNgFIlSDc3X+V4mUQDqrQdztAIDKnBFzUNZyYWfDJpK9IRY5LsTA
9WlQA5ZbQRHlH/O/f8AIfNsJ+nGamgKTDMVNPGCqiaukfhU4ahslJqE3laCrq2Yb
yFFhVD6ZP/DvjguOhaI1XQi6AyP9CM1jPXUR/YNQ3/y2E/gywjzGx1bdio/Nr/GM
bJT7PJXbd4GVrljhkTYrxncjS2chYFg69vd5T2I4J43fxQB09mc8nPRc+DCJP4K0
2uHNAYSjQfD4xT3P10iE2o7pk/Lm0YH+ApxPKeTnEjm/7Ror+EtMRmuk3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMP0+hBT2WlBr4d0jaR6Jk42KwdeMB8GA1UdIwQY
MBaAFEbZRHfItU0S7Is/e22a545RCyPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRsRWQ4aTFUUkxzaXo5N2Jacm5qbEVMSTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NGE0NTctM2M0OC00ZTAxLTkwYjAt
NWViNzVjMjMxOGFhLzEvd19UNkVGUFphVUd2aDNTTnBIb21UallyQjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NGE0NTctM2M0OC00ZTAxLTkwYjAtNWViNzVjMjMxOGFh
LzEvUnRsRWQ4aTFUUkxzaXo5N2Jacm5qbEVMSTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc0jMA0G
CSqGSIb3DQEBCwUAA4IBAQCE8X0gu5kcvHunDYgPiGiq5YJyENk3pC9Pogsh0zMV
Jo9m+Ba33Bc0A/JtML1KorzvDiDj51Q1EmsJBkLwyt952jry8awwgN+p5D3LuRUK
w1tqx303kwolJ0dtcueQnLlouA9amdaeuKMYcr83zcYjqtK7E8l0zMA/VuHRVwgf
wGnwUwHXIslhGpeZXj6AdA5XVoZaoJ87TuSUl4d09jYFd4tAuq6rvdLcePS4Qxmn
DSbe8OlDAGZOGGSq7Mn2BNmjyPCaVdhLZ/+bLS8hH25cnvCHwJMWuyi7clrH1Jj+
Pm18RT8md/7hfrHDX3i9N1k3Gs0QKKEzHW5yKcYvJb7v
-----END CERTIFICATE-----