Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/tMEuHaFPY4kD-tPteRyY85T6M9w.roa
File:                     tMEuHaFPY4kD-tPteRyY85T6M9w.roa (raw, json)
Hash identifier:          Nokltfdj+exPK9W5Vsa9gLMwr0rFCf9yZNEQrosWEMI=
Subject key identifier:   B4:C1:2E:1D:A1:4F:63:89:03:FA:D3:ED:79:1C:98:F3:94:FA:33:DC
Certificate issuer:       /CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
Certificate serial:       019DB44139067FACE9AD206230956A8408A2
Authority key identifier: 11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/tMEuHaFPY4kD-tPteRyY85T6M9w.roa
Signing time:             Wed 22 Apr 2026 08:14:26 +0000
ROA not before:           Wed 22 Apr 2026 08:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208355
IP address blocks:        95.133.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:41:39:06:7f:ac:e9:ad:20:62:30:95:6a:84:08:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
        Validity
            Not Before: Apr 22 08:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4c12e1da14f638903fad3ed791c98f394fa33dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:10:b1:a0:b8:09:3b:5d:07:bf:1d:c1:4b:78:
                    11:2e:df:6d:95:24:42:fa:af:e5:66:f1:b8:22:a0:
                    a0:cc:05:80:ee:7d:35:26:7b:d3:0e:92:3b:d9:36:
                    35:54:e9:e9:3b:82:ef:59:90:9c:82:e1:f8:34:d3:
                    9a:08:41:69:92:77:6f:eb:5f:2e:82:64:06:3f:76:
                    5d:cf:28:98:08:6b:04:2a:51:30:c5:48:86:41:a2:
                    ef:70:ae:a5:c8:d4:69:ac:c6:df:26:a3:fd:c8:5c:
                    5b:3b:d2:6a:8e:f0:07:b9:83:83:c0:27:23:b3:db:
                    55:1d:2a:d6:39:dd:14:03:1f:6f:57:7b:c7:56:a1:
                    64:20:70:3c:b2:5a:98:d5:a4:99:8e:54:48:f9:b3:
                    24:5a:df:7e:28:aa:29:a0:8b:64:06:88:2f:5f:93:
                    bb:c3:5e:d3:ba:94:ae:68:60:ed:94:e3:82:c8:7b:
                    27:fa:88:f3:a2:d3:a4:73:c8:9f:8e:eb:fd:0f:a3:
                    f5:4d:ac:12:20:89:88:71:38:25:11:eb:b7:76:90:
                    93:2d:62:81:4c:66:7c:29:18:83:85:ae:bb:e9:88:
                    27:df:6b:51:fb:7e:dc:c3:9d:e1:e6:fb:95:9a:ed:
                    14:07:d3:67:56:b6:95:9b:e7:e7:78:e6:33:d0:3b:
                    20:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C1:2E:1D:A1:4F:63:89:03:FA:D3:ED:79:1C:98:F3:94:FA:33:DC
            X509v3 Authority Key Identifier:
                keyid:11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/tMEuHaFPY4kD-tPteRyY85T6M9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.133.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:52:08:6a:1c:54:84:c1:ce:68:c8:2c:3f:8c:1e:6e:b2:f2:
         30:e3:9f:6f:92:d4:6d:3a:ca:e3:ea:a0:92:15:a3:fb:51:29:
         a9:f6:43:e7:1a:4c:c0:c4:9c:50:5b:17:c5:06:5d:a2:65:4f:
         de:ba:2f:52:73:25:93:32:8d:99:ef:f9:31:75:d0:35:74:ab:
         f5:8d:e7:56:9b:28:c9:10:7c:7a:48:f3:05:43:2b:13:4c:47:
         12:1d:b1:72:33:a6:e6:fd:1e:55:26:0f:3b:b5:d7:ee:e1:65:
         36:26:98:24:46:32:fd:94:5a:4c:31:09:49:d8:6d:f3:32:ce:
         21:4c:ae:0a:21:bc:d0:a5:e8:d7:dc:90:0c:40:a4:85:1a:91:
         11:41:f0:ab:6a:d1:79:94:02:83:cf:fb:06:cc:7f:b2:e8:83:
         3c:88:54:e0:ab:46:ba:c9:bb:23:dc:59:4c:5b:fb:2d:bf:35:
         03:e3:8d:68:8e:ff:2e:28:4d:e8:ff:29:83:e2:fe:b0:a6:bd:
         1b:47:59:0c:04:27:3f:a8:e5:ec:f4:2b:f0:86:42:fe:9b:e0:
         07:9b:56:aa:48:77:d9:74:61:be:20:c5:48:45:8b:14:f4:7b:
         55:1e:a6:39:bf:3e:46:7e:d8:61:0f:3c:77:77:3b:58:75:dd:
         4b:41:f8:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20QTkGf6zprSBiMJVqhAiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTM4NjQ1NThiZjQyODkyYmY5ZTUzNTliZGIxM2YwM2Iy
NTI3YTkwHhcNMjYwNDIyMDgxNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGMxMmUxZGExNGY2Mzg5MDNmYWQzZWQ3OTFjOThmMzk0ZmEzM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhCxoLgJO10Hvx3BS3gRLt9tlSRC
+q/lZvG4IqCgzAWA7n01JnvTDpI72TY1VOnpO4LvWZCcguH4NNOaCEFpkndv618u
gmQGP3ZdzyiYCGsEKlEwxUiGQaLvcK6lyNRprMbfJqP9yFxbO9JqjvAHuYODwCcj
s9tVHSrWOd0UAx9vV3vHVqFkIHA8slqY1aSZjlRI+bMkWt9+KKopoItkBogvX5O7
w17TupSuaGDtlOOCyHsn+ojzotOkc8ifjuv9D6P1TawSIImIcTglEeu3dpCTLWKB
TGZ8KRiDha676Ygn32tR+37cw53h5vuVmu0UB9NnVraVm+fneOYz0DsgXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTBLh2hT2OJA/rT7XkcmPOU+jPcMB8GA1UdIwQY
MBaAFBGjhkVYv0KJK/nlNZvbE/A7JSepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAt
MDg1N2UzZWMwM2UwLzEvdE1FdUhhRlBZNGtELXRQdGVSeVk4NVQ2TTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAtMDg1N2UzZWMwM2Uw
LzEvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4WLMA0G
CSqGSIb3DQEBCwUAA4IBAQBnUghqHFSEwc5oyCw/jB5usvIw459vktRtOsrj6qCS
FaP7USmp9kPnGkzAxJxQWxfFBl2iZU/eui9ScyWTMo2Z7/kxddA1dKv1jedWmyjJ
EHx6SPMFQysTTEcSHbFyM6bm/R5VJg87tdfu4WU2JpgkRjL9lFpMMQlJ2G3zMs4h
TK4KIbzQpejX3JAMQKSFGpERQfCratF5lAKDz/sGzH+y6IM8iFTgq0a6ybsj3FlM
W/stvzUD441ojv8uKE3o/ymD4v6wpr0bR1kMBCc/qOXs9CvwhkL+m+AHm1aqSHfZ
dGG+IMVIRYsU9HtVHqY5vz5GfthhDzx3dztYdd1LQfj/
-----END CERTIFICATE-----