Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/J6MDysEdSDqpfEKGzsYRb5JJurM.roa
File:                     J6MDysEdSDqpfEKGzsYRb5JJurM.roa (raw, json)
Hash identifier:          UOMYa9Ddu00FwSsUCK8E9aTAp2SOrOcZP7FkvyKmDVg=
Subject key identifier:   27:A3:03:CA:C1:1D:48:3A:A9:7C:42:86:CE:C6:11:6F:92:49:BA:B3
Certificate issuer:       /CN=4da92dc9cbc1c81c73a69f315a531b47f44e3c54
Certificate serial:       019B797ED83982C2CD947C33E62DCFDC28D7
Authority key identifier: 4D:A9:2D:C9:CB:C1:C8:1C:73:A6:9F:31:5A:53:1B:47:F4:4E:3C:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/J6MDysEdSDqpfEKGzsYRb5JJurM.roa
Signing time:             Thu 01 Jan 2026 12:18:34 +0000
ROA not before:           Thu 01 Jan 2026 12:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207707
IP address blocks:        46.31.72.0/24 maxlen: 24
                          46.31.73.0/24 maxlen: 24
                          46.31.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:d8:39:82:c2:cd:94:7c:33:e6:2d:cf:dc:28:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da92dc9cbc1c81c73a69f315a531b47f44e3c54
        Validity
            Not Before: Jan  1 12:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27a303cac11d483aa97c4286cec6116f9249bab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ce:fa:72:e4:54:37:db:1a:2c:0e:07:c6:91:
                    ec:6c:59:bc:bc:37:1d:3a:6c:1a:29:02:83:74:39:
                    52:a9:1c:96:12:76:2e:50:5f:dd:bc:50:90:e2:a5:
                    0f:f2:ba:08:15:89:a3:40:9c:c6:51:d9:5b:a6:9d:
                    08:a0:c6:74:d9:47:7d:d9:73:12:d4:f6:89:81:da:
                    79:1c:42:a0:e4:bd:5f:68:2c:fd:64:04:68:ba:d7:
                    60:da:e8:28:03:8a:ed:59:39:b0:f8:1b:af:c0:54:
                    ef:ac:4b:f1:61:24:4c:12:e0:97:77:9c:e9:90:ac:
                    35:3f:f2:19:5e:22:bc:07:7b:02:3c:1b:4f:21:4f:
                    ef:7c:19:f3:11:3f:86:30:d0:21:ed:6d:58:cd:c3:
                    5a:ee:09:64:30:ad:64:b6:d9:c0:08:f5:0d:b4:ea:
                    d4:44:16:13:63:df:8a:18:2a:c2:48:c9:f8:f0:ae:
                    d9:ae:6a:40:db:12:dd:a0:c3:d8:5c:b6:75:ea:f9:
                    81:e8:9b:29:36:3d:f4:43:9b:31:b4:21:5d:a4:6b:
                    57:0a:09:cd:10:95:f2:d5:b2:e2:ee:0e:48:2d:f3:
                    9b:cb:79:d3:ec:9d:3c:66:a0:eb:32:a9:09:e1:b8:
                    26:e8:78:59:d1:8b:00:c9:26:13:d1:cf:6c:9b:c4:
                    b0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A3:03:CA:C1:1D:48:3A:A9:7C:42:86:CE:C6:11:6F:92:49:BA:B3
            X509v3 Authority Key Identifier:
                keyid:4D:A9:2D:C9:CB:C1:C8:1C:73:A6:9F:31:5A:53:1B:47:F4:4E:3C:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/J6MDysEdSDqpfEKGzsYRb5JJurM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.72.0-46.31.74.255

    Signature Algorithm: sha256WithRSAEncryption
         19:c6:13:0f:84:9d:09:5f:b9:2f:18:6e:d0:b7:de:38:ca:fa:
         10:7a:c5:92:2f:22:54:ad:f0:9c:10:91:39:d4:a9:6f:d6:ea:
         91:e4:57:33:59:5b:7f:41:6c:b4:8b:5d:46:bd:42:08:ea:b5:
         07:af:a3:e9:21:cd:b3:bd:e1:1f:bc:b6:26:cc:8c:4f:45:4f:
         7a:38:9d:f8:f3:6f:e2:eb:f8:14:0f:e4:53:7e:86:72:42:49:
         14:ec:8a:59:11:62:f2:9d:70:e2:dc:d1:a9:ab:26:61:f6:74:
         e7:7c:0b:66:d2:e6:64:c3:c4:20:c1:16:a8:80:c0:26:b7:f0:
         1e:c5:cf:2f:eb:83:a2:80:ce:91:53:e0:31:72:12:2d:40:91:
         2d:27:87:6e:19:04:d8:0d:eb:44:8d:9e:b8:45:d1:41:98:d0:
         8b:ad:06:46:4d:10:18:cd:7d:e2:34:b6:4a:72:be:95:11:ba:
         05:d9:51:ac:57:4c:42:03:36:55:c6:d8:aa:d6:6e:15:39:b9:
         7f:5d:15:e4:69:c5:ee:c8:c7:db:cd:a3:ea:69:27:1a:36:85:
         3f:96:b1:47:2c:ad:2f:02:05:7f:23:45:6a:b8:1b:19:f0:1d:
         c0:7e:7a:79:d7:74:b7:a9:5a:c9:98:19:99:59:d9:64:12:58:
         30:99:15:95
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt5ftg5gsLNlHwz5i3P3CjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTkyZGM5Y2JjMWM4MWM3M2E2OWYzMTVhNTMxYjQ3ZjQ0
ZTNjNTQwHhcNMjYwMTAxMTIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2EzMDNjYWMxMWQ0ODNhYTk3YzQyODZjZWM2MTE2ZjkyNDliYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7s76cuRUN9saLA4HxpHsbFm8vDcd
OmwaKQKDdDlSqRyWEnYuUF/dvFCQ4qUP8roIFYmjQJzGUdlbpp0IoMZ02Ud92XMS
1PaJgdp5HEKg5L1faCz9ZARoutdg2ugoA4rtWTmw+BuvwFTvrEvxYSRMEuCXd5zp
kKw1P/IZXiK8B3sCPBtPIU/vfBnzET+GMNAh7W1YzcNa7glkMK1kttnACPUNtOrU
RBYTY9+KGCrCSMn48K7ZrmpA2xLdoMPYXLZ16vmB6JspNj30Q5sxtCFdpGtXCgnN
EJXy1bLi7g5ILfOby3nT7J08ZqDrMqkJ4bgm6HhZ0YsAySYT0c9sm8Sw1wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCejA8rBHUg6qXxChs7GEW+SSbqzMB8GA1UdIwQY
MBaAFE2pLcnLwcgcc6afMVpTG0f0TjxUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFrdHljdkJ5Qnh6cHA4eFdsTWJSX1JPUEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9jNTY3NGUtZGI2MS00NzIyLWI5MjIt
NTM1YmUyNzVlNmY1LzEvSjZNRHlzRWRTRHFwZkVLR3pzWVJiNUpKdXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9jNTY3NGUtZGI2MS00NzIyLWI5MjItNTM1YmUyNzVlNmY1
LzEvVGFrdHljdkJ5Qnh6cHA4eFdsTWJSX1JPUEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMuH0gD
BAAuH0owDQYJKoZIhvcNAQELBQADggEBABnGEw+EnQlfuS8YbtC33jjK+hB6xZIv
IlSt8JwQkTnUqW/W6pHkVzNZW39BbLSLXUa9QgjqtQevo+khzbO94R+8tibMjE9F
T3o4nfjzb+Lr+BQP5FN+hnJCSRTsilkRYvKdcOLc0amrJmH2dOd8C2bS5mTDxCDB
FqiAwCa38B7Fzy/rg6KAzpFT4DFyEi1AkS0nh24ZBNgN60SNnrhF0UGY0IutBkZN
EBjNfeI0tkpyvpURugXZUaxXTEIDNlXG2KrWbhU5uX9dFeRpxe7Ix9vNo+ppJxo2
hT+WsUcsrS8CBX8jRWq4GxnwHcB+ennXdLepWsmYGZlZ2WQSWDCZFZU=
-----END CERTIFICATE-----