Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/clkF2P0htvD3ScAO-BGKifsM5nw.roa
File:                     clkF2P0htvD3ScAO-BGKifsM5nw.roa (raw, json)
Hash identifier:          QiXVCeLiXBKDiXYKpdYfPp51yHMRkY0ijWW3Ddj3msQ=
Subject key identifier:   72:59:05:D8:FD:21:B6:F0:F7:49:C0:0E:F8:11:8A:89:FB:0C:E6:7C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DE99331146F7329EEA49D88E7C6DB9EE3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/clkF2P0htvD3ScAO-BGKifsM5nw.roa
Signing time:             Sat 02 May 2026 16:43:50 +0000
ROA not before:           Sat 02 May 2026 16:43:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205536
IP address blocks:        94.183.175.0/24 maxlen: 24
                          94.183.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e9:93:31:14:6f:73:29:ee:a4:9d:88:e7:c6:db:9e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  2 16:43:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=725905d8fd21b6f0f749c00ef8118a89fb0ce67c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:69:c5:ce:e5:f2:32:d0:13:db:5a:0b:68:e4:
                    25:28:50:b9:c5:a3:74:08:fc:7f:6a:2b:33:c7:0d:
                    36:62:e8:c1:26:a5:53:7b:6d:47:05:1e:e7:c4:35:
                    ef:72:ea:4e:08:8b:2a:3c:bc:74:f5:c1:63:21:02:
                    1d:ee:a3:ee:42:5c:25:a3:0a:46:d5:8e:68:c9:cc:
                    10:00:31:d2:09:93:d6:72:94:1e:dd:61:8d:af:4f:
                    98:90:d3:dc:8b:19:e7:b3:11:9c:c0:22:cf:cb:05:
                    5a:45:4e:3f:ac:94:7a:b3:e3:14:40:7f:85:50:50:
                    1f:2a:3a:85:ec:dd:73:df:4f:2a:23:6b:fb:4e:50:
                    5e:7e:fc:6d:66:fc:10:ca:8e:72:5e:a9:94:04:d7:
                    75:d0:eb:74:7d:7b:45:24:0c:b2:74:c0:8a:d1:b0:
                    c2:49:97:82:3c:3e:8d:56:0e:15:53:ef:2c:4c:71:
                    63:3f:0b:83:a6:c9:a2:0e:b5:a0:c7:6e:de:a4:2f:
                    ad:98:5b:ce:d9:44:01:94:9e:5b:4c:70:a2:83:1d:
                    fe:f5:ce:3c:e0:d7:e8:cc:c6:87:d9:1c:a5:9f:10:
                    f1:fa:26:ac:cb:3e:ff:6d:2c:1d:90:6c:c6:04:88:
                    2e:42:c4:42:55:5c:56:8d:cd:54:88:25:d9:77:ac:
                    2e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:59:05:D8:FD:21:B6:F0:F7:49:C0:0E:F8:11:8A:89:FB:0C:E6:7C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/clkF2P0htvD3ScAO-BGKifsM5nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.175.0/24
                  94.183.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:79:9d:4f:3f:b0:43:00:89:e1:d7:df:a4:22:09:25:b7:a1:
         b3:b1:91:a6:7d:9b:8e:ab:64:d6:bc:d5:c3:45:46:a9:28:ac:
         56:6c:13:fd:38:d8:bb:a4:1d:36:a4:e5:26:a2:d0:f0:5c:6b:
         8c:a8:a3:c5:e8:fa:fa:2e:43:75:cc:2a:89:ee:3b:a3:ec:06:
         b4:a7:9b:5f:f4:7a:66:84:22:44:db:e9:42:4f:91:ec:bf:01:
         50:f4:53:bd:62:db:ef:f7:ae:9c:11:c1:64:c7:81:0c:f3:eb:
         c6:1b:9a:02:80:7d:3c:b1:f9:8c:27:c6:4a:09:5f:64:2f:36:
         80:30:b5:03:d1:a9:d6:1d:27:87:2a:48:11:6c:ce:30:72:ce:
         3c:fd:47:6c:08:89:d7:c0:3f:f3:7b:64:34:7c:c1:39:8f:b5:
         d9:4a:81:71:52:ec:85:e4:44:02:ae:05:ac:44:3e:6d:f6:29:
         74:49:38:73:9b:31:6e:d6:c4:b5:92:09:31:8c:1b:a0:c9:6c:
         02:3a:4a:16:9e:f1:32:da:9e:d7:4c:ae:ef:8c:00:c4:92:e3:
         4b:4b:f0:48:49:af:73:31:5f:5a:7f:63:a4:72:de:10:15:86:
         8a:b1:ed:41:f8:e8:a1:d6:b4:c6:8a:ad:db:4d:15:b5:3e:f3:
         3f:cc:da:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3pkzEUb3Mp7qSdiOfG257jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTAyMTY0MzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU5MDVkOGZkMjFiNmYwZjc0OWMwMGVmODExOGE4OWZiMGNlNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWnFzuXyMtAT21oLaOQlKFC5xaN0
CPx/aiszxw02YujBJqVTe21HBR7nxDXvcupOCIsqPLx09cFjIQId7qPuQlwlowpG
1Y5oycwQADHSCZPWcpQe3WGNr0+YkNPcixnnsxGcwCLPywVaRU4/rJR6s+MUQH+F
UFAfKjqF7N1z308qI2v7TlBefvxtZvwQyo5yXqmUBNd10Ot0fXtFJAyydMCK0bDC
SZeCPD6NVg4VU+8sTHFjPwuDpsmiDrWgx27epC+tmFvO2UQBlJ5bTHCigx3+9c48
4NfozMaH2RylnxDx+iasyz7/bSwdkGzGBIguQsRCVVxWjc1UiCXZd6wu8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJZBdj9Ibbw90nADvgRion7DOZ8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2xrRjJQMGh0dkQzU2NBTy1CR0tpZnNNNW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrevAwQA
XrfnMA0GCSqGSIb3DQEBCwUAA4IBAQCQeZ1PP7BDAInh19+kIgklt6GzsZGmfZuO
q2TWvNXDRUapKKxWbBP9ONi7pB02pOUmotDwXGuMqKPF6Pr6LkN1zCqJ7juj7Aa0
p5tf9HpmhCJE2+lCT5HsvwFQ9FO9Ytvv966cEcFkx4EM8+vGG5oCgH08sfmMJ8ZK
CV9kLzaAMLUD0anWHSeHKkgRbM4wcs48/UdsCInXwD/ze2Q0fME5j7XZSoFxUuyF
5EQCrgWsRD5t9il0SThzmzFu1sS1kgkxjBugyWwCOkoWnvEy2p7XTK7vjADEkuNL
S/BISa9zMV9af2Okct4QFYaKse1B+Oih1rTGiq3bTRW1PvM/zNpZ
-----END CERTIFICATE-----