Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n4y5fFhhyEY6wOIzw-EmmMQ6HZ8.roa
File:                     n4y5fFhhyEY6wOIzw-EmmMQ6HZ8.roa (raw, json)
Hash identifier:          kJRuGY5HrKA00jpThhBtWnmTThFZzarkqgZIDAOsjZM=
Subject key identifier:   9F:8C:B9:7C:58:61:C8:46:3A:C0:E2:33:C3:E1:26:98:C4:3A:1D:9F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D0A54EC8AC83ECA0FFFDE816CBFAFB32D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n4y5fFhhyEY6wOIzw-EmmMQ6HZ8.roa
Signing time:             Fri 20 Mar 2026 08:20:30 +0000
ROA not before:           Fri 20 Mar 2026 08:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402133
IP address blocks:        94.183.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:54:ec:8a:c8:3e:ca:0f:ff:de:81:6c:bf:af:b3:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 20 08:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f8cb97c5861c8463ac0e233c3e12698c43a1d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:38:df:8c:66:60:07:d5:d2:67:73:90:f3:49:
                    b6:67:0a:b3:91:19:07:af:7b:e9:b6:84:ab:ba:a1:
                    51:f8:04:13:04:2d:39:06:17:4a:94:8b:af:ac:7f:
                    9d:dd:73:c5:84:e9:dc:4e:5e:98:84:eb:f7:e9:60:
                    ca:11:9c:4f:a8:ac:58:8e:18:f9:eb:56:30:62:39:
                    6c:36:a5:3d:f1:bd:bc:75:6c:c2:10:27:30:b7:de:
                    ce:c9:e6:f2:c4:5c:eb:99:f0:45:e3:c3:8f:6b:d1:
                    0a:a3:a7:1a:65:b4:cc:d5:60:8f:5a:c3:f5:4b:cd:
                    53:76:1c:80:e1:0a:12:0f:2e:a7:2c:4d:55:18:8e:
                    8b:41:e1:d7:84:1f:3a:0c:13:ef:b0:1d:2b:6f:5f:
                    84:44:23:5c:c3:29:69:aa:9d:b5:c4:1e:fd:fc:e4:
                    c3:72:00:47:8e:df:51:41:95:fe:35:5c:67:c6:c3:
                    9d:ce:a3:26:07:24:f2:e0:64:fa:e9:0a:1b:20:83:
                    85:47:4e:40:76:85:f1:76:89:61:11:55:00:cb:66:
                    e6:2c:0c:04:8b:4b:0c:14:78:bf:bb:fa:0a:12:04:
                    bc:e7:93:f9:e3:f7:2d:69:e4:28:28:b8:61:94:e7:
                    31:ef:af:1c:a4:8f:96:ae:40:67:8f:2e:b5:8c:8d:
                    19:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8C:B9:7C:58:61:C8:46:3A:C0:E2:33:C3:E1:26:98:C4:3A:1D:9F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n4y5fFhhyEY6wOIzw-EmmMQ6HZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:75:50:42:2a:68:89:a5:8c:3c:37:83:49:cf:ec:40:45:82:
         68:96:15:c9:3d:13:d7:7d:c6:2c:61:6d:fb:36:d3:26:20:71:
         7a:6a:7c:f8:f3:cb:f1:f1:f2:dc:d8:6e:f9:ec:48:c0:45:75:
         34:c4:e3:9f:4b:00:db:25:da:6d:4c:be:aa:12:8f:25:d5:86:
         b1:49:78:b2:42:1a:91:be:b1:16:2c:b0:96:b5:99:bf:9f:f3:
         b3:c7:3b:33:aa:af:7e:43:ed:43:b5:dc:dc:46:1a:81:21:2a:
         52:3c:5b:21:c3:1e:10:4e:93:28:00:ef:ba:88:be:33:2d:66:
         96:c9:8d:1e:0a:4b:38:91:bb:35:5c:2f:ad:7c:a3:0c:34:24:
         55:47:2a:ac:38:57:cb:e9:db:16:a3:06:5c:b9:c4:d1:57:fc:
         10:a4:c5:25:c1:0b:73:af:82:a9:0f:4b:0b:1b:81:f9:23:87:
         dd:84:fd:95:89:4e:56:12:d0:f3:24:f3:c6:43:62:0e:86:be:
         78:3b:4d:3c:2f:ea:7e:b2:90:16:a2:f6:20:50:08:18:5b:01:
         2b:fb:11:76:93:f3:e4:de:b4:42:4d:96:94:b3:df:ff:1f:ec:
         81:07:1c:0e:26:12:71:4e:7b:58:c5:db:80:55:48:d7:c9:41:
         af:45:1c:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0KVOyKyD7KD//egWy/r7MtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzIwMDgyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjhjYjk3YzU4NjFjODQ2M2FjMGUyMzNjM2UxMjY5OGM0M2ExZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjjfjGZgB9XSZ3OQ80m2ZwqzkRkH
r3vptoSruqFR+AQTBC05BhdKlIuvrH+d3XPFhOncTl6YhOv36WDKEZxPqKxYjhj5
61YwYjlsNqU98b28dWzCECcwt97OyebyxFzrmfBF48OPa9EKo6caZbTM1WCPWsP1
S81TdhyA4QoSDy6nLE1VGI6LQeHXhB86DBPvsB0rb1+ERCNcwylpqp21xB79/OTD
cgBHjt9RQZX+NVxnxsOdzqMmByTy4GT66QobIIOFR05AdoXxdolhEVUAy2bmLAwE
i0sMFHi/u/oKEgS855P54/ctaeQoKLhhlOcx768cpI+WrkBnjy61jI0ZGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+MuXxYYchGOsDiM8PhJpjEOh2fMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbjR5NWZGaGh5RVk2d09JenctRW1tTVE2SFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXreeMA0G
CSqGSIb3DQEBCwUAA4IBAQA7dVBCKmiJpYw8N4NJz+xARYJolhXJPRPXfcYsYW37
NtMmIHF6anz488vx8fLc2G757EjARXU0xOOfSwDbJdptTL6qEo8l1YaxSXiyQhqR
vrEWLLCWtZm/n/Ozxzszqq9+Q+1DtdzcRhqBISpSPFshwx4QTpMoAO+6iL4zLWaW
yY0eCks4kbs1XC+tfKMMNCRVRyqsOFfL6dsWowZcucTRV/wQpMUlwQtzr4KpD0sL
G4H5I4fdhP2ViU5WEtDzJPPGQ2IOhr54O008L+p+spAWovYgUAgYWwEr+xF2k/Pk
3rRCTZaUs9//H+yBBxwOJhJxTntYxduAVUjXyUGvRRzy
-----END CERTIFICATE-----