Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/11YShjM6iG1lgHk0sBIwxGUI_MU.roa
File:                     11YShjM6iG1lgHk0sBIwxGUI_MU.roa (raw, json)
Hash identifier:          zv1LSj4scuwBiIwmG809DfMSYAbVZ65wSUdzZngzxuU=
Subject key identifier:   D7:56:12:86:33:3A:88:6D:65:80:79:34:B0:12:30:C4:65:08:FC:C5
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       019DE3A1463B08CD62150CFC3C5567A8B352
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/11YShjM6iG1lgHk0sBIwxGUI_MU.roa
Signing time:             Fri 01 May 2026 13:01:30 +0000
ROA not before:           Fri 01 May 2026 13:01:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        85.28.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:a1:46:3b:08:cd:62:15:0c:fc:3c:55:67:a8:b3:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: May  1 13:01:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7561286333a886d65807934b01230c46508fcc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5d:91:fb:fc:6d:e5:79:17:ba:cd:09:15:be:
                    eb:93:ea:f9:4c:34:7d:d0:2c:e7:e6:ad:12:82:29:
                    a2:5c:e3:3c:6d:3d:3d:c0:a0:44:de:d0:e2:f6:f0:
                    57:6e:43:80:46:bd:7a:3a:1f:85:27:a5:12:6f:e6:
                    c4:35:a2:60:69:b8:c7:1d:8f:06:07:62:65:47:06:
                    de:b1:7d:c9:00:b0:3a:51:e6:30:5f:69:ab:3c:d3:
                    3b:ee:24:67:8c:fb:b3:db:d4:1c:88:b6:f8:a0:4e:
                    6f:e3:2f:39:f2:23:2e:88:eb:1f:f2:8a:21:fb:db:
                    ee:6d:c7:7c:59:ef:f0:87:3d:fe:5c:60:63:62:2b:
                    00:5a:f6:4b:e2:db:78:a9:3c:4b:6b:3d:86:81:8e:
                    99:c0:4b:d3:bf:8a:99:00:c4:a3:a3:ba:66:49:f2:
                    5f:f3:8f:38:89:52:92:62:3f:81:15:a6:94:b3:3e:
                    78:2f:2d:bf:d4:42:b7:f5:4d:76:6c:ad:57:26:cc:
                    7b:00:1a:b1:6d:d9:a9:84:85:f0:9f:15:f5:7b:00:
                    44:0c:8b:53:b3:c3:1e:21:6f:ac:2f:64:50:e8:cf:
                    fe:10:31:a1:95:45:73:5e:66:27:15:5f:76:da:04:
                    28:aa:ae:22:05:be:af:5c:35:16:e8:c5:e8:15:82:
                    87:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:56:12:86:33:3A:88:6D:65:80:79:34:B0:12:30:C4:65:08:FC:C5
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/11YShjM6iG1lgHk0sBIwxGUI_MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ac:db:b6:4b:57:d3:a1:f2:2f:7a:f0:e9:7c:1a:a9:18:3c:
         1a:34:77:7b:1e:32:ec:41:01:29:d5:9d:a5:19:39:68:ae:b7:
         e2:dd:b0:7b:c6:af:31:29:c9:11:b6:75:b2:9b:a1:e2:08:45:
         ed:59:de:29:35:07:5c:f1:e1:12:4c:4b:20:27:49:7e:ee:d9:
         52:d7:b5:bd:a7:e8:c5:4c:96:49:a1:ef:88:78:bf:3e:4a:5e:
         33:18:6a:01:2c:46:a3:8e:20:07:43:46:06:e6:b9:4b:b7:b6:
         ac:de:0f:f9:8d:ce:45:b7:ac:a6:75:8e:81:6c:7b:47:6f:06:
         c8:30:09:36:30:5d:ac:2a:ea:87:6b:9c:05:ca:96:09:0d:92:
         c0:50:e7:ce:27:52:e2:23:ea:fb:c8:fa:2f:ab:25:dc:1e:ff:
         dd:03:08:8b:fa:64:38:d4:14:fd:23:4a:ba:25:93:01:f3:10:
         1a:28:bd:cd:2f:2e:92:36:f6:ad:c4:b5:b3:15:04:db:19:7e:
         35:83:45:5a:3a:d6:22:84:ad:27:8d:c2:b7:25:04:e3:44:24:
         a9:93:d5:bd:48:d4:76:88:31:0d:b7:91:64:b3:e8:7e:10:f8:
         b1:68:8d:53:e3:01:02:26:26:95:c4:b9:11:85:90:7d:1b:46:
         c7:9e:e4:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3joUY7CM1iFQz8PFVnqLNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjYwNTAxMTMwMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU2MTI4NjMzM2E4ODZkNjU4MDc5MzRiMDEyMzBjNDY1MDhmY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl12R+/xt5XkXus0JFb7rk+r5TDR9
0Czn5q0SgimiXOM8bT09wKBE3tDi9vBXbkOARr16Oh+FJ6USb+bENaJgabjHHY8G
B2JlRwbesX3JALA6UeYwX2mrPNM77iRnjPuz29QciLb4oE5v4y858iMuiOsf8ooh
+9vubcd8We/whz3+XGBjYisAWvZL4tt4qTxLaz2GgY6ZwEvTv4qZAMSjo7pmSfJf
8484iVKSYj+BFaaUsz54Ly2/1EK39U12bK1XJsx7ABqxbdmphIXwnxX1ewBEDItT
s8MeIW+sL2RQ6M/+EDGhlUVzXmYnFV922gQoqq4iBb6vXDUW6MXoFYKHtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdWEoYzOohtZYB5NLASMMRlCPzFMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvMTFZU2hqTTZpRzFsZ0hrMHNCSXd4R1VJX01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVRwvMA0G
CSqGSIb3DQEBCwUAA4IBAQB8rNu2S1fTofIvevDpfBqpGDwaNHd7HjLsQQEp1Z2l
GTlorrfi3bB7xq8xKckRtnWym6HiCEXtWd4pNQdc8eESTEsgJ0l+7tlS17W9p+jF
TJZJoe+IeL8+Sl4zGGoBLEajjiAHQ0YG5rlLt7as3g/5jc5Ft6ymdY6BbHtHbwbI
MAk2MF2sKuqHa5wFypYJDZLAUOfOJ1LiI+r7yPovqyXcHv/dAwiL+mQ41BT9I0q6
JZMB8xAaKL3NLy6SNvatxLWzFQTbGX41g0VaOtYihK0njcK3JQTjRCSpk9W9SNR2
iDENt5Fks+h+EPixaI1T4wECJiaVxLkRhZB9G0bHnuQ2
-----END CERTIFICATE-----