Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/av_HZf6EAwlDsvNiqOK233RQvoM.roa
File:                     av_HZf6EAwlDsvNiqOK233RQvoM.roa (raw, json)
Hash identifier:          GY5qM+O2sWQRx1EcDLewr4LGFVQxjYE9jkUci4HJmic=
Subject key identifier:   6A:FF:C7:65:FE:84:03:09:43:B2:F3:62:A8:E2:B6:DF:74:50:BE:83
Certificate issuer:       /CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
Certificate serial:       019DF22ED698AB0630C12883936AC525215B
Authority key identifier: E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/av_HZf6EAwlDsvNiqOK233RQvoM.roa
Signing time:             Mon 04 May 2026 08:50:49 +0000
ROA not before:           Mon 04 May 2026 08:50:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200725
IP address blocks:        185.90.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:2e:d6:98:ab:06:30:c1:28:83:93:6a:c5:25:21:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
        Validity
            Not Before: May  4 08:50:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6affc765fe84030943b2f362a8e2b6df7450be83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fc:0a:21:03:c2:53:81:b6:f8:f8:63:f7:27:
                    ea:5c:cb:5b:89:c8:78:92:a8:9f:ab:a5:34:9e:1b:
                    51:09:46:26:98:23:7e:bc:ff:d9:29:8f:71:a5:b1:
                    48:ec:5c:ba:b9:36:f3:5d:c3:06:c9:8d:b6:41:d2:
                    8e:b3:e3:47:8a:26:01:3d:76:8d:f5:52:55:b5:64:
                    61:c7:d6:25:7b:16:95:f1:9c:6d:cb:f0:63:ab:13:
                    6b:4b:a0:3f:1b:37:8d:4b:f0:28:f5:d6:95:1c:fb:
                    0b:06:9b:e0:d6:af:32:9d:e9:ef:b2:16:f5:54:55:
                    ee:f7:77:e6:4e:ba:5a:86:fb:be:0e:ea:71:85:3b:
                    73:15:8b:2a:60:0c:8f:57:07:56:47:ff:5b:7b:18:
                    53:32:fd:99:65:1b:90:58:c3:c9:d8:79:f1:9c:d7:
                    99:d4:26:99:ac:80:99:9d:4a:71:86:32:ca:f3:5b:
                    2b:c7:67:2d:dd:0e:80:2c:37:36:6c:e4:1a:18:ef:
                    36:ce:ff:54:c2:61:97:65:98:8e:aa:6e:9a:23:28:
                    25:f7:3d:f8:0d:89:ed:0c:18:da:2f:16:5c:0f:d0:
                    ab:f7:b2:ba:27:f8:31:de:fd:cb:3d:e2:1e:a4:e9:
                    94:50:20:a0:8d:f7:ed:3d:a0:73:72:64:0d:9d:b6:
                    12:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FF:C7:65:FE:84:03:09:43:B2:F3:62:A8:E2:B6:DF:74:50:BE:83
            X509v3 Authority Key Identifier:
                keyid:E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/av_HZf6EAwlDsvNiqOK233RQvoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3d:c2:55:58:76:54:ae:1a:d5:eb:6e:38:4e:71:40:91:65:
         dd:40:a1:a4:5d:29:ca:95:0a:f5:5a:19:9e:64:7c:c3:b2:27:
         7d:75:64:13:5e:83:a4:e9:f8:fd:0b:d1:58:eb:78:cb:50:0e:
         8a:2f:a9:7a:d6:99:4b:02:0d:57:29:0e:dd:77:0a:a6:73:07:
         4d:33:27:f6:db:c5:7c:92:af:71:94:b7:d8:d3:d7:12:f9:9d:
         ae:25:55:b6:d4:70:76:a5:2f:b1:84:66:1d:06:5e:47:85:bb:
         2e:27:0e:54:07:43:07:c8:34:cd:6a:60:f4:98:95:5f:44:2e:
         c0:65:fb:7b:10:17:4c:a2:f6:9e:eb:ec:b8:a2:bd:bc:c8:b9:
         f2:35:66:f6:36:9a:d5:3e:83:6f:bc:2c:00:87:b6:31:ee:51:
         4b:6b:8a:0b:8f:c4:ed:b8:b2:d8:0b:bf:ff:91:34:d8:62:db:
         01:14:80:89:48:27:16:cd:95:e5:31:85:fb:74:98:cf:d5:27:
         5f:83:a9:59:88:93:32:6d:2d:31:4d:3f:d8:fb:5c:0d:4e:41:
         12:51:86:ec:98:cb:c9:3a:c4:3c:17:5c:2f:c3:c9:7d:26:cf:
         1d:e7:84:c6:aa:53:52:c6:f7:15:db:89:4e:65:62:f2:3f:99:
         8f:f6:0e:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3yLtaYqwYwwSiDk2rFJSFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZjJhODY2MjAyZjRiOGNiYzMzMzgyZDZlODJkODFkODk2
NGM4MGUwHhcNMjYwNTA0MDg1MDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZmYzc2NWZlODQwMzA5NDNiMmYzNjJhOGUyYjZkZjc0NTBiZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/wKIQPCU4G2+Phj9yfqXMtbich4
kqifq6U0nhtRCUYmmCN+vP/ZKY9xpbFI7Fy6uTbzXcMGyY22QdKOs+NHiiYBPXaN
9VJVtWRhx9YlexaV8Zxty/BjqxNrS6A/GzeNS/Ao9daVHPsLBpvg1q8ynenvshb1
VFXu93fmTrpahvu+DupxhTtzFYsqYAyPVwdWR/9bexhTMv2ZZRuQWMPJ2HnxnNeZ
1CaZrICZnUpxhjLK81srx2ct3Q6ALDc2bOQaGO82zv9UwmGXZZiOqm6aIygl9z34
DYntDBjaLxZcD9Cr97K6J/gx3v3LPeIepOmUUCCgjfftPaBzcmQNnbYSsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGr/x2X+hAMJQ7LzYqjitt90UL6DMB8GA1UdIwQY
MBaAFOTyqGYgL0uMvDM4LW6C2B2JZMgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVBLb1ppQXZTNHk4TXpndGJvTFlIWWxreUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84NzkxYTEtZTY3OS00NjYzLWEyZGEt
MWE1MTNkZjA2OWZjLzEvYXZfSFpmNkVBd2xEc3ZOaXFPSzIzM1JRdm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84NzkxYTEtZTY3OS00NjYzLWEyZGEtMWE1MTNkZjA2OWZj
LzEvNVBLb1ppQXZTNHk4TXpndGJvTFlIWWxreUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVqRMA0G
CSqGSIb3DQEBCwUAA4IBAQCBPcJVWHZUrhrV6244TnFAkWXdQKGkXSnKlQr1Whme
ZHzDsid9dWQTXoOk6fj9C9FY63jLUA6KL6l61plLAg1XKQ7ddwqmcwdNMyf228V8
kq9xlLfY09cS+Z2uJVW21HB2pS+xhGYdBl5HhbsuJw5UB0MHyDTNamD0mJVfRC7A
Zft7EBdMovae6+y4or28yLnyNWb2NprVPoNvvCwAh7Yx7lFLa4oLj8TtuLLYC7//
kTTYYtsBFICJSCcWzZXlMYX7dJjP1Sdfg6lZiJMybS0xTT/Y+1wNTkESUYbsmMvJ
OsQ8F1wvw8l9Js8d54TGqlNSxvcV24lOZWLyP5mP9g5k
-----END CERTIFICATE-----