Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/5xWOoE53hYlem2QN57cUXSMhnsc.roa
File:                     5xWOoE53hYlem2QN57cUXSMhnsc.roa (raw, json)
Hash identifier:          kBC10N6N6UJwL2L4Yxd5v0Rih8FD+3KHXLpOPpfAyu0=
Subject key identifier:   E7:15:8E:A0:4E:77:85:89:5E:9B:64:0D:E7:B7:14:5D:23:21:9E:C7
Certificate issuer:       /CN=6f7c91573c7d14572615d213e4c1998a40dcdb92
Certificate serial:       019D003DA3404265D2C89AD00BF42CAA8A7D
Authority key identifier: 6F:7C:91:57:3C:7D:14:57:26:15:D2:13:E4:C1:99:8A:40:DC:DB:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3yRVzx9FFcmFdIT5MGZikDc25I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/5xWOoE53hYlem2QN57cUXSMhnsc.roa
Signing time:             Wed 18 Mar 2026 09:18:52 +0000
ROA not before:           Wed 18 Mar 2026 09:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202066
IP address blocks:        185.62.228.0/24 maxlen: 24
                          2a13:b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/b3yRVzx9FFcmFdIT5MGZikDc25I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/b3yRVzx9FFcmFdIT5MGZikDc25I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3yRVzx9FFcmFdIT5MGZikDc25I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 12:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:3d:a3:40:42:65:d2:c8:9a:d0:0b:f4:2c:aa:8a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f7c91573c7d14572615d213e4c1998a40dcdb92
        Validity
            Not Before: Mar 18 09:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7158ea04e7785895e9b640de7b7145d23219ec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:61:58:d0:4d:7a:93:7a:63:e6:6a:5a:5b:3e:
                    fc:cb:35:1f:e7:63:f4:c0:f9:9f:9b:9d:a1:d7:fe:
                    4e:e5:52:48:ed:b8:de:d7:0f:a7:44:af:e8:8b:cc:
                    a4:af:2a:dd:60:bb:a5:97:a5:e9:bf:ef:52:26:4e:
                    26:ee:0c:c3:2d:55:fc:67:07:ac:ec:d7:50:2a:31:
                    74:95:f0:82:cb:e1:44:a6:6d:42:9e:eb:a8:14:8a:
                    46:9f:10:3d:2e:d8:a9:f1:46:90:00:e3:8a:24:dd:
                    7f:90:cc:47:d7:26:96:c6:ee:8b:89:0c:9e:b9:b5:
                    05:97:94:f7:00:e4:46:94:3e:0e:ba:d8:63:12:6f:
                    0b:a2:a3:56:70:6c:7e:8d:06:ef:e9:6b:16:f7:d6:
                    6b:e5:f8:80:8a:33:de:e0:a6:e7:b5:21:c3:7b:6f:
                    c3:1a:cb:a1:97:a8:77:6c:d5:82:2e:3c:39:56:d6:
                    c0:d7:30:dc:22:3e:c2:a8:b1:a4:62:16:a7:ff:4f:
                    3f:e0:76:7e:87:01:61:b8:3c:15:c7:81:dc:6c:42:
                    96:45:2d:44:3b:2b:33:0d:10:bf:fa:0b:bf:14:33:
                    b0:ef:83:be:28:28:fe:78:4a:4a:a7:62:7f:cc:25:
                    21:20:4c:62:65:5d:60:6b:b1:a3:23:57:3b:99:78:
                    b7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:15:8E:A0:4E:77:85:89:5E:9B:64:0D:E7:B7:14:5D:23:21:9E:C7
            X509v3 Authority Key Identifier:
                keyid:6F:7C:91:57:3C:7D:14:57:26:15:D2:13:E4:C1:99:8A:40:DC:DB:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3yRVzx9FFcmFdIT5MGZikDc25I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/5xWOoE53hYlem2QN57cUXSMhnsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/9f1f68-d222-4e04-aabb-66132fe8be4d/1/b3yRVzx9FFcmFdIT5MGZikDc25I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.228.0/24
                IPv6:
                  2a13:b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         cd:c9:22:33:87:26:fa:cd:d0:3e:76:f9:c8:77:b3:15:90:72:
         7b:16:61:eb:d4:54:87:73:f8:fb:43:80:a5:00:5c:a7:3a:37:
         8b:18:30:03:19:ae:85:5f:5e:58:bb:64:9c:27:34:b2:14:b2:
         ac:aa:dc:dc:4a:bd:ad:8d:e5:4c:b2:8d:fb:31:72:f6:c8:f2:
         0c:c0:ee:e6:34:e3:76:23:8a:fd:8e:e2:0e:4e:e2:3c:83:d4:
         24:38:ae:9f:d9:d6:c1:ba:1f:19:74:b9:5e:09:12:61:24:ad:
         a7:40:81:c6:d7:0b:86:5f:14:eb:32:ec:ec:73:07:39:03:3a:
         f7:56:47:55:b8:1c:60:07:b9:34:ec:c3:79:16:80:83:8a:f4:
         b1:1d:42:c6:95:b8:89:0b:68:31:72:89:5e:fd:1f:7b:b6:b2:
         ca:8a:cf:54:09:98:3c:a6:71:b5:28:f2:f2:42:05:23:eb:5d:
         a6:92:eb:56:b6:9a:de:21:1d:68:a7:d7:02:bb:4d:ee:e2:b7:
         8f:bf:07:35:9a:84:31:45:21:8d:2c:5a:88:57:be:e4:c7:42:
         90:3f:c3:94:72:30:9c:a0:f4:79:5b:55:b0:69:17:78:ed:65:
         bf:48:03:17:9d:e7:9d:26:f4:f9:b5:d4:7f:7c:a2:6b:e2:30:
         34:8c:8e:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0APaNAQmXSyJrQC/Qsqop9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmN2M5MTU3M2M3ZDE0NTcyNjE1ZDIxM2U0YzE5OThhNDBk
Y2RiOTIwHhcNMjYwMzE4MDkxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzE1OGVhMDRlNzc4NTg5NWU5YjY0MGRlN2I3MTQ1ZDIzMjE5ZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2FY0E16k3pj5mpaWz78yzUf52P0
wPmfm52h1/5O5VJI7bje1w+nRK/oi8ykryrdYLull6Xpv+9SJk4m7gzDLVX8Zwes
7NdQKjF0lfCCy+FEpm1CnuuoFIpGnxA9Ltip8UaQAOOKJN1/kMxH1yaWxu6LiQye
ubUFl5T3AORGlD4OuthjEm8LoqNWcGx+jQbv6WsW99Zr5fiAijPe4KbntSHDe2/D
Gsuhl6h3bNWCLjw5VtbA1zDcIj7CqLGkYhan/08/4HZ+hwFhuDwVx4HcbEKWRS1E
OyszDRC/+gu/FDOw74O+KCj+eEpKp2J/zCUhIExiZV1ga7GjI1c7mXi31QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOcVjqBOd4WJXptkDee3FF0jIZ7HMB8GA1UdIwQY
MBaAFG98kVc8fRRXJhXSE+TBmYpA3NuSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjN5UlZ6eDlGRmNtRmRJVDVNR1ppa0RjMjVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS85ZjFmNjgtZDIyMi00ZTA0LWFhYmIt
NjYxMzJmZThiZTRkLzEvNXhXT29FNTNoWWxlbTJRTjU3Y1VYU01obnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS85ZjFmNjgtZDIyMi00ZTA0LWFhYmItNjYxMzJmZThiZTRk
LzEvYjN5UlZ6eDlGRmNtRmRJVDVNR1ppa0RjMjVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuT7kMA0E
AgACMAcDBQMqEwtAMA0GCSqGSIb3DQEBCwUAA4IBAQDNySIzhyb6zdA+dvnId7MV
kHJ7FmHr1FSHc/j7Q4ClAFynOjeLGDADGa6FX15Yu2ScJzSyFLKsqtzcSr2tjeVM
so37MXL2yPIMwO7mNON2I4r9juIOTuI8g9QkOK6f2dbBuh8ZdLleCRJhJK2nQIHG
1wuGXxTrMuzscwc5Azr3VkdVuBxgB7k07MN5FoCDivSxHULGlbiJC2gxcole/R97
trLKis9UCZg8pnG1KPLyQgUj612mkutWtpreIR1op9cCu03u4rePvwc1moQxRSGN
LFqIV77kx0KQP8OUcjCcoPR5W1WwaRd47WW/SAMXneedJvT5tdR/fKJr4jA0jI41
-----END CERTIFICATE-----