Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/JgdyZSLi_X3qU3ZvyP9GWKpdO74.roa
File:                     JgdyZSLi_X3qU3ZvyP9GWKpdO74.roa (raw, json)
Hash identifier:          vGubJxspvp/eaW13ArIa5sIF6BGxA2eNPeBTEfU9qPQ=
Subject key identifier:   26:07:72:65:22:E2:FD:7D:EA:53:76:6F:C8:FF:46:58:AA:5D:3B:BE
Certificate issuer:       /CN=b63a3094439cac0f555701286cd54373bce6cb50
Certificate serial:       019DD268F35297171A919296665AC9AB930D
Authority key identifier: B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/JgdyZSLi_X3qU3ZvyP9GWKpdO74.roa
Signing time:             Tue 28 Apr 2026 04:46:26 +0000
ROA not before:           Tue 28 Apr 2026 04:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196925
IP address blocks:        185.127.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d2:68:f3:52:97:17:1a:91:92:96:66:5a:c9:ab:93:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63a3094439cac0f555701286cd54373bce6cb50
        Validity
            Not Before: Apr 28 04:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2607726522e2fd7dea53766fc8ff4658aa5d3bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a2:ed:5e:b4:fc:51:ac:fb:9c:bc:54:7c:8d:
                    a2:82:54:6d:22:b1:3c:a5:26:6e:36:8d:25:3b:34:
                    55:62:d6:7f:b7:d6:01:7f:fc:fb:c0:9e:6f:4f:01:
                    68:e1:b5:27:5c:f0:be:98:2d:20:77:d0:36:2b:90:
                    cd:d3:e7:fd:45:71:9e:5b:1d:9c:30:8d:00:03:42:
                    3a:4d:ab:92:cd:af:38:aa:c1:00:a8:be:b2:74:79:
                    5b:4f:47:db:c7:37:68:9d:19:14:5e:d0:85:73:70:
                    fe:72:1e:58:ad:83:d1:b8:45:21:64:a7:79:da:f2:
                    4d:50:c4:e6:c1:95:a7:15:15:70:4c:94:81:7d:f7:
                    52:ec:3f:21:ef:5b:6b:63:ba:46:37:70:71:d2:a9:
                    35:b3:a0:7d:1d:b2:d3:0d:1f:70:fa:20:61:c5:34:
                    07:05:42:27:b5:6a:c2:06:ab:09:bb:8e:5e:a4:78:
                    9f:93:69:1e:57:25:79:c7:f4:ba:4e:a3:8e:06:60:
                    ff:14:3d:e5:fb:6f:7d:72:6c:15:f6:08:2a:81:56:
                    14:1d:35:c1:73:80:51:38:53:fc:56:00:05:b4:e6:
                    1d:1b:63:f6:41:9a:f0:21:0e:7b:ad:ac:cc:b6:aa:
                    00:9f:90:79:e9:a4:fd:c8:b9:58:6f:9f:4c:2d:b8:
                    53:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:07:72:65:22:E2:FD:7D:EA:53:76:6F:C8:FF:46:58:AA:5D:3B:BE
            X509v3 Authority Key Identifier:
                keyid:B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/JgdyZSLi_X3qU3ZvyP9GWKpdO74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9b:b8:3d:85:86:3b:cc:06:53:49:37:22:a6:eb:14:b6:02:
         51:5e:78:08:ae:55:6b:fc:6f:13:dc:13:6f:57:e1:c8:fa:51:
         a8:47:0a:3a:e8:ef:2b:2e:94:b1:5a:ef:9b:77:fa:a6:3b:ba:
         c8:bf:4d:34:43:ef:ed:16:d8:2c:dc:95:00:e6:73:c0:71:da:
         e2:ac:b7:45:a6:61:db:79:c1:81:50:c9:38:fd:fb:a4:58:78:
         12:4f:74:89:23:3d:05:75:82:b8:89:55:14:d5:64:78:a0:52:
         4e:d1:7a:3b:5e:f8:e2:2c:fb:75:ac:71:43:67:50:1c:f2:b1:
         08:41:06:2a:77:2b:7d:cf:a5:bb:d3:36:a9:20:a9:81:91:5b:
         69:fa:33:b6:0c:53:87:24:4c:3e:1f:ff:e4:c9:3d:85:b4:e9:
         1e:05:2c:45:d9:ad:37:9b:44:0d:b7:1d:c6:b0:fc:e9:48:7e:
         70:a7:86:58:ba:86:e3:c2:92:cd:ec:c0:b6:25:b4:fd:4d:fa:
         5a:e9:7d:84:22:75:c6:51:c7:63:aa:09:a7:73:6a:00:cc:c5:
         56:30:f5:d5:2a:fa:d9:99:10:2e:2e:f1:3e:06:15:27:49:a7:
         17:32:7d:4e:89:b8:ae:93:46:fc:a1:81:5c:13:f3:70:c3:26:
         6c:4f:b6:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3SaPNSlxcakZKWZlrJq5MNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2EzMDk0NDM5Y2FjMGY1NTU3MDEyODZjZDU0MzczYmNl
NmNiNTAwHhcNMjYwNDI4MDQ0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjA3NzI2NTIyZTJmZDdkZWE1Mzc2NmZjOGZmNDY1OGFhNWQzYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqLtXrT8Uaz7nLxUfI2iglRtIrE8
pSZuNo0lOzRVYtZ/t9YBf/z7wJ5vTwFo4bUnXPC+mC0gd9A2K5DN0+f9RXGeWx2c
MI0AA0I6TauSza84qsEAqL6ydHlbT0fbxzdonRkUXtCFc3D+ch5YrYPRuEUhZKd5
2vJNUMTmwZWnFRVwTJSBffdS7D8h71trY7pGN3Bx0qk1s6B9HbLTDR9w+iBhxTQH
BUIntWrCBqsJu45epHifk2keVyV5x/S6TqOOBmD/FD3l+299cmwV9ggqgVYUHTXB
c4BROFP8VgAFtOYdG2P2QZrwIQ57razMtqoAn5B56aT9yLlYb59MLbhTcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYHcmUi4v196lN2b8j/RliqXTu+MB8GA1UdIwQY
MBaAFLY6MJRDnKwPVVcBKGzVQ3O85stQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYt
OWRkZGQ2ODAyMDg4LzEvSmdkeVpTTGlfWDNxVTNadnlQOUdXS3BkTzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYtOWRkZGQ2ODAyMDg4
LzEvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX8oMA0G
CSqGSIb3DQEBCwUAA4IBAQAOm7g9hYY7zAZTSTcipusUtgJRXngIrlVr/G8T3BNv
V+HI+lGoRwo66O8rLpSxWu+bd/qmO7rIv000Q+/tFtgs3JUA5nPAcdrirLdFpmHb
ecGBUMk4/fukWHgST3SJIz0FdYK4iVUU1WR4oFJO0Xo7XvjiLPt1rHFDZ1Ac8rEI
QQYqdyt9z6W70zapIKmBkVtp+jO2DFOHJEw+H//kyT2FtOkeBSxF2a03m0QNtx3G
sPzpSH5wp4ZYuobjwpLN7MC2JbT9Tfpa6X2EInXGUcdjqgmnc2oAzMVWMPXVKvrZ
mRAuLvE+BhUnSacXMn1Oibiuk0b8oYFcE/NwwyZsT7ZB
-----END CERTIFICATE-----