Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/7je38sXccZuO9EcIAF6GqZQx9qM.roa
File:                     7je38sXccZuO9EcIAF6GqZQx9qM.roa (raw, json)
Hash identifier:          HzEGiLInnaloCG6SBzDcaDs8y9Pm5Xu2JET7Cqh3Ttg=
Subject key identifier:   EE:37:B7:F2:C5:DC:71:9B:8E:F4:47:08:00:5E:86:A9:94:31:F6:A3
Certificate issuer:       /CN=794f6b59b439d1769932059d198428cb806ae753
Certificate serial:       019D4EB03C434AFABBE2F4F89D6A7945C117
Authority key identifier: 79:4F:6B:59:B4:39:D1:76:99:32:05:9D:19:84:28:CB:80:6A:E7:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/7je38sXccZuO9EcIAF6GqZQx9qM.roa
Signing time:             Thu 02 Apr 2026 14:54:25 +0000
ROA not before:           Thu 02 Apr 2026 14:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205743
IP address blocks:        185.208.4.0/22 maxlen: 24
                          185.208.4.0/23 maxlen: 24
                          185.208.6.0/24 maxlen: 24
                          185.208.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:b0:3c:43:4a:fa:bb:e2:f4:f8:9d:6a:79:45:c1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794f6b59b439d1769932059d198428cb806ae753
        Validity
            Not Before: Apr  2 14:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee37b7f2c5dc719b8ef44708005e86a99431f6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d0:70:a3:22:c1:a8:95:ac:72:a5:fe:1e:2d:
                    68:52:52:31:78:b8:1d:6b:c3:fd:fe:1d:7d:88:2d:
                    27:67:b7:6a:3b:3d:64:6e:15:55:9f:8e:09:f9:ec:
                    ab:ed:23:42:6b:86:23:b2:62:c9:ec:72:b9:2f:76:
                    d0:3f:39:39:ad:a2:d2:0d:dd:b7:a5:7d:f8:0e:de:
                    64:cf:6d:98:0e:34:da:43:50:d5:ac:37:4c:3d:0f:
                    ff:20:be:52:69:76:dc:9b:c8:93:3d:77:cc:6f:4a:
                    b4:8b:73:b4:d7:98:1c:ab:39:27:3a:d4:77:dc:31:
                    be:d1:13:bb:6c:99:4d:92:0b:a4:f4:5c:42:05:46:
                    4f:76:ab:9e:26:d3:73:be:e0:1b:b3:10:95:21:e2:
                    6f:8e:c1:21:10:bb:86:fe:a8:fa:01:ce:14:dc:48:
                    8d:39:6d:32:fe:85:e2:ec:fa:c7:fe:5e:78:5a:74:
                    f1:66:41:29:e7:56:e1:8c:65:06:c7:24:b8:21:74:
                    71:1b:a2:b1:c1:3d:50:15:c2:7f:74:af:e3:f5:50:
                    2c:33:17:58:f2:b2:d6:2e:d1:70:1b:9e:91:63:0f:
                    92:dc:a1:19:e6:58:44:37:b0:7a:56:0a:c7:96:c9:
                    ab:97:89:4a:d4:05:58:1f:ed:33:92:58:57:b6:bf:
                    20:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:37:B7:F2:C5:DC:71:9B:8E:F4:47:08:00:5E:86:A9:94:31:F6:A3
            X509v3 Authority Key Identifier:
                keyid:79:4F:6B:59:B4:39:D1:76:99:32:05:9D:19:84:28:CB:80:6A:E7:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/7je38sXccZuO9EcIAF6GqZQx9qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:f4:2a:d5:08:b8:16:f9:19:3b:f4:f6:02:e2:71:26:f2:e1:
         50:8f:20:61:5e:73:e0:83:04:44:04:e4:6f:f3:8c:65:8c:30:
         cf:86:89:61:90:6e:0a:b1:63:df:35:73:7a:4d:78:e2:3e:77:
         09:20:a2:21:99:7d:e5:a8:ca:c1:a4:32:68:af:40:65:6d:88:
         79:45:c7:f2:c3:46:ee:4b:76:b5:18:88:9c:df:85:5c:d3:12:
         94:8d:2f:cf:4a:f8:e4:32:01:3e:bd:31:f8:a6:8b:a8:e1:18:
         b3:0f:44:f4:86:54:b9:4f:6a:e0:03:ce:55:a5:f6:56:8c:17:
         a3:69:c3:41:6a:65:94:66:36:5f:f6:a8:40:ee:2d:71:9d:24:
         32:e8:2b:7a:d6:c7:5c:22:25:3a:79:46:d7:09:94:31:e6:27:
         b3:7f:71:48:cd:7a:96:e6:49:39:1d:33:a2:07:2b:3b:7a:72:
         fb:cd:49:b0:fb:ec:86:c4:91:e7:b5:f6:02:b3:92:a3:8b:f0:
         1e:09:fe:14:4e:32:31:79:4d:f9:3d:81:cf:d7:42:46:66:39:
         d8:cf:d8:92:a8:44:fc:a8:ad:35:36:ed:d7:ea:73:fa:72:aa:
         ec:95:2a:13:64:3b:ce:de:82:ce:24:bc:9d:2a:8d:0f:9d:f1:
         e3:bf:a7:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1OsDxDSvq74vT4nWp5RcEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NGY2YjU5YjQzOWQxNzY5OTMyMDU5ZDE5ODQyOGNiODA2
YWU3NTMwHhcNMjYwNDAyMTQ1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM3YjdmMmM1ZGM3MTliOGVmNDQ3MDgwMDVlODZhOTk0MzFmNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNBwoyLBqJWscqX+Hi1oUlIxeLgd
a8P9/h19iC0nZ7dqOz1kbhVVn44J+eyr7SNCa4YjsmLJ7HK5L3bQPzk5raLSDd23
pX34Dt5kz22YDjTaQ1DVrDdMPQ//IL5SaXbcm8iTPXfMb0q0i3O015gcqzknOtR3
3DG+0RO7bJlNkguk9FxCBUZPdqueJtNzvuAbsxCVIeJvjsEhELuG/qj6Ac4U3EiN
OW0y/oXi7PrH/l54WnTxZkEp51bhjGUGxyS4IXRxG6KxwT1QFcJ/dK/j9VAsMxdY
8rLWLtFwG56RYw+S3KEZ5lhEN7B6VgrHlsmrl4lK1AVYH+0zklhXtr8gswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO43t/LF3HGbjvRHCABehqmUMfajMB8GA1UdIwQY
MBaAFHlPa1m0OdF2mTIFnRmEKMuAaudTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVU5cldiUTUwWGFaTWdXZEdZUW95NEJxNTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xN2QwYWQtODAxYy00ODE0LWI4OTEt
ZTBhNjUyMDA0ODc4LzEvN2plMzhzWGNjWnVPOUVjSUFGNkdxWlF4OXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xN2QwYWQtODAxYy00ODE0LWI4OTEtZTBhNjUyMDA0ODc4
LzEvZVU5cldiUTUwWGFaTWdXZEdZUW95NEJxNTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudAEMA0G
CSqGSIb3DQEBCwUAA4IBAQCA9CrVCLgW+Rk79PYC4nEm8uFQjyBhXnPggwREBORv
84xljDDPholhkG4KsWPfNXN6TXjiPncJIKIhmX3lqMrBpDJor0BlbYh5Rcfyw0bu
S3a1GIic34Vc0xKUjS/PSvjkMgE+vTH4pouo4RizD0T0hlS5T2rgA85VpfZWjBej
acNBamWUZjZf9qhA7i1xnSQy6Ct61sdcIiU6eUbXCZQx5iezf3FIzXqW5kk5HTOi
Bys7enL7zUmw++yGxJHntfYCs5Kji/AeCf4UTjIxeU35PYHP10JGZjnYz9iSqET8
qK01Nu3X6nP6cqrslSoTZDvO3oLOJLydKo0PnfHjv6dn
-----END CERTIFICATE-----