Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/T-DUSJ-O8JuK2PTgLk1errJO3_0.roa
File:                     T-DUSJ-O8JuK2PTgLk1errJO3_0.roa (raw, json)
Hash identifier:          gJp14x3RVojW4Suzi+mnaQxUdouo4FmMOXfOj5Yct9k=
Subject key identifier:   4F:E0:D4:48:9F:8E:F0:9B:8A:D8:F4:E0:2E:4D:5E:AE:B2:4E:DF:FD
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019C2E99BC0E50486936CABD91307807D1B9
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/T-DUSJ-O8JuK2PTgLk1errJO3_0.roa
Signing time:             Thu 05 Feb 2026 16:19:12 +0000
ROA not before:           Thu 05 Feb 2026 16:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137897
IP address blocks:        185.39.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2e:99:bc:0e:50:48:69:36:ca:bd:91:30:78:07:d1:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Feb  5 16:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fe0d4489f8ef09b8ad8f4e02e4d5eaeb24edffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:89:d2:53:8f:d8:83:00:d9:d9:69:3a:d3:28:
                    1f:14:5a:5d:f3:10:20:e5:f5:a4:86:8c:b6:af:a0:
                    66:b7:5d:9e:a1:ce:2a:55:39:b9:39:e9:b4:6a:80:
                    2a:db:1d:a4:cc:91:95:33:c6:27:1f:b8:87:e1:43:
                    77:1f:05:4d:f1:73:fc:57:e0:88:4e:4a:66:85:ed:
                    c7:e8:8d:09:fa:e8:5f:cc:11:68:3d:37:83:66:7f:
                    f8:44:7d:bc:63:11:65:63:92:47:3a:a1:7c:97:86:
                    89:4b:03:fb:3d:31:03:52:2a:c8:62:79:03:7c:b6:
                    f6:0f:b2:6e:1e:8a:e9:65:dc:14:89:2c:69:0a:9a:
                    37:4c:ae:49:0f:76:fc:73:96:71:5c:03:b3:f9:de:
                    f1:40:6b:09:52:57:36:83:32:8d:15:05:83:2d:20:
                    f4:a7:4b:7d:15:4e:a6:ac:16:d6:db:7a:a1:0e:e8:
                    25:2f:c4:62:5f:cb:41:20:86:e1:a6:06:50:db:c4:
                    c3:af:e6:05:0b:9b:34:58:01:cf:b5:63:f2:45:a1:
                    8a:2e:53:ba:89:95:39:15:c3:fa:7b:b7:84:8a:21:
                    63:ac:68:d5:24:7d:db:f4:34:fc:bd:58:c0:70:c8:
                    a0:0f:2e:fd:0a:ec:02:31:ba:04:b8:7a:a8:69:fe:
                    fe:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E0:D4:48:9F:8E:F0:9B:8A:D8:F4:E0:2E:4D:5E:AE:B2:4E:DF:FD
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/T-DUSJ-O8JuK2PTgLk1errJO3_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:6e:89:4f:99:9b:7e:1b:84:86:14:fa:ca:a1:c8:ca:c6:c5:
         f0:a2:9b:51:ff:7c:3f:10:85:de:6a:33:38:27:81:2c:4a:4f:
         03:e0:39:01:06:2f:e1:66:a0:0a:f3:51:cb:03:2b:db:f2:00:
         39:08:ee:13:34:70:9c:f8:2f:30:ad:4c:d0:f3:5c:ac:9d:9a:
         c9:d9:c5:c0:53:35:7c:c7:3f:7c:00:7c:73:68:3f:24:e0:f5:
         2d:cd:ea:a1:6b:d2:82:ca:3f:25:58:72:16:68:2a:b8:5c:40:
         3e:19:45:97:91:c5:31:20:74:54:75:05:be:c1:f8:c1:0a:b1:
         c9:e6:de:8a:91:c2:81:a2:4e:9b:f4:88:ab:5a:75:ca:45:7d:
         4a:ad:fb:16:e3:22:68:37:08:8a:ee:ba:7c:4d:7c:a1:00:62:
         a0:6a:f7:19:69:94:a0:06:fa:27:47:cc:a7:04:8e:79:d6:11:
         bd:8b:dc:0f:d1:b7:a3:62:2d:d9:19:f3:bf:f4:c0:18:03:5d:
         c7:bf:c5:cc:f9:15:da:fa:51:90:67:33:1d:42:68:5b:58:c7:
         89:70:d4:cc:17:6d:41:ed:07:af:3b:50:85:bf:cb:cf:ac:45:
         11:35:c5:86:32:ed:64:31:f9:a2:11:f2:0d:b7:ce:bc:2e:24:
         b7:8c:14:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwumbwOUEhpNsq9kTB4B9G5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjYwMjA1MTYxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmUwZDQ0ODlmOGVmMDliOGFkOGY0ZTAyZTRkNWVhZWIyNGVkZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYnSU4/YgwDZ2Wk60ygfFFpd8xAg
5fWkhoy2r6Bmt12eoc4qVTm5Oem0aoAq2x2kzJGVM8YnH7iH4UN3HwVN8XP8V+CI
Tkpmhe3H6I0J+uhfzBFoPTeDZn/4RH28YxFlY5JHOqF8l4aJSwP7PTEDUirIYnkD
fLb2D7JuHorpZdwUiSxpCpo3TK5JD3b8c5ZxXAOz+d7xQGsJUlc2gzKNFQWDLSD0
p0t9FU6mrBbW23qhDuglL8RiX8tBIIbhpgZQ28TDr+YFC5s0WAHPtWPyRaGKLlO6
iZU5FcP6e7eEiiFjrGjVJH3b9DT8vVjAcMigDy79CuwCMboEuHqoaf7+AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/g1EifjvCbitj04C5NXq6yTt/9MB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvVC1EVVNKLU84SnVLMlBUZ0xrMWVyckpPM18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuScyMA0G
CSqGSIb3DQEBCwUAA4IBAQAgbolPmZt+G4SGFPrKocjKxsXwoptR/3w/EIXeajM4
J4EsSk8D4DkBBi/hZqAK81HLAyvb8gA5CO4TNHCc+C8wrUzQ81ysnZrJ2cXAUzV8
xz98AHxzaD8k4PUtzeqha9KCyj8lWHIWaCq4XEA+GUWXkcUxIHRUdQW+wfjBCrHJ
5t6KkcKBok6b9IirWnXKRX1KrfsW4yJoNwiK7rp8TXyhAGKgavcZaZSgBvonR8yn
BI551hG9i9wP0bejYi3ZGfO/9MAYA13Hv8XM+RXa+lGQZzMdQmhbWMeJcNTMF21B
7QevO1CFv8vPrEURNcWGMu1kMfmiEfINt868LiS3jBTR
-----END CERTIFICATE-----