Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ulevrjdG84PyAEw2XIVUVcPHCk8.roa
File:                     ulevrjdG84PyAEw2XIVUVcPHCk8.roa (raw, json)
Hash identifier:          3Q60+cTrF0CLxyPchKTvHU+bYI4wsJGncyWLEGOrjTs=
Subject key identifier:   BA:57:AF:AE:37:46:F3:83:F2:00:4C:36:5C:85:54:55:C3:C7:0A:4F
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019E303CE259523E02F036D3E2F25EE2D8C4
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ulevrjdG84PyAEw2XIVUVcPHCk8.roa
Signing time:             Sat 16 May 2026 10:02:36 +0000
ROA not before:           Sat 16 May 2026 10:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198189
IP address blocks:        176.65.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 18:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:3c:e2:59:52:3e:02:f0:36:d3:e2:f2:5e:e2:d8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: May 16 10:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba57afae3746f383f2004c365c855455c3c70a4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b1:24:4d:19:f5:fa:f7:e3:8d:49:82:3a:6d:
                    41:c2:ee:c6:82:01:e4:d9:af:bb:79:6a:5f:7d:06:
                    98:4f:ed:a4:44:9b:c9:7f:65:57:b1:ea:2f:46:32:
                    cf:83:e3:82:2c:07:ff:2b:58:5a:9c:63:41:22:a0:
                    1b:1f:69:26:15:dd:84:13:e2:26:5f:21:87:55:6f:
                    02:5f:51:51:5f:c9:5d:73:e3:c6:fc:39:b3:3c:6e:
                    b4:38:32:eb:c3:be:b3:8f:76:24:59:a9:8e:39:2b:
                    8d:d1:f1:24:8e:1a:dd:a6:cc:7d:3c:c2:9e:92:70:
                    03:af:93:7d:ad:0b:ae:51:9f:a2:61:e6:71:23:0e:
                    48:88:e6:9e:73:92:d4:23:73:28:12:7c:ab:59:ad:
                    ee:a9:63:5a:0d:60:f3:13:6c:08:e2:52:c6:01:1c:
                    6a:72:21:b4:e0:45:e9:12:09:47:78:e8:98:b5:d3:
                    53:e1:3a:d4:cd:c0:68:da:c1:2c:f3:66:d4:8d:b1:
                    19:de:b0:18:72:74:72:f6:29:2c:49:7d:9c:d5:ac:
                    75:a9:00:e3:af:dc:37:f1:da:4d:1d:a9:01:6c:bc:
                    f4:a0:7c:bc:d2:2e:9f:9b:ee:6a:6f:bf:f8:36:6f:
                    04:ba:2d:02:84:95:96:d5:48:4a:5a:70:ec:1f:98:
                    01:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:57:AF:AE:37:46:F3:83:F2:00:4C:36:5C:85:54:55:C3:C7:0A:4F
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/ulevrjdG84PyAEw2XIVUVcPHCk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:fa:9f:ea:32:28:f5:b0:2a:4f:31:82:c7:46:e7:00:7d:6a:
         ff:ba:c5:57:01:01:d9:52:57:70:41:b3:dc:3f:16:59:48:2c:
         20:ba:c4:60:22:cf:b0:41:b9:47:51:6d:48:23:38:5d:7b:3d:
         ca:9b:f2:a8:b4:ef:73:bb:f8:1d:28:64:71:c7:d2:d8:16:e3:
         74:bb:6e:78:47:0f:8f:2e:c5:1c:55:da:5c:d7:26:16:fc:e2:
         1d:87:81:f2:94:62:54:4a:07:dc:b5:56:d0:b0:6f:f6:73:13:
         06:9a:d2:51:dd:3a:2d:7d:41:f4:57:7e:0c:c2:ad:4e:18:cd:
         13:c7:13:3b:e9:26:05:68:d9:72:3c:36:fe:5d:4f:12:1e:82:
         e0:c8:2d:3f:73:d0:01:3f:78:e4:a9:94:9f:a7:a2:f0:3a:d6:
         16:5f:9f:5d:d4:d0:f3:45:cb:a0:9f:ea:83:6e:92:b6:69:64:
         66:34:53:a1:de:c2:9c:65:fc:3e:8c:e5:be:ab:65:da:75:19:
         b4:2d:80:b3:f8:09:57:17:6d:d6:9c:6f:65:40:b1:59:5b:e1:
         01:85:62:3d:33:63:df:00:66:3b:e3:b6:48:67:44:2c:84:e2:
         cf:84:61:2d:e1:97:b8:32:77:cd:f0:83:f0:57:38:6c:f5:2b:
         72:15:95:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4wPOJZUj4C8DbT4vJe4tjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwNTE2MTAwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTU3YWZhZTM3NDZmMzgzZjIwMDRjMzY1Yzg1NTQ1NWMzYzcwYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7EkTRn1+vfjjUmCOm1Bwu7GggHk
2a+7eWpffQaYT+2kRJvJf2VXseovRjLPg+OCLAf/K1hanGNBIqAbH2kmFd2EE+Im
XyGHVW8CX1FRX8ldc+PG/DmzPG60ODLrw76zj3YkWamOOSuN0fEkjhrdpsx9PMKe
knADr5N9rQuuUZ+iYeZxIw5IiOaec5LUI3MoEnyrWa3uqWNaDWDzE2wI4lLGARxq
ciG04EXpEglHeOiYtdNT4TrUzcBo2sEs82bUjbEZ3rAYcnRy9iksSX2c1ax1qQDj
r9w38dpNHakBbLz0oHy80i6fm+5qb7/4Nm8Eui0ChJWW1UhKWnDsH5gB7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpXr643RvOD8gBMNlyFVFXDxwpPMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvdWxldnJqZEc4NFB5QUV3MlhJVlVWY1BIQ2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGOMA0G
CSqGSIb3DQEBCwUAA4IBAQBd+p/qMij1sCpPMYLHRucAfWr/usVXAQHZUldwQbPc
PxZZSCwgusRgIs+wQblHUW1IIzhdez3Km/KotO9zu/gdKGRxx9LYFuN0u254Rw+P
LsUcVdpc1yYW/OIdh4HylGJUSgfctVbQsG/2cxMGmtJR3TotfUH0V34Mwq1OGM0T
xxM76SYFaNlyPDb+XU8SHoLgyC0/c9ABP3jkqZSfp6LwOtYWX59d1NDzRcugn+qD
bpK2aWRmNFOh3sKcZfw+jOW+q2XadRm0LYCz+AlXF23WnG9lQLFZW+EBhWI9M2Pf
AGY747ZIZ0QshOLPhGEt4Ze4MnfN8IPwVzhs9StyFZUx
-----END CERTIFICATE-----