Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/JMUe3al0pklathcu47XaPUqkjyY.roa
File:                     JMUe3al0pklathcu47XaPUqkjyY.roa (raw, json)
Hash identifier:          WrIFwPH2vXkQmPfNJ4EO/lLH8xEpJfsA80i818mNAGc=
Subject key identifier:   24:C5:1E:DD:A9:74:A6:49:5A:B6:17:2E:E3:B5:DA:3D:4A:A4:8F:26
Certificate issuer:       /CN=e10d5c29a3439703d89b5abf03a75d861771bef4
Certificate serial:       019D3EC5199355009A66B14B7FD489D0200E
Authority key identifier: E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/JMUe3al0pklathcu47XaPUqkjyY.roa
Signing time:             Mon 30 Mar 2026 12:43:17 +0000
ROA not before:           Mon 30 Mar 2026 12:43:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200791
IP address blocks:        188.119.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:c5:19:93:55:00:9a:66:b1:4b:7f:d4:89:d0:20:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10d5c29a3439703d89b5abf03a75d861771bef4
        Validity
            Not Before: Mar 30 12:43:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24c51edda974a6495ab6172ee3b5da3d4aa48f26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f4:c8:73:42:a0:e5:ab:73:a6:ab:5f:f4:58:
                    de:ce:ea:e3:cf:43:75:f4:f0:30:82:85:2b:d8:73:
                    bc:9c:1e:80:4b:e7:59:17:00:85:52:ab:bf:5c:aa:
                    15:af:f3:86:86:26:15:cc:c1:66:60:a1:26:0d:34:
                    a0:62:79:3d:34:98:81:b0:34:f7:1b:e9:6c:93:19:
                    83:2c:19:c1:a7:59:53:28:e3:95:e7:72:32:89:81:
                    cf:23:a4:b4:9d:5d:65:67:0b:24:5f:09:34:0c:5f:
                    b2:ea:4c:20:cd:e9:b2:29:18:65:96:3b:1b:68:05:
                    dc:b1:8e:1d:76:33:3f:17:15:fe:ac:ab:8c:48:bf:
                    f5:ce:f8:78:9c:a7:e5:82:5b:10:a8:73:80:93:e1:
                    e9:41:a6:38:5b:8b:70:8e:04:18:f5:08:eb:07:6d:
                    95:50:c0:c3:4b:1a:d6:dc:65:d8:45:b4:38:aa:a2:
                    9f:a5:72:ec:37:2f:e6:d1:21:3f:a3:89:20:44:ef:
                    13:c4:ff:f0:40:5f:1b:3c:50:d8:b7:4b:d7:18:06:
                    49:47:f6:e8:f4:b8:e8:a8:01:f3:7c:dd:5c:a1:ff:
                    7b:6a:44:42:7a:28:aa:5f:5a:d8:e3:21:5d:31:20:
                    56:5c:f0:cc:e9:0f:d7:be:c8:a9:25:31:da:5b:e1:
                    18:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C5:1E:DD:A9:74:A6:49:5A:B6:17:2E:E3:B5:DA:3D:4A:A4:8F:26
            X509v3 Authority Key Identifier:
                keyid:E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/JMUe3al0pklathcu47XaPUqkjyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d8:17:ee:91:f0:2f:3a:83:69:6a:b4:dc:9f:66:92:49:9e:
         ac:6c:78:74:c2:95:76:f3:ef:eb:61:1f:d8:85:42:19:e2:df:
         b6:2c:7f:0b:9b:91:30:e9:85:f9:7d:ce:cf:ea:1d:5d:3e:b4:
         03:e9:54:d1:93:f1:b8:f7:6e:74:dd:b1:03:05:c4:fd:8c:f9:
         36:f6:ad:62:81:af:6f:c5:f1:e6:09:53:5b:1f:9e:5d:7b:58:
         87:a3:88:25:f8:9f:2e:19:cb:bd:d7:31:59:53:af:ca:58:cc:
         86:16:ae:81:42:76:ae:a3:87:9f:1e:a6:2b:24:ac:e3:a0:57:
         fe:5f:36:1c:15:5e:84:f5:83:46:ba:f5:88:20:d8:e5:42:49:
         a0:c4:45:5f:a6:21:14:06:e7:09:6a:8c:11:b8:06:f7:97:24:
         55:a6:d1:92:f4:79:13:49:59:61:7a:78:07:cc:8b:e2:5e:c2:
         2c:d2:e9:66:15:d4:a7:f8:55:a5:d0:18:d2:2a:8a:ac:b2:cf:
         45:a1:48:b5:83:da:c7:25:62:08:b1:8e:24:98:dd:58:5e:46:
         71:af:5b:6f:fd:2f:e2:82:f2:36:b4:25:5a:43:98:75:5e:c8:
         15:18:ca:43:27:a7:82:18:00:88:56:3b:7e:44:66:cb:69:24:
         2b:3b:fa:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+xRmTVQCaZrFLf9SJ0CAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGQ1YzI5YTM0Mzk3MDNkODliNWFiZjAzYTc1ZDg2MTc3
MWJlZjQwHhcNMjYwMzMwMTI0MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM1MWVkZGE5NzRhNjQ5NWFiNjE3MmVlM2I1ZGEzZDRhYTQ4ZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/TIc0Kg5atzpqtf9Fjezurjz0N1
9PAwgoUr2HO8nB6AS+dZFwCFUqu/XKoVr/OGhiYVzMFmYKEmDTSgYnk9NJiBsDT3
G+lskxmDLBnBp1lTKOOV53IyiYHPI6S0nV1lZwskXwk0DF+y6kwgzemyKRhlljsb
aAXcsY4ddjM/FxX+rKuMSL/1zvh4nKflglsQqHOAk+HpQaY4W4twjgQY9QjrB22V
UMDDSxrW3GXYRbQ4qqKfpXLsNy/m0SE/o4kgRO8TxP/wQF8bPFDYt0vXGAZJR/bo
9LjoqAHzfN1cof97akRCeiiqX1rY4yFdMSBWXPDM6Q/XvsipJTHaW+EYLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTFHt2pdKZJWrYXLuO12j1KpI8mMB8GA1UdIwQY
MBaAFOENXCmjQ5cD2JtavwOnXYYXcb70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWIt
ZTQyYTU4MDY0YTYzLzEvSk1VZTNhbDBwa2xhdGhjdTQ3WGFQVXFranlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWItZTQyYTU4MDY0YTYz
LzEvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHcKMA0G
CSqGSIb3DQEBCwUAA4IBAQCK2BfukfAvOoNparTcn2aSSZ6sbHh0wpV28+/rYR/Y
hUIZ4t+2LH8Lm5Ew6YX5fc7P6h1dPrQD6VTRk/G492503bEDBcT9jPk29q1iga9v
xfHmCVNbH55de1iHo4gl+J8uGcu91zFZU6/KWMyGFq6BQnauo4efHqYrJKzjoFf+
XzYcFV6E9YNGuvWIINjlQkmgxEVfpiEUBucJaowRuAb3lyRVptGS9HkTSVlhengH
zIviXsIs0ulmFdSn+FWl0BjSKoqsss9FoUi1g9rHJWIIsY4kmN1YXkZxr1tv/S/i
gvI2tCVaQ5h1XsgVGMpDJ6eCGACIVjt+RGbLaSQrO/rY
-----END CERTIFICATE-----