Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/dLQV_5OmNopLyLxrbxcktgcNyR4.roa
File:                     dLQV_5OmNopLyLxrbxcktgcNyR4.roa (raw, json)
Hash identifier:          R9CBpunkXEWR2RbtulaHxDFGlf3ijO7U4+hncaSEa94=
Subject key identifier:   74:B4:15:FF:93:A6:36:8A:4B:C8:BC:6B:6F:17:24:B6:07:0D:C9:1E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D7A9E7DC425B3C5565E953001645C99CA
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/dLQV_5OmNopLyLxrbxcktgcNyR4.roa
Signing time:             Sat 11 Apr 2026 03:38:20 +0000
ROA not before:           Sat 11 Apr 2026 03:38:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203048
IP address blocks:        194.231.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7a:9e:7d:c4:25:b3:c5:56:5e:95:30:01:64:5c:99:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 11 03:38:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74b415ff93a6368a4bc8bc6b6f1724b6070dc91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ac:c9:d5:fc:62:4c:ff:50:44:5a:d0:c8:cb:
                    d8:56:28:44:b1:99:01:d8:e3:50:17:1c:45:c2:77:
                    02:c2:4b:26:b4:c8:84:6c:07:4f:96:0c:d0:8a:05:
                    92:7d:12:f5:59:9f:eb:84:02:cf:b5:00:e8:53:b5:
                    50:d5:82:c2:14:49:17:86:9e:7f:f7:b8:1f:b8:bc:
                    36:aa:80:d4:29:88:d5:67:cb:0c:e3:bb:11:2c:18:
                    88:cd:26:9e:e8:e4:3c:9b:73:07:01:a3:68:c5:3c:
                    03:d1:cd:36:7d:5c:51:d6:f9:cb:68:e0:a2:a3:1b:
                    c9:76:3c:fb:14:4e:5a:71:b3:c7:d4:f6:c5:59:25:
                    5f:0e:ca:f5:94:9c:9c:71:e7:ba:69:04:de:ff:87:
                    c3:16:45:2f:c5:3a:71:3b:2f:23:1f:04:e1:25:33:
                    b0:5c:16:f9:38:b8:97:56:e4:d0:a2:03:a8:ca:36:
                    fc:44:f0:25:8a:0d:8e:8c:e0:49:9e:c7:00:6a:e7:
                    75:07:2c:25:1f:16:12:25:cb:20:ef:53:24:59:34:
                    d1:6d:43:13:94:28:c4:e8:c7:1b:e1:b5:8c:d8:dd:
                    2f:56:03:9e:55:fb:6d:a7:fa:67:09:be:01:e3:9d:
                    31:18:0c:42:5a:a3:e2:5e:32:d3:77:f3:dc:51:c4:
                    74:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B4:15:FF:93:A6:36:8A:4B:C8:BC:6B:6F:17:24:B6:07:0D:C9:1E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/dLQV_5OmNopLyLxrbxcktgcNyR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:f0:f6:97:09:2b:6c:35:25:63:82:cc:92:d3:66:cc:09:31:
         f3:50:a9:63:23:87:2c:1f:a9:d2:cf:ed:29:85:0f:ac:ea:c9:
         50:c6:ea:a1:25:2c:d2:d4:b4:99:9d:cc:fe:06:e0:56:22:c7:
         40:31:49:3f:a7:27:08:f6:80:ee:d6:4e:df:a6:ad:dd:47:37:
         79:52:d9:c7:88:a4:90:6c:15:d7:de:81:78:6f:1e:e6:81:04:
         c5:f3:7c:cd:3f:a8:94:74:95:7c:3d:8b:fa:93:d7:7d:99:67:
         1c:fd:8c:fe:db:20:96:67:85:f1:7a:7c:af:c1:3f:ef:e7:e8:
         08:52:c3:ed:f3:1e:ff:01:ce:7b:0a:5c:8e:20:d8:a4:c8:24:
         56:5c:bc:19:cc:67:f3:0c:5d:08:10:d7:6b:58:17:53:0c:bb:
         74:ed:a4:87:93:d6:a0:a3:2d:32:89:7e:c6:b8:70:1d:92:33:
         44:ac:e9:d3:02:30:16:19:a1:40:6e:e8:01:f1:45:de:8a:37:
         35:5d:e6:2b:39:69:fb:3a:93:91:3a:f6:c9:02:20:4b:ce:23:
         5f:0f:7a:99:3e:10:96:06:ca:01:ba:d9:bd:6c:5a:1a:59:60:
         d8:4e:c8:be:51:7d:54:80:6e:16:3b:c5:a4:9b:ea:22:ee:97:
         4e:d7:03:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ16nn3EJbPFVl6VMAFkXJnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDExMDMzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGI0MTVmZjkzYTYzNjhhNGJjOGJjNmI2ZjE3MjRiNjA3MGRjOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6zJ1fxiTP9QRFrQyMvYVihEsZkB
2ONQFxxFwncCwksmtMiEbAdPlgzQigWSfRL1WZ/rhALPtQDoU7VQ1YLCFEkXhp5/
97gfuLw2qoDUKYjVZ8sM47sRLBiIzSae6OQ8m3MHAaNoxTwD0c02fVxR1vnLaOCi
oxvJdjz7FE5acbPH1PbFWSVfDsr1lJyccee6aQTe/4fDFkUvxTpxOy8jHwThJTOw
XBb5OLiXVuTQogOoyjb8RPAlig2OjOBJnscAaud1BywlHxYSJcsg71MkWTTRbUMT
lCjE6Mcb4bWM2N0vVgOeVfttp/pnCb4B450xGAxCWqPiXjLTd/PcUcR0pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHS0Ff+TpjaKS8i8a28XJLYHDckeMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvZExRVl81T21Ob3BMeUx4cmJ4Y2t0Z2NOeVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueaMA0G
CSqGSIb3DQEBCwUAA4IBAQDj8PaXCStsNSVjgsyS02bMCTHzUKljI4csH6nSz+0p
hQ+s6slQxuqhJSzS1LSZncz+BuBWIsdAMUk/pycI9oDu1k7fpq3dRzd5UtnHiKSQ
bBXX3oF4bx7mgQTF83zNP6iUdJV8PYv6k9d9mWcc/Yz+2yCWZ4XxenyvwT/v5+gI
UsPt8x7/Ac57ClyOINikyCRWXLwZzGfzDF0IENdrWBdTDLt07aSHk9agoy0yiX7G
uHAdkjNErOnTAjAWGaFAbugB8UXeijc1XeYrOWn7OpOROvbJAiBLziNfD3qZPhCW
BsoButm9bFoaWWDYTsi+UX1UgG4WO8Wkm+oi7pdO1wM+
-----END CERTIFICATE-----