Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/jguZW_JXxXZXEs7UeDtL_uxFA7E.roa
File:                     jguZW_JXxXZXEs7UeDtL_uxFA7E.roa (raw, json)
Hash identifier:          Di5fz7I66QZtyKR+rBwTjQSM3JlDgDmbsZZusapxtVw=
Subject key identifier:   8E:0B:99:5B:F2:57:C5:76:57:12:CE:D4:78:3B:4B:FE:EC:45:03:B1
Certificate issuer:       /CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
Certificate serial:       019EA84E6409D26775A1C56C425A26BE2F46
Authority key identifier: D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/jguZW_JXxXZXEs7UeDtL_uxFA7E.roa
Signing time:             Mon 08 Jun 2026 17:36:10 +0000
ROA not before:           Mon 08 Jun 2026 17:36:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26337
IP address blocks:        5.100.152.0/21 maxlen: 24
                          185.195.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:4e:64:09:d2:67:75:a1:c5:6c:42:5a:26:be:2f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
        Validity
            Not Before: Jun  8 17:36:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e0b995bf257c5765712ced4783b4bfeec4503b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4a:32:44:82:e4:07:b2:89:14:51:87:e6:bc:
                    69:89:fc:70:3d:6c:23:da:65:16:c7:e8:f4:9a:7e:
                    b6:4e:6f:a9:36:64:f8:b2:f2:98:32:41:db:b2:55:
                    55:b5:d7:8b:fb:3c:d5:d9:4f:96:f0:20:ee:d8:0c:
                    35:e0:57:43:86:f5:79:9e:27:10:3d:81:d5:49:f0:
                    ce:63:6c:27:3e:85:4e:6f:c0:0f:89:f4:cb:92:b1:
                    d7:a6:8d:56:fd:1e:d5:86:f8:52:28:a9:59:38:e5:
                    0e:5c:d7:8f:5b:01:b3:eb:5b:39:67:58:e9:20:2d:
                    9e:f1:1c:84:b7:79:e3:74:84:61:d8:4b:d6:d8:6b:
                    eb:9d:6b:4d:66:d5:30:b5:98:6f:a6:65:93:e3:e8:
                    33:48:d4:cd:92:22:47:44:0e:33:10:5f:79:fe:45:
                    2c:05:04:d5:0b:1e:c8:a5:8d:fb:74:37:9b:7c:44:
                    e8:5c:41:1d:06:e6:4b:6b:00:03:38:04:fe:cd:0c:
                    11:fd:b6:e3:93:63:b2:c6:fc:08:30:11:14:c2:03:
                    02:e6:1f:16:df:df:70:98:f4:66:9c:d8:2e:3d:2f:
                    4d:ef:ec:c5:fd:af:9c:8c:7c:57:95:ae:d4:a8:08:
                    fa:e8:3f:4e:34:6c:31:14:46:0a:f4:bd:7a:c2:d7:
                    a9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0B:99:5B:F2:57:C5:76:57:12:CE:D4:78:3B:4B:FE:EC:45:03:B1
            X509v3 Authority Key Identifier:
                keyid:D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/jguZW_JXxXZXEs7UeDtL_uxFA7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.152.0/21
                  185.195.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:f7:55:6e:4f:ec:b2:8c:3e:27:dd:12:fa:24:25:e5:b5:76:
         36:cf:e3:c2:83:cc:d9:1c:17:ef:5e:78:c5:0c:42:2f:97:bd:
         8f:0a:80:01:bb:fe:04:35:94:57:1b:78:0f:3d:10:83:7a:7d:
         6e:d5:98:0e:35:15:85:a3:84:b6:8e:6f:5e:81:9c:59:a8:cd:
         82:5b:e8:b8:7a:ef:95:0b:42:ad:3c:3c:87:40:fc:6c:77:13:
         b8:28:f2:1a:96:4e:51:24:26:9e:bb:b9:ba:75:68:dd:0f:a4:
         10:1b:04:84:ff:f5:2f:e0:dd:d2:3e:cd:fb:64:19:3d:2d:37:
         62:0b:0a:24:bc:7c:5d:c7:6c:6e:3f:b0:ee:d4:91:d9:97:c6:
         c0:15:08:1c:f0:60:56:33:51:cb:d7:98:b9:7b:78:a8:07:51:
         24:f8:09:cf:34:05:cc:67:4f:71:36:45:ef:30:64:4a:0b:d7:
         da:fb:fa:22:48:0e:51:aa:52:8f:b4:71:10:3a:9c:88:6c:6e:
         6a:20:08:c6:98:d2:d7:c5:26:7d:f7:d6:cb:c1:6e:ab:10:07:
         78:02:78:3f:95:90:b5:a6:63:5e:22:c9:0d:93:32:af:55:2f:
         a6:45:bf:e7:d9:60:9f:06:49:9d:fb:73:df:e5:d5:d1:ab:da:
         d3:bc:86:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6oTmQJ0md1ocVsQlomvi9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2FlOWRjOWY0M2EyNjllYjBhY2NmMzQ4OGU4NjFmNGZm
MGU4OWUwHhcNMjYwNjA4MTczNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBiOTk1YmYyNTdjNTc2NTcxMmNlZDQ3ODNiNGJmZWVjNDUwM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUoyRILkB7KJFFGH5rxpifxwPWwj
2mUWx+j0mn62Tm+pNmT4svKYMkHbslVVtdeL+zzV2U+W8CDu2Aw14FdDhvV5nicQ
PYHVSfDOY2wnPoVOb8APifTLkrHXpo1W/R7VhvhSKKlZOOUOXNePWwGz61s5Z1jp
IC2e8RyEt3njdIRh2EvW2GvrnWtNZtUwtZhvpmWT4+gzSNTNkiJHRA4zEF95/kUs
BQTVCx7IpY37dDebfEToXEEdBuZLawADOAT+zQwR/bbjk2OyxvwIMBEUwgMC5h8W
399wmPRmnNguPS9N7+zF/a+cjHxXla7UqAj66D9ONGwxFEYK9L16wtepjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4LmVvyV8V2VxLO1Hg7S/7sRQOxMB8GA1UdIwQY
MBaAFNF66dyfQ6Jp6wrM80iOhh9P8OieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUt
ZmRhNGU4YTViNDZlLzEvamd1WldfSlh4WFpYRXM3VWVEdExfdXhGQTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUtZmRhNGU4YTViNDZl
LzEvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBWSYAwQC
ucMMMA0GCSqGSIb3DQEBCwUAA4IBAQAw91VuT+yyjD4n3RL6JCXltXY2z+PCg8zZ
HBfvXnjFDEIvl72PCoABu/4ENZRXG3gPPRCDen1u1ZgONRWFo4S2jm9egZxZqM2C
W+i4eu+VC0KtPDyHQPxsdxO4KPIalk5RJCaeu7m6dWjdD6QQGwSE//Uv4N3SPs37
ZBk9LTdiCwokvHxdx2xuP7Du1JHZl8bAFQgc8GBWM1HL15i5e3ioB1Ek+AnPNAXM
Z09xNkXvMGRKC9fa+/oiSA5RqlKPtHEQOpyIbG5qIAjGmNLXxSZ999bLwW6rEAd4
Ang/lZC1pmNeIskNkzKvVS+mRb/n2WCfBkmd+3Pf5dXRq9rTvIaY
-----END CERTIFICATE-----