Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/4Y6MQ3p-LB6KrtJDo2AEO8Db164.roa
File:                     4Y6MQ3p-LB6KrtJDo2AEO8Db164.roa (raw, json)
Hash identifier:          5atEicVhW+L7Xp6D+LeVcw6nuJeehWHQba6IJiOM6Ms=
Subject key identifier:   E1:8E:8C:43:7A:7E:2C:1E:8A:AE:D2:43:A3:60:04:3B:C0:DB:D7:AE
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       019E5EA3DA66503C6295BBA18AF0655DD448
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/4Y6MQ3p-LB6KrtJDo2AEO8Db164.roa
Signing time:             Mon 25 May 2026 10:17:36 +0000
ROA not before:           Mon 25 May 2026 10:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9207
IP address blocks:        193.220.128.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:a3:da:66:50:3c:62:95:bb:a1:8a:f0:65:5d:d4:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: May 25 10:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e18e8c437a7e2c1e8aaed243a360043bc0dbd7ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d5:f5:ae:ec:92:a1:45:22:22:48:2a:10:b6:
                    8e:b8:88:2f:bd:9e:57:70:8c:92:63:09:7d:34:a4:
                    00:25:3f:1a:f1:36:bb:ea:d7:9a:ce:1b:d5:63:1a:
                    46:12:d7:e8:0b:17:a8:ae:1c:f5:3c:cf:95:99:89:
                    b9:2e:e3:5f:16:a4:a3:e3:11:80:d4:69:dd:6e:da:
                    0d:00:27:3e:f5:24:4f:38:1c:b6:53:56:3c:76:82:
                    87:46:a5:e0:c6:66:c4:0e:cf:a5:69:4d:88:dc:c3:
                    e7:61:9c:1a:18:6d:86:04:eb:27:ed:92:d1:51:32:
                    80:60:13:31:2d:84:59:00:10:3f:6c:e8:25:f1:04:
                    ba:0b:26:0c:f4:0f:ff:84:b5:40:46:03:87:8c:3c:
                    32:0e:ea:61:d0:2a:e8:b2:38:49:8e:ed:74:81:37:
                    45:b6:9b:f1:9d:2e:fe:c7:65:8a:e5:ea:63:3e:19:
                    87:8b:df:3a:13:93:4e:70:8e:21:2b:54:c0:c3:c7:
                    ad:19:b6:0a:43:1f:f3:e0:05:c5:1a:04:c4:90:72:
                    96:6f:ef:15:af:2b:f9:ef:0d:a4:b7:c7:d1:15:85:
                    e7:43:32:9c:ca:4c:8d:dc:02:c9:8f:0f:ae:2a:87:
                    ac:4a:0b:83:2f:09:64:87:ee:92:4e:58:26:03:4d:
                    82:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:8E:8C:43:7A:7E:2C:1E:8A:AE:D2:43:A3:60:04:3B:C0:DB:D7:AE
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/4Y6MQ3p-LB6KrtJDo2AEO8Db164.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.220.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:b9:95:4e:55:c9:11:6a:c8:de:a9:07:c6:47:79:e6:4b:28:
         b7:6f:e9:95:5b:8a:f9:03:a8:83:c8:75:07:13:a2:7e:7c:15:
         e9:d3:6a:f2:a2:72:ea:14:a3:00:1e:29:bb:45:52:7f:02:25:
         4e:a8:47:aa:df:b6:db:69:cc:1f:26:26:65:a4:ce:53:15:2a:
         97:c3:48:e4:8e:e1:67:2a:6e:52:bb:d9:d7:3c:f6:f3:3b:c9:
         6d:19:ed:5a:66:42:4d:14:75:4e:79:15:6a:d3:a2:96:1f:43:
         57:8a:46:f5:ae:e7:36:50:a5:11:c7:64:3b:f7:e8:38:db:49:
         02:79:bb:b5:dd:46:b3:9c:f3:b4:8a:05:09:93:14:80:9d:b1:
         88:1d:7a:57:c6:6c:9e:d6:23:20:be:45:12:f6:16:a5:b4:0c:
         f8:f0:41:d1:49:23:05:90:d5:ba:3f:39:be:2b:0c:2d:6f:e9:
         8e:b0:51:c0:a0:ed:12:04:79:e2:76:02:62:a2:4d:ba:94:ff:
         c5:b5:4b:73:78:a9:6c:19:b6:23:ca:25:2c:54:26:02:b4:e8:
         f2:47:da:b3:48:37:43:0b:bb:31:d2:be:4f:26:0b:0a:3f:d1:
         34:be:ce:c3:89:0d:19:74:1b:22:d3:4e:a0:96:99:13:08:58:
         54:63:88:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5eo9pmUDxilbuhivBlXdRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjYwNTI1MTAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMThlOGM0MzdhN2UyYzFlOGFhZWQyNDNhMzYwMDQzYmMwZGJkN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktX1ruySoUUiIkgqELaOuIgvvZ5X
cIySYwl9NKQAJT8a8Ta76teazhvVYxpGEtfoCxeorhz1PM+VmYm5LuNfFqSj4xGA
1GndbtoNACc+9SRPOBy2U1Y8doKHRqXgxmbEDs+laU2I3MPnYZwaGG2GBOsn7ZLR
UTKAYBMxLYRZABA/bOgl8QS6CyYM9A//hLVARgOHjDwyDuph0CrosjhJju10gTdF
tpvxnS7+x2WK5epjPhmHi986E5NOcI4hK1TAw8etGbYKQx/z4AXFGgTEkHKWb+8V
ryv57w2kt8fRFYXnQzKcykyN3ALJjw+uKoesSguDLwlkh+6STlgmA02CRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGOjEN6fiweiq7SQ6NgBDvA29euMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvNFk2TVEzcC1MQjZLcnRKRG8yQUVPOERiMTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwuZVOVckRasjeqQfGR3nmSyi3b+mVW4r5A6iDyHUH
E6J+fBXp02ryonLqFKMAHim7RVJ/AiVOqEeq37bbacwfJiZlpM5TFSqXw0jkjuFn
Km5Su9nXPPbzO8ltGe1aZkJNFHVOeRVq06KWH0NXikb1ruc2UKURx2Q79+g420kC
ebu13UaznPO0igUJkxSAnbGIHXpXxmye1iMgvkUS9haltAz48EHRSSMFkNW6Pzm+
Kwwtb+mOsFHAoO0SBHnidgJiok26lP/FtUtzeKlsGbYjyiUsVCYCtOjyR9qzSDdD
C7sx0r5PJgsKP9E0vs7DiQ0ZdBsi006glpkTCFhUY4ik
-----END CERTIFICATE-----