Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/ez4u_1j0_ojM3jorhMhPc8LRXyY.roa
File:                     ez4u_1j0_ojM3jorhMhPc8LRXyY.roa (raw, json)
Hash identifier:          iklDjhEm/+o8jK0OCBuLkTDvKYqHZMgst24iVNDdcek=
Subject key identifier:   7B:3E:2E:FF:58:F4:FE:88:CC:DE:3A:2B:84:C8:4F:73:C2:D1:5F:26
Certificate issuer:       /CN=3b61c8b61ff4ab975a2f6c67d0bce6379362e2fe
Certificate serial:       019ECAA4BAC3232B0AC73548AB92FEA650E3
Authority key identifier: 3B:61:C8:B6:1F:F4:AB:97:5A:2F:6C:67:D0:BC:E6:37:93:62:E2:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/ez4u_1j0_ojM3jorhMhPc8LRXyY.roa
Signing time:             Mon 15 Jun 2026 09:37:33 +0000
ROA not before:           Mon 15 Jun 2026 09:37:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8540
IP address blocks:        193.24.96.0/24 maxlen: 24
                          2a13:e480::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:a4:ba:c3:23:2b:0a:c7:35:48:ab:92:fe:a6:50:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b61c8b61ff4ab975a2f6c67d0bce6379362e2fe
        Validity
            Not Before: Jun 15 09:37:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b3e2eff58f4fe88ccde3a2b84c84f73c2d15f26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:77:15:67:20:99:05:3b:d4:c8:c3:4c:6d:68:
                    7e:cb:e9:cd:e6:03:46:da:29:71:f6:c7:af:a8:42:
                    14:0e:71:a0:b7:b6:45:e7:9d:1b:6c:a5:f5:06:a7:
                    49:b8:02:2b:58:22:f1:41:df:23:6c:42:00:83:1c:
                    bf:37:cc:3c:51:da:78:be:3d:3b:5d:5b:8f:6b:1f:
                    c5:4d:3b:a9:27:fc:00:b1:0e:b3:76:3b:a7:ce:de:
                    ef:18:8c:91:9b:33:b7:73:55:53:13:73:12:c2:bf:
                    41:cc:89:78:9a:06:b8:4d:26:75:df:51:a4:b4:fb:
                    f6:ef:22:b3:51:2b:32:90:ac:47:6d:81:00:4f:7e:
                    85:38:bf:8c:6b:cd:34:ff:c7:40:83:6c:2f:f6:07:
                    7d:d0:71:b6:58:6a:7f:11:9c:30:83:d5:a2:6e:d4:
                    8a:19:ec:10:ca:7f:9e:87:ae:5d:dc:fb:7f:cd:60:
                    e7:38:d3:91:a2:05:bc:6b:0b:a3:63:74:bc:eb:45:
                    4c:7d:48:b5:e3:d1:97:00:16:9b:b5:08:19:65:84:
                    fe:28:b9:8f:40:b4:b8:d5:58:3a:fe:1d:d0:d9:13:
                    2e:07:5f:b0:5e:de:fa:e6:67:33:48:c9:77:9d:d2:
                    94:cc:f5:c1:31:5a:7a:7b:69:7e:34:45:ce:fd:dd:
                    02:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3E:2E:FF:58:F4:FE:88:CC:DE:3A:2B:84:C8:4F:73:C2:D1:5F:26
            X509v3 Authority Key Identifier:
                keyid:3B:61:C8:B6:1F:F4:AB:97:5A:2F:6C:67:D0:BC:E6:37:93:62:E2:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/ez4u_1j0_ojM3jorhMhPc8LRXyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.96.0/24
                IPv6:
                  2a13:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:6d:13:83:77:65:88:ed:d2:5d:29:b0:f6:26:66:fe:0e:14:
         52:b5:5d:f2:57:e2:c4:72:c3:c8:de:28:11:67:1c:73:01:5c:
         33:a8:3a:be:2b:88:f8:97:d5:62:96:65:3b:d8:55:99:f6:95:
         60:c1:e6:23:68:49:14:f3:34:64:de:88:d3:1c:46:83:db:1f:
         f8:4f:a4:c8:19:92:b3:78:ad:92:af:19:4c:a1:3e:c8:aa:0f:
         92:45:d1:4b:7e:f1:bc:16:e1:cd:a7:8c:07:68:3d:54:8f:44:
         9b:a4:f8:47:f2:25:59:d3:80:66:7d:7a:e0:b4:db:18:26:a6:
         d8:45:21:17:91:f9:0d:4a:84:cd:cd:52:aa:22:b4:87:b8:84:
         b7:8e:4a:f3:0b:a1:93:93:ea:c5:a3:00:f9:6a:78:6d:23:a9:
         34:aa:ad:17:70:ff:76:06:63:77:74:62:17:9c:25:99:40:65:
         07:f6:9d:8b:37:8d:55:d9:56:f2:9d:39:b7:ec:75:48:8d:fb:
         0f:4e:f1:c0:ae:a1:31:85:67:7d:9d:a0:0e:d3:d0:a3:41:90:
         26:73:f5:d9:9a:20:bc:37:67:28:0e:e9:c8:c0:bb:bc:2e:33:
         8c:82:ce:be:9f:58:83:22:25:bf:00:c2:7e:02:2d:46:00:b8:
         10:61:87:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7KpLrDIysKxzVIq5L+plDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNjFjOGI2MWZmNGFiOTc1YTJmNmM2N2QwYmNlNjM3OTM2
MmUyZmUwHhcNMjYwNjE1MDkzNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjNlMmVmZjU4ZjRmZTg4Y2NkZTNhMmI4NGM4NGY3M2MyZDE1ZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XcVZyCZBTvUyMNMbWh+y+nN5gNG
2ilx9sevqEIUDnGgt7ZF550bbKX1BqdJuAIrWCLxQd8jbEIAgxy/N8w8Udp4vj07
XVuPax/FTTupJ/wAsQ6zdjunzt7vGIyRmzO3c1VTE3MSwr9BzIl4mga4TSZ131Gk
tPv27yKzUSsykKxHbYEAT36FOL+Ma800/8dAg2wv9gd90HG2WGp/EZwwg9WibtSK
GewQyn+eh65d3Pt/zWDnONORogW8awujY3S860VMfUi149GXABabtQgZZYT+KLmP
QLS41Vg6/h3Q2RMuB1+wXt765mczSMl3ndKUzPXBMVp6e2l+NEXO/d0CxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHs+Lv9Y9P6IzN46K4TIT3PC0V8mMB8GA1UdIwQY
MBaAFDthyLYf9KuXWi9sZ9C85jeTYuL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzJISXRoXzBxNWRhTDJ4bjBMem1ONU5pNHY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mYzBlZDEtNTY2Ni00YmI3LWJiN2Mt
N2I2Mjc1ODJmZDJkLzEvZXo0dV8xajBfb2pNM2pvcmhNaFBjOExSWHlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mYzBlZDEtNTY2Ni00YmI3LWJiN2MtN2I2Mjc1ODJmZDJk
LzEvTzJISXRoXzBxNWRhTDJ4bjBMem1ONU5pNHY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRhgMA0E
AgACMAcDBQMqE+SAMA0GCSqGSIb3DQEBCwUAA4IBAQCGbRODd2WI7dJdKbD2Jmb+
DhRStV3yV+LEcsPI3igRZxxzAVwzqDq+K4j4l9VilmU72FWZ9pVgweYjaEkU8zRk
3ojTHEaD2x/4T6TIGZKzeK2SrxlMoT7Iqg+SRdFLfvG8FuHNp4wHaD1Uj0SbpPhH
8iVZ04BmfXrgtNsYJqbYRSEXkfkNSoTNzVKqIrSHuIS3jkrzC6GTk+rFowD5anht
I6k0qq0XcP92BmN3dGIXnCWZQGUH9p2LN41V2VbynTm37HVIjfsPTvHArqExhWd9
naAO09CjQZAmc/XZmiC8N2coDunIwLu8LjOMgs6+n1iDIiW/AMJ+Ai1GALgQYYfI
-----END CERTIFICATE-----