Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/MND58y1q-kCCHDzR4ElmsEH10Zk.roa
File:                     MND58y1q-kCCHDzR4ElmsEH10Zk.roa (raw, json)
Hash identifier:          igjEV5bmC5ItZ8ltheVoT+YpOjIzLnl9uXjJt+/vCPc=
Subject key identifier:   30:D0:F9:F3:2D:6A:FA:40:82:1C:3C:D1:E0:49:66:B0:41:F5:D1:99
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019D3E6D372A679693985F47A697CD95B612
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/MND58y1q-kCCHDzR4ElmsEH10Zk.roa
Signing time:             Mon 30 Mar 2026 11:07:18 +0000
ROA not before:           Mon 30 Mar 2026 11:07:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214702
IP address blocks:        194.61.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:6d:37:2a:67:96:93:98:5f:47:a6:97:cd:95:b6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Mar 30 11:07:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30d0f9f32d6afa40821c3cd1e04966b041f5d199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2e:70:86:78:55:13:7f:01:da:12:ef:30:ba:
                    cf:00:48:04:28:d1:65:7a:d3:17:08:75:92:f6:87:
                    74:16:6a:66:6a:eb:d7:e8:5c:ca:26:ff:18:b3:4a:
                    12:5b:3f:ff:8b:7d:5a:de:15:79:ac:26:cc:a5:dc:
                    a6:3a:c2:bb:ec:f9:05:2c:b4:24:b2:4e:83:8e:4d:
                    81:53:9d:28:6f:81:80:43:54:6d:6c:62:6e:6e:69:
                    aa:13:6a:54:71:7f:05:cd:29:72:13:a3:5b:95:d9:
                    25:78:8d:7e:90:10:3a:1e:96:af:19:cc:19:68:79:
                    e2:fc:46:bf:d6:b7:30:0d:9b:4d:a1:f1:65:aa:ec:
                    5f:be:2c:e3:8f:e6:8f:5e:53:61:a1:36:7a:8f:3a:
                    94:49:1e:b4:bc:4a:60:4c:d6:f7:f3:53:ff:74:2d:
                    1c:38:50:a7:e2:94:31:75:f2:d2:ef:cf:e9:19:87:
                    76:7b:a3:5d:91:79:9a:0f:43:5e:c8:e9:aa:7c:66:
                    2c:94:76:98:e8:42:61:67:5d:87:77:8b:f8:4f:4f:
                    62:4a:a5:0e:10:c8:e3:9a:8b:a8:2e:b4:64:65:b7:
                    91:bc:bd:29:27:40:d8:e7:8e:be:f9:66:24:7e:57:
                    0a:67:f3:ff:92:8a:f9:fd:4a:4f:34:f5:fd:47:71:
                    1b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D0:F9:F3:2D:6A:FA:40:82:1C:3C:D1:E0:49:66:B0:41:F5:D1:99
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/MND58y1q-kCCHDzR4ElmsEH10Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c0:87:51:ff:bd:31:84:6a:28:c9:54:f9:d8:1f:ea:82:c8:
         e3:05:77:3c:14:94:b5:a3:7d:97:68:3c:c0:a8:92:58:c0:d3:
         b6:a2:9d:47:ce:0e:4f:30:70:ac:7f:d7:c1:f1:14:9f:99:12:
         40:eb:c7:45:f2:c5:93:c6:f6:86:4f:44:c8:1d:94:50:5a:ec:
         61:0a:29:ae:0d:72:9d:77:59:f1:31:86:42:75:4f:37:50:70:
         91:aa:50:7e:93:46:53:32:0e:33:6b:84:1d:26:b6:89:33:82:
         b4:04:2c:97:06:ad:d2:cf:5f:8b:7d:bc:ee:2f:45:5a:70:82:
         d4:ec:9f:17:c3:a3:37:5e:f0:16:78:6f:95:f5:ea:dd:20:cc:
         2e:69:6a:a8:74:fe:1d:cb:dc:43:80:1f:cd:6d:7e:c4:9d:68:
         23:cf:4d:31:42:11:69:13:f4:09:62:d2:91:ce:50:c9:83:4e:
         3c:7e:fb:8d:06:b3:24:c2:c6:08:86:1a:94:81:29:23:19:c7:
         6e:21:61:cf:c5:23:c1:07:56:7c:66:01:a6:b0:42:67:f7:00:
         3f:9a:68:01:e7:3e:9b:0b:f8:74:aa:f9:70:4d:78:28:fd:92:
         a4:fa:c2:a0:09:80:f0:8d:83:ca:5b:a0:e6:d5:cc:2c:00:a4:
         39:63:c1:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+bTcqZ5aTmF9HppfNlbYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMzMwMTEwNzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQwZjlmMzJkNmFmYTQwODIxYzNjZDFlMDQ5NjZiMDQxZjVkMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi5whnhVE38B2hLvMLrPAEgEKNFl
etMXCHWS9od0FmpmauvX6FzKJv8Ys0oSWz//i31a3hV5rCbMpdymOsK77PkFLLQk
sk6Djk2BU50ob4GAQ1RtbGJubmmqE2pUcX8FzSlyE6NbldkleI1+kBA6HpavGcwZ
aHni/Ea/1rcwDZtNofFlquxfvizjj+aPXlNhoTZ6jzqUSR60vEpgTNb381P/dC0c
OFCn4pQxdfLS78/pGYd2e6NdkXmaD0NeyOmqfGYslHaY6EJhZ12Hd4v4T09iSqUO
EMjjmouoLrRkZbeRvL0pJ0DY546++WYkflcKZ/P/kor5/UpPNPX9R3EbqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDQ+fMtavpAghw80eBJZrBB9dGZMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvTU5ENTh5MXEta0NDSER6UjRFbG1zRUgxMFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj3rMA0G
CSqGSIb3DQEBCwUAA4IBAQBMwIdR/70xhGooyVT52B/qgsjjBXc8FJS1o32XaDzA
qJJYwNO2op1Hzg5PMHCsf9fB8RSfmRJA68dF8sWTxvaGT0TIHZRQWuxhCimuDXKd
d1nxMYZCdU83UHCRqlB+k0ZTMg4za4QdJraJM4K0BCyXBq3Sz1+LfbzuL0VacILU
7J8Xw6M3XvAWeG+V9erdIMwuaWqodP4dy9xDgB/NbX7EnWgjz00xQhFpE/QJYtKR
zlDJg048fvuNBrMkwsYIhhqUgSkjGcduIWHPxSPBB1Z8ZgGmsEJn9wA/mmgB5z6b
C/h0qvlwTXgo/ZKk+sKgCYDwjYPKW6Dm1cwsAKQ5Y8F2
-----END CERTIFICATE-----