Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/5Coe3p2UxVf3bn4K2fVEoZwReTw.roa
File:                     5Coe3p2UxVf3bn4K2fVEoZwReTw.roa (raw, json)
Hash identifier:          SqvwYONteyDfFGL9H1OXDLDKhZklpEq8TnIN3KysesQ=
Subject key identifier:   E4:2A:1E:DE:9D:94:C5:57:F7:6E:7E:0A:D9:F5:44:A1:9C:11:79:3C
Certificate issuer:       /CN=a62fb9fd31c2c60abda14e0b3c92a89866829d8e
Certificate serial:       019B7AC908F95E8C35A5324678A2FBAE1EFB
Authority key identifier: A6:2F:B9:FD:31:C2:C6:0A:BD:A1:4E:0B:3C:92:A8:98:66:82:9D:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/5Coe3p2UxVf3bn4K2fVEoZwReTw.roa
Signing time:             Thu 01 Jan 2026 18:19:13 +0000
ROA not before:           Thu 01 Jan 2026 18:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42778
IP address blocks:        194.110.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:08:f9:5e:8c:35:a5:32:46:78:a2:fb:ae:1e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62fb9fd31c2c60abda14e0b3c92a89866829d8e
        Validity
            Not Before: Jan  1 18:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e42a1ede9d94c557f76e7e0ad9f544a19c11793c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a6:6a:1f:05:75:59:40:10:9d:8d:ae:26:60:
                    3b:02:57:64:c1:7a:f5:53:c6:11:85:c5:08:e1:f6:
                    db:12:d3:22:50:b6:2a:6e:b3:de:a2:d0:4b:17:0a:
                    2d:60:b5:ac:68:d4:0f:47:81:2f:5c:45:df:1a:cb:
                    a1:62:b6:cb:c1:59:28:25:50:93:ab:17:9a:4b:65:
                    c7:cf:b1:ae:61:61:78:77:01:36:c8:b3:93:6d:9a:
                    4e:68:9f:1f:50:ad:55:5e:4a:81:ab:26:d8:1d:75:
                    93:85:fa:1e:e5:9f:1e:28:8f:18:b5:1b:33:26:45:
                    ed:14:2a:0d:4f:4e:37:ff:aa:a4:a0:76:7d:96:46:
                    8e:07:39:d4:02:cc:b1:12:47:2c:5d:14:0c:70:0e:
                    3c:34:b1:c7:f9:67:15:6e:25:ec:b0:db:a9:f2:8b:
                    7a:9e:47:69:70:28:09:d1:ed:d1:60:92:9c:a0:f6:
                    20:ce:98:d3:23:c0:ff:bf:5d:fd:15:1e:4d:52:8c:
                    62:6f:da:e1:fc:a0:d4:73:6b:d5:32:87:e1:0a:0a:
                    53:f3:fc:83:5a:a2:83:25:f1:93:02:1e:51:08:10:
                    6c:73:2b:f1:82:d9:55:a5:f9:57:27:7f:cc:2a:66:
                    e0:61:5d:aa:b5:7f:46:9f:40:50:e2:c6:ad:82:7b:
                    a6:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2A:1E:DE:9D:94:C5:57:F7:6E:7E:0A:D9:F5:44:A1:9C:11:79:3C
            X509v3 Authority Key Identifier:
                keyid:A6:2F:B9:FD:31:C2:C6:0A:BD:A1:4E:0B:3C:92:A8:98:66:82:9D:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/5Coe3p2UxVf3bn4K2fVEoZwReTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:32:d1:1b:11:40:86:33:33:4b:89:8f:aa:c6:bd:a6:ef:4a:
         f0:41:f5:e9:a0:bd:fa:9e:95:1f:6b:0c:60:4b:c5:55:4b:20:
         eb:c6:1c:8c:27:46:34:24:8f:a4:00:f5:c0:e8:10:d8:63:3b:
         56:66:c2:93:59:2f:f6:0f:0a:47:fc:c4:2c:cd:fe:0d:2d:3f:
         0e:15:e0:18:a5:eb:d2:69:45:d1:13:37:c1:f8:bc:af:f7:8c:
         dc:ec:52:e9:c2:83:7e:4c:ed:6c:3c:da:06:d5:ed:ae:15:cb:
         09:cb:b8:dd:e1:da:c8:1f:18:36:4c:d9:ac:ee:2d:58:c9:64:
         3c:99:be:33:bb:fd:37:79:1c:6b:93:ae:a4:b7:df:92:ec:99:
         49:99:18:7b:e2:f5:3b:50:28:9b:29:5b:fe:70:f2:db:46:36:
         88:11:33:0d:79:8a:81:35:f0:e0:fa:90:21:6f:87:36:ed:53:
         bf:cb:c0:5e:63:3d:19:76:9f:f4:da:c7:e1:42:d8:80:1c:05:
         b9:3a:9f:63:8a:9a:52:2c:42:6a:19:a1:c8:f1:bf:a2:ea:75:
         97:20:99:fa:8a:77:2a:dd:d3:56:b7:00:33:4a:dc:21:27:1e:
         1a:d6:d2:b4:d2:9b:6c:6d:7d:10:9c:3f:4c:58:8b:cc:7f:4c:
         63:b4:20:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yQj5Xow1pTJGeKL7rh77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmZiOWZkMzFjMmM2MGFiZGExNGUwYjNjOTJhODk4NjY4
MjlkOGUwHhcNMjYwMTAxMTgxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDJhMWVkZTlkOTRjNTU3Zjc2ZTdlMGFkOWY1NDRhMTljMTE3OTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZqHwV1WUAQnY2uJmA7AldkwXr1
U8YRhcUI4fbbEtMiULYqbrPeotBLFwotYLWsaNQPR4EvXEXfGsuhYrbLwVkoJVCT
qxeaS2XHz7GuYWF4dwE2yLOTbZpOaJ8fUK1VXkqBqybYHXWThfoe5Z8eKI8YtRsz
JkXtFCoNT043/6qkoHZ9lkaOBznUAsyxEkcsXRQMcA48NLHH+WcVbiXssNup8ot6
nkdpcCgJ0e3RYJKcoPYgzpjTI8D/v139FR5NUoxib9rh/KDUc2vVMofhCgpT8/yD
WqKDJfGTAh5RCBBscyvxgtlVpflXJ3/MKmbgYV2qtX9Gn0BQ4satgnumuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQqHt6dlMVX925+Ctn1RKGcEXk8MB8GA1UdIwQY
MBaAFKYvuf0xwsYKvaFOCzySqJhmgp2OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGktNV9USEN4Z3E5b1U0TFBKS29tR2FDblk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lMDUxZmYtY2UyNS00ZDZjLTgzZmQt
MWFiYjhlMjdiNGQxLzEvNUNvZTNwMlV4VmYzYm40SzJmVkVvWndSZVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lMDUxZmYtY2UyNS00ZDZjLTgzZmQtMWFiYjhlMjdiNGQx
LzEvcGktNV9USEN4Z3E5b1U0TFBKS29tR2FDblk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7wMA0G
CSqGSIb3DQEBCwUAA4IBAQB2MtEbEUCGMzNLiY+qxr2m70rwQfXpoL36npUfawxg
S8VVSyDrxhyMJ0Y0JI+kAPXA6BDYYztWZsKTWS/2DwpH/MQszf4NLT8OFeAYpevS
aUXREzfB+Lyv94zc7FLpwoN+TO1sPNoG1e2uFcsJy7jd4drIHxg2TNms7i1YyWQ8
mb4zu/03eRxrk66kt9+S7JlJmRh74vU7UCibKVv+cPLbRjaIETMNeYqBNfDg+pAh
b4c27VO/y8BeYz0Zdp/02sfhQtiAHAW5Op9jippSLEJqGaHI8b+i6nWXIJn6incq
3dNWtwAzStwhJx4a1tK00ptsbX0QnD9MWIvMf0xjtCCH
-----END CERTIFICATE-----