Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/XD-rsCQ7MnQa0FvN9-UFfOu8xoY.roa
File:                     XD-rsCQ7MnQa0FvN9-UFfOu8xoY.roa (raw, json)
Hash identifier:          Tc60kjga5Dja2TfTQjYcITx+fK92CUP6hqCPaaMpKbc=
Subject key identifier:   5C:3F:AB:B0:24:3B:32:74:1A:D0:5B:CD:F7:E5:05:7C:EB:BC:C6:86
Certificate issuer:       /CN=1b3554498f3c8dd539c25a9d85348fab817eda23
Certificate serial:       019B7835316F10AD63475C10A2F0DFE5B31F
Authority key identifier: 1B:35:54:49:8F:3C:8D:D5:39:C2:5A:9D:85:34:8F:AB:81:7E:DA:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/XD-rsCQ7MnQa0FvN9-UFfOu8xoY.roa
Signing time:             Thu 01 Jan 2026 06:18:30 +0000
ROA not before:           Thu 01 Jan 2026 06:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60305
IP address blocks:        194.113.252.0/24 maxlen: 24
                          194.113.253.0/24 maxlen: 24
                          194.113.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:31:6f:10:ad:63:47:5c:10:a2:f0:df:e5:b3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b3554498f3c8dd539c25a9d85348fab817eda23
        Validity
            Not Before: Jan  1 06:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c3fabb0243b32741ad05bcdf7e5057cebbcc686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ba:fa:05:cb:22:7e:69:43:19:c0:1a:d0:6d:
                    4f:6e:69:74:cf:78:61:7b:7b:68:3a:e9:4c:9b:f6:
                    a4:22:1c:68:b1:48:8d:b7:d3:5d:9c:9d:69:c8:e4:
                    1f:79:a9:c8:6c:8e:52:f9:7a:a8:35:a5:db:41:69:
                    a0:ad:03:66:27:78:6b:07:f3:4d:5c:2c:2d:d5:fe:
                    8e:c6:64:48:b8:99:12:5c:10:27:8f:39:2e:95:8a:
                    a5:cb:00:33:0e:86:39:0e:8d:45:c1:3c:d1:e7:12:
                    47:6c:fe:41:bb:63:e7:98:95:ed:18:8c:2f:d9:73:
                    99:9f:36:5a:25:d9:e9:d8:18:c0:f4:f8:66:39:30:
                    41:dd:c4:ef:5b:83:85:05:68:06:2c:f3:c4:ac:14:
                    0d:64:ad:9c:a7:43:4d:41:49:b4:5b:28:de:e9:15:
                    f7:5d:0e:75:1c:3d:21:91:bd:e6:68:e8:eb:bb:15:
                    75:2f:56:a0:a8:24:eb:5f:9f:f9:ed:0e:80:d8:88:
                    5a:bc:a4:4b:2b:cc:51:10:39:90:3c:7b:18:b1:f2:
                    dd:03:91:c7:bb:be:24:57:10:4b:ea:22:0f:39:76:
                    38:b5:5a:69:65:2b:71:75:c8:0e:43:ba:26:e4:ac:
                    c3:87:fc:c8:7b:1e:1d:f3:a3:44:ee:9e:80:33:22:
                    d0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3F:AB:B0:24:3B:32:74:1A:D0:5B:CD:F7:E5:05:7C:EB:BC:C6:86
            X509v3 Authority Key Identifier:
                keyid:1B:35:54:49:8F:3C:8D:D5:39:C2:5A:9D:85:34:8F:AB:81:7E:DA:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/XD-rsCQ7MnQa0FvN9-UFfOu8xoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:7d:af:87:cb:a0:f5:2d:81:69:4f:5b:20:84:b9:cd:ce:cd:
         1a:19:32:3a:eb:cc:96:78:2c:16:62:66:28:ac:26:70:aa:ba:
         a6:a8:aa:a7:2b:e0:20:b1:ee:b8:8d:87:c9:e6:44:f8:f6:58:
         55:25:cf:68:e0:e6:a4:ee:5a:16:2d:69:00:86:50:54:8f:b4:
         c4:35:ba:83:e6:7b:a9:ad:8c:de:42:55:be:f3:cf:f1:0c:d7:
         14:d8:d7:81:7e:b0:54:61:d3:a8:d4:9b:8d:69:2e:90:45:17:
         b7:99:e3:b6:7b:24:f2:4b:62:82:eb:3e:52:f2:bc:47:9e:97:
         88:ce:2b:49:ae:e2:b2:f0:67:9b:97:a1:a2:90:a1:16:4b:a2:
         45:f0:ff:2a:32:97:b5:eb:91:c5:a7:5b:66:84:5f:3b:03:e5:
         df:83:b4:d3:2e:5d:93:91:ba:a2:1a:77:ef:6b:b5:ab:35:29:
         88:18:a8:e4:64:06:55:d4:3d:b9:55:c3:53:f9:66:9c:b8:67:
         05:3a:20:72:0f:8e:b4:17:df:87:e3:60:3a:5d:f0:aa:29:36:
         48:05:5d:c2:44:97:a4:df:f0:8a:4f:bf:e6:82:43:82:6f:ef:
         9a:8b:ad:1c:26:1c:6e:39:9b:5e:b4:21:a8:e9:01:29:ef:cc:
         1e:9d:45:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NTFvEK1jR1wQovDf5bMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzU1NDQ5OGYzYzhkZDUzOWMyNWE5ZDg1MzQ4ZmFiODE3
ZWRhMjMwHhcNMjYwMTAxMDYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNmYWJiMDI0M2IzMjc0MWFkMDViY2RmN2U1MDU3Y2ViYmNjNjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbr6BcsifmlDGcAa0G1Pbml0z3hh
e3toOulMm/akIhxosUiNt9NdnJ1pyOQfeanIbI5S+XqoNaXbQWmgrQNmJ3hrB/NN
XCwt1f6OxmRIuJkSXBAnjzkulYqlywAzDoY5Do1FwTzR5xJHbP5Bu2PnmJXtGIwv
2XOZnzZaJdnp2BjA9PhmOTBB3cTvW4OFBWgGLPPErBQNZK2cp0NNQUm0Wyje6RX3
XQ51HD0hkb3maOjruxV1L1agqCTrX5/57Q6A2IhavKRLK8xREDmQPHsYsfLdA5HH
u74kVxBL6iIPOXY4tVppZStxdcgOQ7om5KzDh/zIex4d86NE7p6AMyLQfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw/q7AkOzJ0GtBbzfflBXzrvMaGMB8GA1UdIwQY
MBaAFBs1VEmPPI3VOcJanYU0j6uBftojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pWVVNZODhqZFU1d2xxZGhUU1BxNEYtMmlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy83YjAzZDEtMGU2OC00NDRmLTkxODgt
NzZlNWNlYjAzZmQ5LzEvWEQtcnNDUTdNblFhMEZ2TjktVUZmT3U4eG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy83YjAzZDEtMGU2OC00NDRmLTkxODgtNzZlNWNlYjAzZmQ5
LzEvR3pWVVNZODhqZFU1d2xxZGhUU1BxNEYtMmlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnH8MA0G
CSqGSIb3DQEBCwUAA4IBAQAIfa+Hy6D1LYFpT1sghLnNzs0aGTI668yWeCwWYmYo
rCZwqrqmqKqnK+Agse64jYfJ5kT49lhVJc9o4Oak7loWLWkAhlBUj7TENbqD5nup
rYzeQlW+88/xDNcU2NeBfrBUYdOo1JuNaS6QRRe3meO2eyTyS2KC6z5S8rxHnpeI
zitJruKy8Gebl6GikKEWS6JF8P8qMpe165HFp1tmhF87A+Xfg7TTLl2TkbqiGnfv
a7WrNSmIGKjkZAZV1D25VcNT+WacuGcFOiByD460F9+H42A6XfCqKTZIBV3CRJek
3/CKT7/mgkOCb++ai60cJhxuOZtetCGo6QEp78wenUX6
-----END CERTIFICATE-----