Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/cJhwzvA4MmD9szzdzlqYrmM_RIk.roa
File:                     cJhwzvA4MmD9szzdzlqYrmM_RIk.roa (raw, json)
Hash identifier:          0CQ7EyVMolzZdZkEGpCpBtQGO5aHXkTTya7T0UCv1hY=
Subject key identifier:   70:98:70:CE:F0:38:32:60:FD:B3:3C:DD:CE:5A:98:AE:63:3F:44:89
Certificate issuer:       /CN=9886f4b2150815eda783e7f3cfb9b7e53ce7d97f
Certificate serial:       019EA18B203D2B43715B4138E56634D0CE37
Authority key identifier: 98:86:F4:B2:15:08:15:ED:A7:83:E7:F3:CF:B9:B7:E5:3C:E7:D9:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/cJhwzvA4MmD9szzdzlqYrmM_RIk.roa
Signing time:             Sun 07 Jun 2026 10:05:09 +0000
ROA not before:           Sun 07 Jun 2026 10:05:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6461
IP address blocks:        185.211.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:8b:20:3d:2b:43:71:5b:41:38:e5:66:34:d0:ce:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9886f4b2150815eda783e7f3cfb9b7e53ce7d97f
        Validity
            Not Before: Jun  7 10:05:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=709870cef0383260fdb33cddce5a98ae633f4489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:70:b2:64:b8:87:ea:b5:f7:7e:f3:48:ac:
                    2d:7e:9a:47:96:6e:b4:52:a3:9f:25:e7:61:a5:fb:
                    ef:d4:08:96:67:6e:f5:0d:54:c9:32:a1:8c:e7:e8:
                    a6:2e:65:5d:36:cf:33:0f:a5:9d:51:fc:83:0f:56:
                    55:35:92:7e:58:ed:58:42:05:fd:92:7a:58:a7:a7:
                    d5:ac:09:17:bc:cb:12:6c:0f:6b:03:de:0b:a1:52:
                    a9:1c:08:c4:0d:80:7b:fb:da:16:f0:12:19:1f:de:
                    be:d6:40:b7:e7:6f:87:35:fc:b3:f2:eb:b1:3f:d7:
                    5b:5b:26:19:0e:db:d5:f2:0a:99:e4:7f:40:24:c1:
                    a2:87:e7:49:b1:32:83:2a:a6:71:a5:36:ea:19:92:
                    fd:9f:e1:a0:89:8d:73:48:c3:c1:6b:3b:07:ce:9c:
                    31:34:4a:2b:f0:d3:ce:bd:9a:f5:6e:f4:b3:26:4b:
                    c0:13:26:2e:7a:5e:9d:03:48:6d:03:95:d4:16:f1:
                    1b:71:8e:91:1b:22:dd:f5:bf:58:11:6b:7f:53:de:
                    6f:82:83:01:03:b7:56:f8:54:c0:ac:f4:ab:4d:0c:
                    75:94:a6:18:c4:ee:2f:49:e7:ee:dd:53:2d:44:24:
                    60:00:34:4a:21:2e:eb:a5:90:ef:35:cd:5b:0f:b3:
                    c9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:98:70:CE:F0:38:32:60:FD:B3:3C:DD:CE:5A:98:AE:63:3F:44:89
            X509v3 Authority Key Identifier:
                keyid:98:86:F4:B2:15:08:15:ED:A7:83:E7:F3:CF:B9:B7:E5:3C:E7:D9:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/cJhwzvA4MmD9szzdzlqYrmM_RIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:b2:4c:30:b7:5c:06:b7:51:1b:c7:79:70:e7:03:b0:d3:96:
         3b:8e:47:af:95:c8:3a:61:d8:4d:fb:e8:95:fc:10:67:97:49:
         a5:25:8b:7f:04:ab:9d:5e:d7:19:b6:12:35:be:da:e4:30:9d:
         03:b4:bb:0d:17:6e:3b:a5:a3:7d:97:9e:aa:11:d3:c9:15:8f:
         7d:37:fb:c7:3c:9f:c1:01:f5:a4:10:30:63:bf:c8:8b:24:dd:
         76:d1:78:7e:98:3d:18:7d:bf:d4:fe:22:d1:31:ea:cc:68:05:
         e0:08:71:f3:7b:fc:c5:7e:67:56:f2:88:e4:1e:e1:6d:89:89:
         dd:a0:b5:ef:3f:2e:1c:42:00:81:bd:ca:a0:79:4f:d2:29:83:
         6e:65:14:98:65:1f:b9:47:b4:89:28:0c:2b:0e:aa:68:59:99:
         6e:22:b8:df:09:e7:9d:0f:b2:75:cd:d7:90:6b:38:8d:3f:7d:
         1a:b0:f0:62:b5:2c:62:04:82:be:1c:64:2c:de:5d:93:f8:83:
         38:42:89:72:6a:7b:2b:c8:d8:9d:11:d1:5d:ae:0c:2c:47:39:
         e1:a3:f0:89:7d:ac:f7:8a:cb:df:da:4d:90:e7:56:57:a4:3d:
         58:c3:a6:a6:25:03:40:62:f2:01:76:34:35:11:f1:a7:36:fe:
         12:fd:1a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hiyA9K0NxW0E45WY00M43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ODZmNGIyMTUwODE1ZWRhNzgzZTdmM2NmYjliN2U1M2Nl
N2Q5N2YwHhcNMjYwNjA3MTAwNTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk4NzBjZWYwMzgzMjYwZmRiMzNjZGRjZTVhOThhZTYzM2Y0NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04pwsmS4h+q1937zSKwtfppHlm60
UqOfJedhpfvv1AiWZ271DVTJMqGM5+imLmVdNs8zD6WdUfyDD1ZVNZJ+WO1YQgX9
knpYp6fVrAkXvMsSbA9rA94LoVKpHAjEDYB7+9oW8BIZH96+1kC352+HNfyz8uux
P9dbWyYZDtvV8gqZ5H9AJMGih+dJsTKDKqZxpTbqGZL9n+GgiY1zSMPBazsHzpwx
NEor8NPOvZr1bvSzJkvAEyYuel6dA0htA5XUFvEbcY6RGyLd9b9YEWt/U95vgoMB
A7dW+FTArPSrTQx1lKYYxO4vSefu3VMtRCRgADRKIS7rpZDvNc1bD7PJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCYcM7wODJg/bM83c5amK5jP0SJMB8GA1UdIwQY
MBaAFJiG9LIVCBXtp4Pn88+5t+U859l/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUliMHNoVUlGZTJuZy1meno3bTM1VHpuMlg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81ZTRkN2UtYWMyMS00ZjAyLTk1ODEt
ZjAwZDkyZGMwN2I4LzEvY0pod3p2QTRNbUQ5c3p6ZHpscVlybU1fUklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81ZTRkN2UtYWMyMS00ZjAyLTk1ODEtZjAwZDkyZGMwN2I4
LzEvbUliMHNoVUlGZTJuZy1meno3bTM1VHpuMlg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudOsMA0G
CSqGSIb3DQEBCwUAA4IBAQBaskwwt1wGt1Ebx3lw5wOw05Y7jkevlcg6YdhN++iV
/BBnl0mlJYt/BKudXtcZthI1vtrkMJ0DtLsNF247paN9l56qEdPJFY99N/vHPJ/B
AfWkEDBjv8iLJN120Xh+mD0Yfb/U/iLRMerMaAXgCHHze/zFfmdW8ojkHuFtiYnd
oLXvPy4cQgCBvcqgeU/SKYNuZRSYZR+5R7SJKAwrDqpoWZluIrjfCeedD7J1zdeQ
aziNP30asPBitSxiBIK+HGQs3l2T+IM4QolyansryNidEdFdrgwsRznho/CJfaz3
isvf2k2Q51ZXpD1Yw6amJQNAYvIBdjQ1EfGnNv4S/Rqx
-----END CERTIFICATE-----