Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/wDCZnmWI33VgfRKA1bq6grP7-lg.roa
File:                     wDCZnmWI33VgfRKA1bq6grP7-lg.roa (raw, json)
Hash identifier:          pgV8JHt9oCiPvSmsdBWlSVXXDii3zSNwrmrq5yIIZu4=
Subject key identifier:   C0:30:99:9E:65:88:DF:75:60:7D:12:80:D5:BA:BA:82:B3:FB:FA:58
Certificate issuer:       /CN=20f75069bd56efc5170383ed31cad22464fdf030
Certificate serial:       019E3ECA28E6004203DD9216059A31C793AA
Authority key identifier: 20:F7:50:69:BD:56:EF:C5:17:03:83:ED:31:CA:D2:24:64:FD:F0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/wDCZnmWI33VgfRKA1bq6grP7-lg.roa
Signing time:             Tue 19 May 2026 05:51:36 +0000
ROA not before:           Tue 19 May 2026 05:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50255
IP address blocks:        185.79.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3e:ca:28:e6:00:42:03:dd:92:16:05:9a:31:c7:93:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f75069bd56efc5170383ed31cad22464fdf030
        Validity
            Not Before: May 19 05:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c030999e6588df75607d1280d5baba82b3fbfa58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:6c:db:92:b0:7d:d3:ab:7e:f5:16:7f:34:
                    09:2d:8e:b2:7f:7f:a4:a7:a6:92:4b:b1:e7:6e:b2:
                    59:50:41:d8:b9:dc:97:e8:fa:6b:39:26:53:36:54:
                    5d:04:1b:3b:7a:fc:e9:a0:b1:a2:65:8f:01:3a:57:
                    6f:a4:81:c6:47:75:b8:55:5d:ee:8c:52:38:1a:18:
                    9b:b8:68:78:2d:dd:c8:57:77:39:e7:36:54:b1:bf:
                    86:dd:41:17:46:7e:8f:f0:71:a1:f6:90:44:dd:59:
                    5c:6c:a7:ec:cd:64:c8:6b:cf:9b:ce:0e:7a:fe:66:
                    87:1a:49:09:c2:01:f5:7a:da:c3:af:33:d2:6e:42:
                    ba:93:e6:cf:ff:5e:c9:e5:6d:80:da:d6:0a:34:08:
                    fd:c3:75:b0:80:9d:e9:bd:46:3b:24:1a:54:e7:12:
                    70:fc:c7:f2:d6:f5:62:32:ce:61:90:ce:ac:37:21:
                    b5:f2:df:44:db:bf:98:3f:03:0a:00:80:b5:76:1a:
                    1e:08:60:11:b4:4b:b2:a5:3c:ca:b6:d3:cc:59:46:
                    62:e1:73:b9:e8:42:1a:1d:6b:05:03:26:69:89:de:
                    ec:e9:2d:a5:f0:c4:c8:f5:fa:8d:b2:3c:5d:72:11:
                    4b:ea:35:9d:14:32:76:a3:ea:67:e2:e9:fe:ef:3f:
                    f7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:30:99:9E:65:88:DF:75:60:7D:12:80:D5:BA:BA:82:B3:FB:FA:58
            X509v3 Authority Key Identifier:
                keyid:20:F7:50:69:BD:56:EF:C5:17:03:83:ED:31:CA:D2:24:64:FD:F0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/wDCZnmWI33VgfRKA1bq6grP7-lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:69:bf:02:9a:67:fc:8d:c9:6f:de:4c:0c:5e:46:c3:39:6e:
         e2:0f:13:ea:61:cb:70:6f:d3:37:2a:a3:b1:70:52:76:ca:a3:
         84:86:4d:92:eb:67:21:3a:0e:50:f2:cf:a0:61:b6:b4:3b:de:
         3b:e5:54:12:fc:0e:f0:8f:86:c6:e9:ca:14:4a:11:53:ab:09:
         ae:70:ef:ca:20:45:6f:75:c4:a4:c9:86:7e:4c:6e:bf:91:3e:
         bf:fa:ed:91:e9:ba:a7:ec:b1:c1:bb:74:e7:66:24:88:e2:31:
         f1:99:1c:e5:41:6a:cb:07:eb:a3:bb:c8:a7:e9:35:68:9d:d7:
         81:d1:01:e8:66:30:e1:bc:56:9b:62:60:f7:fc:24:f8:51:25:
         d7:a2:b8:65:0f:66:c4:ab:66:c0:54:fa:7a:6b:02:9e:7e:f5:
         21:35:fd:bd:d5:d6:12:d5:89:ad:4f:66:36:78:bf:1a:34:88:
         1c:78:7f:21:9a:1d:da:da:e0:1a:fd:2e:89:99:a8:c4:8d:86:
         be:ac:71:93:48:1b:25:64:52:7b:b3:1b:84:93:cc:9a:c1:51:
         3e:75:00:4b:c7:a4:ae:36:80:bb:cc:59:3d:88:d4:90:27:4c:
         c2:9e:a1:ef:ff:f6:dc:4e:68:d5:63:ee:49:44:90:4b:ac:49:
         ad:63:4f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4+yijmAEID3ZIWBZoxx5OqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjc1MDY5YmQ1NmVmYzUxNzAzODNlZDMxY2FkMjI0NjRm
ZGYwMzAwHhcNMjYwNTE5MDU1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDMwOTk5ZTY1ODhkZjc1NjA3ZDEyODBkNWJhYmE4MmIzZmJmYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhhs25KwfdOrfvUWfzQJLY6yf3+k
p6aSS7HnbrJZUEHYudyX6PprOSZTNlRdBBs7evzpoLGiZY8BOldvpIHGR3W4VV3u
jFI4GhibuGh4Ld3IV3c55zZUsb+G3UEXRn6P8HGh9pBE3VlcbKfszWTIa8+bzg56
/maHGkkJwgH1etrDrzPSbkK6k+bP/17J5W2A2tYKNAj9w3WwgJ3pvUY7JBpU5xJw
/Mfy1vViMs5hkM6sNyG18t9E27+YPwMKAIC1dhoeCGARtEuypTzKttPMWUZi4XO5
6EIaHWsFAyZpid7s6S2l8MTI9fqNsjxdchFL6jWdFDJ2o+pn4un+7z/3gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAwmZ5liN91YH0SgNW6uoKz+/pYMB8GA1UdIwQY
MBaAFCD3UGm9Vu/FFwOD7THK0iRk/fAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBkUWFiMVc3OFVYQTRQdE1jclNKR1Q5OERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC85NWNkNzAtNTBjZC00NmJkLThlMDYt
Yjk3MDVkN2QzNTc5LzEvd0RDWm5tV0kzM1ZnZlJLQTFicTZnclA3LWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC85NWNkNzAtNTBjZC00NmJkLThlMDYtYjk3MDVkN2QzNTc5
LzEvSVBkUWFiMVc3OFVYQTRQdE1jclNKR1Q5OERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfab8Cmmf8jclv3kwMXkbDOW7iDxPqYctwb9M3KqOx
cFJ2yqOEhk2S62chOg5Q8s+gYba0O9475VQS/A7wj4bG6coUShFTqwmucO/KIEVv
dcSkyYZ+TG6/kT6/+u2R6bqn7LHBu3TnZiSI4jHxmRzlQWrLB+uju8in6TVondeB
0QHoZjDhvFabYmD3/CT4USXXorhlD2bEq2bAVPp6awKefvUhNf291dYS1YmtT2Y2
eL8aNIgceH8hmh3a2uAa/S6JmajEjYa+rHGTSBslZFJ7sxuEk8yawVE+dQBLx6Su
NoC7zFk9iNSQJ0zCnqHv//bcTmjVY+5JRJBLrEmtY090
-----END CERTIFICATE-----