Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/wKFjWYTMPtrlK-c49_r01lazux4.roa
File:                     wKFjWYTMPtrlK-c49_r01lazux4.roa (raw, json)
Hash identifier:          AjjqYm+l9OOwd9NCFpN4Uf4cEvsbCyWIxuOKPKNz6YQ=
Subject key identifier:   C0:A1:63:59:84:CC:3E:DA:E5:2B:E7:38:F7:FA:F4:D6:56:B3:BB:1E
Certificate issuer:       /CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
Certificate serial:       019D5E32E184B0655F6DAA9514E9942127D2
Authority key identifier: 80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/wKFjWYTMPtrlK-c49_r01lazux4.roa
Signing time:             Sun 05 Apr 2026 15:11:25 +0000
ROA not before:           Sun 05 Apr 2026 15:11:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211881
IP address blocks:        185.141.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:32:e1:84:b0:65:5f:6d:aa:95:14:e9:94:21:27:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
        Validity
            Not Before: Apr  5 15:11:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0a1635984cc3edae52be738f7faf4d656b3bb1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:19:84:20:ba:d2:e8:6a:27:76:81:59:36:90:
                    cb:4f:d9:9e:7f:18:d9:99:88:4d:bf:86:0c:af:64:
                    d2:82:fa:d9:61:63:a1:a4:0a:0d:8c:b6:57:ff:01:
                    24:6d:f4:9c:66:a7:4e:94:d7:33:b1:b7:ee:86:33:
                    5e:77:18:6f:fe:07:8e:1e:af:9d:0c:6d:01:70:ad:
                    df:f2:cb:ce:a7:f6:2e:80:1f:f8:4d:31:28:b7:ca:
                    ef:0f:87:4e:8d:72:d3:48:cd:19:f8:6e:b7:e4:4c:
                    cb:65:7e:3d:a1:0f:88:b9:cb:dd:87:f3:4f:8b:a8:
                    2e:e2:68:42:0e:d2:6f:cb:a1:8c:0c:d9:a5:2a:30:
                    41:86:eb:34:f9:48:1e:0e:50:69:94:93:da:74:bf:
                    fd:67:b4:a6:98:06:f5:12:2e:05:17:ca:68:c2:df:
                    d6:f4:63:92:95:4b:32:01:01:91:f8:64:af:b4:69:
                    7d:c3:6a:36:41:e4:37:d4:23:39:d5:6b:8e:01:5c:
                    76:51:a6:f3:4a:e3:7d:da:65:f5:8d:65:24:cd:67:
                    26:97:25:04:ba:4d:6b:9b:3a:94:3a:26:b7:5e:04:
                    98:a0:57:a2:8c:60:c9:2d:66:ea:42:58:d7:2f:f1:
                    87:7e:5e:c7:9f:3b:04:13:9c:b3:a3:d8:db:de:4d:
                    e0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A1:63:59:84:CC:3E:DA:E5:2B:E7:38:F7:FA:F4:D6:56:B3:BB:1E
            X509v3 Authority Key Identifier:
                keyid:80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/wKFjWYTMPtrlK-c49_r01lazux4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a4:fa:1f:0e:42:ac:65:55:d2:91:52:4e:38:83:4e:82:7d:
         f4:fa:6b:ce:c0:f9:64:bb:5e:de:49:17:93:3e:5f:cb:b7:9e:
         6a:47:e2:f7:0f:5e:4b:80:bc:47:a9:37:4f:05:4b:6d:a6:c3:
         c0:23:81:86:4c:41:2c:b9:24:3d:99:c6:f8:99:8f:0e:5f:2e:
         68:49:c0:61:fd:33:05:a7:b2:91:e1:af:3f:58:18:d0:55:5c:
         53:e0:70:31:4c:7c:16:33:61:d8:40:2f:ca:73:37:a6:f7:17:
         73:00:a1:31:61:46:ef:fd:69:02:77:cf:aa:25:bb:ca:c5:a9:
         e5:cd:3a:50:fa:2c:7a:7f:9c:7e:cf:94:86:5e:2d:09:59:de:
         c1:73:8c:ac:0a:40:9f:52:57:b5:3f:79:24:c1:e1:54:b4:1b:
         a9:89:5c:70:48:58:0a:9e:42:71:f3:c7:dc:78:c0:b1:34:2c:
         f6:1a:a7:97:76:e4:ce:e4:ef:76:b6:c3:0f:2f:20:56:b9:96:
         c7:1a:3c:c9:39:a8:0a:53:d8:28:cd:ba:17:b9:23:1a:12:e2:
         0f:eb:b0:11:4c:81:a1:05:e2:94:07:2f:18:a1:b5:63:f9:b5:
         18:fc:35:14:ee:2c:08:c7:d8:d4:29:91:9c:3c:4e:b2:9f:0a:
         c5:ee:4b:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1eMuGEsGVfbaqVFOmUISfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWQ4YzUyMGJiOTY3NzQ2MWRkYzRlYzA5Yjc2ZDczM2I3
ZDgzNzAwHhcNMjYwNDA1MTUxMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGExNjM1OTg0Y2MzZWRhZTUyYmU3MzhmN2ZhZjRkNjU2YjNiYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BmEILrS6GondoFZNpDLT9mefxjZ
mYhNv4YMr2TSgvrZYWOhpAoNjLZX/wEkbfScZqdOlNczsbfuhjNedxhv/geOHq+d
DG0BcK3f8svOp/YugB/4TTEot8rvD4dOjXLTSM0Z+G635EzLZX49oQ+Iucvdh/NP
i6gu4mhCDtJvy6GMDNmlKjBBhus0+UgeDlBplJPadL/9Z7SmmAb1Ei4FF8powt/W
9GOSlUsyAQGR+GSvtGl9w2o2QeQ31CM51WuOAVx2UabzSuN92mX1jWUkzWcmlyUE
uk1rmzqUOia3XgSYoFeijGDJLWbqQljXL/GHfl7HnzsEE5yzo9jb3k3gBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMChY1mEzD7a5SvnOPf69NZWs7seMB8GA1UdIwQY
MBaAFICtjFILuWd0Yd3E7Am3bXM7fYNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEt
YzYxNzUxYzZiMTk1LzEvd0tGaldZVE1QdHJsSy1jNDlfcjAxbGF6dXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEtYzYxNzUxYzZiMTk1
LzEvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY0mMA0G
CSqGSIb3DQEBCwUAA4IBAQCjpPofDkKsZVXSkVJOOINOgn30+mvOwPlku17eSReT
Pl/Lt55qR+L3D15LgLxHqTdPBUttpsPAI4GGTEEsuSQ9mcb4mY8OXy5oScBh/TMF
p7KR4a8/WBjQVVxT4HAxTHwWM2HYQC/Kczem9xdzAKExYUbv/WkCd8+qJbvKxanl
zTpQ+ix6f5x+z5SGXi0JWd7Bc4ysCkCfUle1P3kkweFUtBupiVxwSFgKnkJx88fc
eMCxNCz2GqeXduTO5O92tsMPLyBWuZbHGjzJOagKU9gozboXuSMaEuIP67ARTIGh
BeKUBy8YobVj+bUY/DUU7iwIx9jUKZGcPE6ynwrF7ktM
-----END CERTIFICATE-----