Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/vJhNlVGEOqt62O7qKLNZlKOkV2E.roa
File:                     vJhNlVGEOqt62O7qKLNZlKOkV2E.roa (raw, json)
Hash identifier:          vxe0fpafenzv20ey994TinkdFVMQ2iHqB7Wpl/T7swA=
Subject key identifier:   BC:98:4D:95:51:84:3A:AB:7A:D8:EE:EA:28:B3:59:94:A3:A4:57:61
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019E9360BB0F22930FD4347D7053920E098C
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/vJhNlVGEOqt62O7qKLNZlKOkV2E.roa
Signing time:             Thu 04 Jun 2026 16:04:10 +0000
ROA not before:           Thu 04 Jun 2026 16:04:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210162
IP address blocks:        85.208.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:60:bb:0f:22:93:0f:d4:34:7d:70:53:92:0e:09:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun  4 16:04:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc984d9551843aab7ad8eeea28b35994a3a45761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:57:6a:f3:3c:94:3e:d2:46:a4:25:71:0d:7f:
                    48:2f:7e:53:2e:6b:5d:ba:7a:56:00:f0:dc:3f:2c:
                    16:9d:a5:b1:20:ef:e4:e7:08:80:e1:69:bd:8f:e6:
                    0d:cd:af:f9:1c:d0:69:c4:f1:02:7f:f0:90:d2:77:
                    74:cf:e4:97:b8:2b:0c:4a:f4:0f:2e:41:2d:ba:6c:
                    40:b8:d8:67:54:24:50:bb:ea:28:f9:8d:e4:ef:42:
                    92:56:8d:71:2a:26:ce:7d:4a:ee:90:a3:a7:39:5a:
                    d9:d8:6b:87:a0:35:4b:3c:d3:06:8c:6b:b7:aa:b3:
                    84:4e:23:43:af:b7:15:28:69:48:e7:a6:c1:d7:6c:
                    53:3d:7d:33:ca:b4:3a:ea:9a:90:7c:f4:da:17:38:
                    d5:5a:e8:88:75:25:9a:87:8b:d8:e6:b2:c7:3f:77:
                    25:b6:cc:e2:71:d2:a0:5b:3c:43:9a:b4:00:75:a6:
                    7d:e4:ad:d8:aa:c6:73:d1:e7:22:e2:08:5b:b4:1e:
                    dc:50:e2:a6:4b:61:b0:f7:eb:b5:cd:db:c2:e9:79:
                    ae:a0:cb:86:85:f0:28:7b:d5:7f:de:10:39:74:c8:
                    49:30:51:50:ef:44:95:1f:e3:fe:7f:99:eb:6d:c8:
                    a6:0d:b2:15:6a:71:83:ce:5c:69:1a:18:5f:0d:dd:
                    53:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:98:4D:95:51:84:3A:AB:7A:D8:EE:EA:28:B3:59:94:A3:A4:57:61
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/vJhNlVGEOqt62O7qKLNZlKOkV2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:f0:11:0d:29:ef:4f:17:31:fd:15:a2:04:13:b7:57:3b:b0:
         88:09:28:38:0b:d5:60:a6:5b:b7:96:6f:ad:0b:3f:b9:02:10:
         25:c7:6e:e0:d0:57:fb:5c:95:d2:74:47:86:2f:81:28:d6:e1:
         44:eb:8a:3b:14:e0:c5:27:4f:ae:40:bd:a9:a3:f9:c7:da:d1:
         b3:86:09:b5:19:b5:1f:e7:5a:49:4e:fd:95:3e:02:3e:be:f4:
         a5:10:e0:59:87:9d:2d:d0:80:23:e4:c4:a2:b4:c8:07:df:5c:
         f6:4d:7a:39:6d:84:08:e0:3b:11:ce:ff:77:3d:2b:ec:02:91:
         52:a3:28:34:28:45:02:05:01:8c:c7:98:0a:5e:10:0e:a4:b3:
         28:3d:fb:65:40:86:2a:9f:e5:ff:29:56:a1:46:81:20:02:30:
         5d:33:50:a0:a8:d1:0c:69:3e:7c:7e:f4:b2:fe:e8:74:06:58:
         81:96:22:5f:f9:9c:03:a2:93:a1:69:ac:5f:48:74:05:b0:e8:
         a7:73:9c:d7:35:d5:ad:cb:35:0d:5d:54:33:cd:8f:4e:29:3a:
         47:77:a6:42:f7:65:39:12:e0:df:09:89:45:2c:eb:ab:15:c3:
         3a:f8:a9:66:98:66:9f:6e:74:ce:ca:dd:8d:64:cf:e9:87:f1:
         b1:b6:b3:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6TYLsPIpMP1DR9cFOSDgmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNjA0MTYwNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzk4NGQ5NTUxODQzYWFiN2FkOGVlZWEyOGIzNTk5NGEzYTQ1NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAildq8zyUPtJGpCVxDX9IL35TLmtd
unpWAPDcPywWnaWxIO/k5wiA4Wm9j+YNza/5HNBpxPECf/CQ0nd0z+SXuCsMSvQP
LkEtumxAuNhnVCRQu+oo+Y3k70KSVo1xKibOfUrukKOnOVrZ2GuHoDVLPNMGjGu3
qrOETiNDr7cVKGlI56bB12xTPX0zyrQ66pqQfPTaFzjVWuiIdSWah4vY5rLHP3cl
tszicdKgWzxDmrQAdaZ95K3YqsZz0eci4ghbtB7cUOKmS2Gw9+u1zdvC6XmuoMuG
hfAoe9V/3hA5dMhJMFFQ70SVH+P+f5nrbcimDbIVanGDzlxpGhhfDd1T7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyYTZVRhDqretju6iizWZSjpFdhMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdkpoTmxWR0VPcXQ2Mk83cUtMTlpsS09rVjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBxMA0G
CSqGSIb3DQEBCwUAA4IBAQDJ8BENKe9PFzH9FaIEE7dXO7CICSg4C9Vgplu3lm+t
Cz+5AhAlx27g0Ff7XJXSdEeGL4Eo1uFE64o7FODFJ0+uQL2po/nH2tGzhgm1GbUf
51pJTv2VPgI+vvSlEOBZh50t0IAj5MSitMgH31z2TXo5bYQI4DsRzv93PSvsApFS
oyg0KEUCBQGMx5gKXhAOpLMoPftlQIYqn+X/KVahRoEgAjBdM1CgqNEMaT58fvSy
/uh0BliBliJf+ZwDopOhaaxfSHQFsOinc5zXNdWtyzUNXVQzzY9OKTpHd6ZC92U5
EuDfCYlFLOurFcM6+KlmmGafbnTOyt2NZM/ph/GxtrOV
-----END CERTIFICATE-----