Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/xI2T6u-ogHCh_qmF9fvjI4t2phU.roa
File:                     xI2T6u-ogHCh_qmF9fvjI4t2phU.roa (raw, json)
Hash identifier:          8tqJsupYoAdrcHq1+XtacOJOwfLsGLJVAq+lOhZtBiQ=
Subject key identifier:   C4:8D:93:EA:EF:A8:80:70:A1:FE:A9:85:F5:FB:E3:23:8B:76:A6:15
Certificate issuer:       /CN=2601bb6918bdcc91a41428901eb98ced970f3eee
Certificate serial:       019ED495050C602F11ED8866063C0BD53646
Authority key identifier: 26:01:BB:69:18:BD:CC:91:A4:14:28:90:1E:B9:8C:ED:97:0F:3E:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/xI2T6u-ogHCh_qmF9fvjI4t2phU.roa
Signing time:             Wed 17 Jun 2026 07:56:36 +0000
ROA not before:           Wed 17 Jun 2026 07:56:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219429
IP address blocks:        5.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 07:56:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d4:95:05:0c:60:2f:11:ed:88:66:06:3c:0b:d5:36:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2601bb6918bdcc91a41428901eb98ced970f3eee
        Validity
            Not Before: Jun 17 07:56:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c48d93eaefa88070a1fea985f5fbe3238b76a615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ed:18:45:e9:8b:b8:8f:be:a8:61:88:08:19:
                    1f:e2:a8:5a:a3:d5:1f:99:6d:9f:7d:bb:86:b2:b7:
                    6e:63:01:ec:bf:9a:c1:65:a3:6d:b6:92:d5:9c:05:
                    e8:1c:98:42:59:e6:1b:5e:b3:56:84:43:51:b4:c1:
                    a9:bc:02:aa:11:bb:9b:e5:02:00:d7:8f:94:98:d3:
                    8d:76:d2:5d:1e:78:cd:3c:56:0c:4a:6a:b2:a8:ec:
                    21:52:6c:27:5e:26:b5:14:80:27:04:1e:ae:0d:37:
                    ff:b7:3c:27:cb:99:5f:21:de:c5:7c:17:5d:b6:ff:
                    6c:12:b5:4b:92:d9:ff:6d:62:04:c7:64:ce:a5:de:
                    a1:c0:66:93:8e:44:7b:62:8c:4d:9f:40:3d:02:96:
                    6d:c3:36:4b:1a:39:c3:92:ca:69:78:20:8e:81:c3:
                    54:ec:da:01:51:33:00:2d:45:d2:bb:a6:7c:81:77:
                    6c:33:5f:d4:1e:95:9b:8f:f8:0a:33:a4:1e:b8:de:
                    97:58:f2:ff:05:64:09:81:15:07:47:df:3c:55:c2:
                    a5:b5:41:5e:f1:cb:e4:17:c3:e2:67:a4:ec:c2:59:
                    ad:4c:a8:eb:2e:0b:15:75:45:34:3f:f6:5f:8f:03:
                    c6:82:f9:98:61:7e:85:c8:dc:8e:ec:b9:a8:f7:22:
                    15:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8D:93:EA:EF:A8:80:70:A1:FE:A9:85:F5:FB:E3:23:8B:76:A6:15
            X509v3 Authority Key Identifier:
                keyid:26:01:BB:69:18:BD:CC:91:A4:14:28:90:1E:B9:8C:ED:97:0F:3E:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/xI2T6u-ogHCh_qmF9fvjI4t2phU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8b:a6:ac:fb:4a:61:f5:d2:d7:72:59:12:a8:0d:99:da:b3:
         b0:35:3a:13:24:b6:0a:b5:76:e8:90:1f:c0:25:64:22:92:b8:
         36:5b:ed:ba:0f:95:4e:a2:f0:f6:b0:12:99:ec:99:67:c6:80:
         dd:36:cf:16:a8:f5:e3:2f:35:31:c8:40:42:01:0a:97:c4:0f:
         fa:90:13:38:f8:ef:0a:ea:a6:79:ed:1e:f0:09:f1:78:7b:7f:
         76:2d:cc:2c:c0:f8:2e:41:34:40:c2:fb:56:bb:bb:27:65:b2:
         ef:6b:c8:11:84:60:8d:66:3f:93:59:99:f6:12:63:cd:af:a4:
         4a:1e:4f:36:8e:dc:32:2f:40:68:5b:fb:bb:8e:4b:41:0d:96:
         eb:90:2b:71:34:7d:5e:d0:52:5f:3b:7f:0d:3c:d5:b7:f6:dc:
         f0:03:22:be:bf:d5:85:03:60:bb:a5:b4:a9:8c:97:8e:c2:f2:
         a0:09:dc:06:ee:64:e4:44:ff:f7:87:f4:6b:ba:5c:e6:4a:bb:
         ee:f3:52:04:dd:9f:16:d1:12:a5:23:26:43:db:91:9a:cd:e4:
         91:6d:55:69:04:00:eb:9a:c0:25:48:38:0b:6f:1d:a2:5b:e4:
         b1:b3:ca:16:6d:a8:3a:e3:55:7a:8a:c6:e7:18:e6:94:87:db:
         91:fe:f8:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7UlQUMYC8R7YhmBjwL1TZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MDFiYjY5MThiZGNjOTFhNDE0Mjg5MDFlYjk4Y2VkOTcw
ZjNlZWUwHhcNMjYwNjE3MDc1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhkOTNlYWVmYTg4MDcwYTFmZWE5ODVmNWZiZTMyMzhiNzZhNjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse0YRemLuI++qGGICBkf4qhao9Uf
mW2ffbuGsrduYwHsv5rBZaNttpLVnAXoHJhCWeYbXrNWhENRtMGpvAKqEbub5QIA
14+UmNONdtJdHnjNPFYMSmqyqOwhUmwnXia1FIAnBB6uDTf/tzwny5lfId7FfBdd
tv9sErVLktn/bWIEx2TOpd6hwGaTjkR7YoxNn0A9ApZtwzZLGjnDksppeCCOgcNU
7NoBUTMALUXSu6Z8gXdsM1/UHpWbj/gKM6QeuN6XWPL/BWQJgRUHR988VcKltUFe
8cvkF8PiZ6TswlmtTKjrLgsVdUU0P/ZfjwPGgvmYYX6FyNyO7Lmo9yIVsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSNk+rvqIBwof6phfX74yOLdqYVMB8GA1UdIwQY
MBaAFCYBu2kYvcyRpBQokB65jO2XDz7uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdHN2FSaTl6SkdrRkNpUUhybU03WmNQUHU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80OGJjOGYtMTA2Yi00NGE5LWE1NTgt
ZGZhNjcxMDI0N2FhLzEveEkyVDZ1LW9nSENoX3FtRjlmdmpJNHQycGhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80OGJjOGYtMTA2Yi00NGE5LWE1NTgtZGZhNjcxMDI0N2Fh
LzEvSmdHN2FSaTl6SkdrRkNpUUhybU03WmNQUHU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQBBi6as+0ph9dLXclkSqA2Z2rOwNToTJLYKtXbokB/A
JWQikrg2W+26D5VOovD2sBKZ7JlnxoDdNs8WqPXjLzUxyEBCAQqXxA/6kBM4+O8K
6qZ57R7wCfF4e392LcwswPguQTRAwvtWu7snZbLva8gRhGCNZj+TWZn2EmPNr6RK
Hk82jtwyL0BoW/u7jktBDZbrkCtxNH1e0FJfO38NPNW39tzwAyK+v9WFA2C7pbSp
jJeOwvKgCdwG7mTkRP/3h/RrulzmSrvu81IE3Z8W0RKlIyZD25GazeSRbVVpBADr
msAlSDgLbx2iW+Sxs8oWbag641V6isbnGOaUh9uR/viO
-----END CERTIFICATE-----