Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/92BWX1zbWyo4TMOfNb_tzSoWbCY.roa
File:                     92BWX1zbWyo4TMOfNb_tzSoWbCY.roa (raw, json)
Hash identifier:          c0Yuqp+qbpUBM3UZdmZmEFvrAfboFIavdSOeFXW5BoI=
Subject key identifier:   F7:60:56:5F:5C:DB:5B:2A:38:4C:C3:9F:35:BF:ED:CD:2A:16:6C:26
Certificate issuer:       /CN=1e828de71ddd7804573128d26ee45c03901c8013
Certificate serial:       019E8D64727F343585D3A77D6509B1CC4985
Authority key identifier: 1E:82:8D:E7:1D:DD:78:04:57:31:28:D2:6E:E4:5C:03:90:1C:80:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/92BWX1zbWyo4TMOfNb_tzSoWbCY.roa
Signing time:             Wed 03 Jun 2026 12:10:30 +0000
ROA not before:           Wed 03 Jun 2026 12:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28815
IP address blocks:        195.46.40.0/22 maxlen: 22
                          195.46.40.0/24 maxlen: 24
                          195.46.41.0/24 maxlen: 24
                          195.46.42.0/24 maxlen: 24
                          195.46.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:64:72:7f:34:35:85:d3:a7:7d:65:09:b1:cc:49:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e828de71ddd7804573128d26ee45c03901c8013
        Validity
            Not Before: Jun  3 12:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f760565f5cdb5b2a384cc39f35bfedcd2a166c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e7:87:c4:b9:2a:36:db:5d:b8:04:4b:84:df:
                    ed:14:36:61:71:9c:c4:70:14:ac:1e:e8:3c:1a:34:
                    cb:75:18:4c:f5:93:61:1b:a5:94:58:b9:2a:25:c9:
                    47:70:65:c4:63:12:d1:55:1e:a9:29:e5:b0:1f:7f:
                    92:8b:e5:67:8f:df:dd:2a:3d:8c:1c:15:97:ca:fd:
                    8b:ce:d1:72:96:7e:02:d7:c3:2a:82:54:89:1b:99:
                    dd:c2:cc:b6:50:ca:bf:b5:8c:14:70:49:20:36:cd:
                    65:75:fd:41:f6:bf:65:28:24:db:03:0e:c5:d2:ff:
                    b0:aa:8c:57:2e:13:de:b0:c3:74:f8:91:fd:9e:f4:
                    54:7f:d3:62:be:d0:4a:97:f1:20:f2:0a:60:68:5a:
                    aa:1d:6b:f3:0e:b6:6d:e1:5b:2f:1c:0f:00:ba:54:
                    3c:bc:dc:d4:d2:39:06:84:65:a9:ff:47:f4:5e:58:
                    17:b7:df:1b:b0:98:c7:7a:89:e4:06:10:30:cd:00:
                    cc:4e:bd:3e:16:d8:5b:cb:6c:62:2c:ae:27:3a:d1:
                    ef:b9:fd:31:e9:90:87:1d:40:fe:53:6c:1c:f8:ae:
                    fa:ae:33:5e:0f:de:b7:60:a5:93:65:b2:5c:1d:4d:
                    9b:7e:65:8e:2f:fd:27:7f:34:1b:e9:45:e2:28:c2:
                    cd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:60:56:5F:5C:DB:5B:2A:38:4C:C3:9F:35:BF:ED:CD:2A:16:6C:26
            X509v3 Authority Key Identifier:
                keyid:1E:82:8D:E7:1D:DD:78:04:57:31:28:D2:6E:E4:5C:03:90:1C:80:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HoKN5x3deARXMSjSbuRcA5AcgBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/92BWX1zbWyo4TMOfNb_tzSoWbCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/fc1f57-a259-4abc-a627-70c8c70e32b0/1/HoKN5x3deARXMSjSbuRcA5AcgBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.46.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:5e:f8:15:9b:54:53:42:cc:1c:a5:32:c0:51:34:45:d7:11:
         5f:85:2a:4d:49:fb:25:37:3e:72:d1:d8:08:b7:18:15:5a:ab:
         01:9d:83:b9:04:43:1f:4e:c8:19:ea:35:cd:4d:a1:ff:d5:eb:
         54:38:d0:62:bf:15:17:dd:9a:66:15:4f:57:d2:ac:e9:71:58:
         52:64:97:2a:5e:c9:c9:33:5f:ca:83:7b:3a:cf:e9:7f:32:c7:
         f2:d7:09:92:5d:7c:a5:33:33:fa:be:1b:5c:a3:65:7a:db:82:
         26:97:66:0c:c5:fd:c8:11:87:f7:78:c4:1c:06:1b:5e:8c:16:
         70:c9:0e:ff:65:e0:04:02:8a:74:d5:98:5a:c9:8f:d8:37:5e:
         fc:bf:be:2b:6b:82:a4:6e:df:ec:7e:fb:76:84:82:25:9c:ed:
         70:b8:33:b6:21:a4:50:c2:33:9d:b5:53:02:58:cb:eb:03:18:
         7b:59:c6:cd:5e:b2:ab:be:11:c0:b2:53:d5:8c:4d:c7:40:03:
         44:2e:10:e2:dc:af:54:e8:64:5b:ea:fd:06:ed:8d:a8:8a:19:
         90:2a:4e:df:e2:39:dc:95:b5:cc:53:73:65:63:9b:61:81:cb:
         cb:ea:ab:b5:ef:1c:7f:71:bc:32:d6:92:c8:79:15:1f:cf:0c:
         66:e7:a1:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NZHJ/NDWF06d9ZQmxzEmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlODI4ZGU3MWRkZDc4MDQ1NzMxMjhkMjZlZTQ1YzAzOTAx
YzgwMTMwHhcNMjYwNjAzMTIxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYwNTY1ZjVjZGI1YjJhMzg0Y2MzOWYzNWJmZWRjZDJhMTY2YzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreeHxLkqNttduARLhN/tFDZhcZzE
cBSsHug8GjTLdRhM9ZNhG6WUWLkqJclHcGXEYxLRVR6pKeWwH3+Si+Vnj9/dKj2M
HBWXyv2LztFyln4C18MqglSJG5ndwsy2UMq/tYwUcEkgNs1ldf1B9r9lKCTbAw7F
0v+wqoxXLhPesMN0+JH9nvRUf9NivtBKl/Eg8gpgaFqqHWvzDrZt4VsvHA8AulQ8
vNzU0jkGhGWp/0f0XlgXt98bsJjHeonkBhAwzQDMTr0+Fthby2xiLK4nOtHvuf0x
6ZCHHUD+U2wc+K76rjNeD963YKWTZbJcHU2bfmWOL/0nfzQb6UXiKMLNmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdgVl9c21sqOEzDnzW/7c0qFmwmMB8GA1UdIwQY
MBaAFB6Cjecd3XgEVzEo0m7kXAOQHIATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG9LTjV4M2RlQVJYTVNqU2J1UmNBNUFjZ0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9mYzFmNTctYTI1OS00YWJjLWE2Mjct
NzBjOGM3MGUzMmIwLzEvOTJCV1gxemJXeW80VE1PZk5iX3R6U29XYkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9mYzFmNTctYTI1OS00YWJjLWE2MjctNzBjOGM3MGUzMmIw
LzEvSG9LTjV4M2RlQVJYTVNqU2J1UmNBNUFjZ0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwy4oMA0G
CSqGSIb3DQEBCwUAA4IBAQAzXvgVm1RTQswcpTLAUTRF1xFfhSpNSfslNz5y0dgI
txgVWqsBnYO5BEMfTsgZ6jXNTaH/1etUONBivxUX3ZpmFU9X0qzpcVhSZJcqXsnJ
M1/Kg3s6z+l/Msfy1wmSXXylMzP6vhtco2V624Iml2YMxf3IEYf3eMQcBhtejBZw
yQ7/ZeAEAop01ZhayY/YN178v74ra4Kkbt/sfvt2hIIlnO1wuDO2IaRQwjOdtVMC
WMvrAxh7WcbNXrKrvhHAslPVjE3HQANELhDi3K9U6GRb6v0G7Y2oihmQKk7f4jnc
lbXMU3NlY5thgcvL6qu17xx/cbwy1pLIeRUfzwxm56E/
-----END CERTIFICATE-----