Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/flb4_Z26MILh3NOfnXftL8ULo-g.roa
File:                     flb4_Z26MILh3NOfnXftL8ULo-g.roa (raw, json)
Hash identifier:          D+Pg2s5ub15r8E8/KyywaP4TOdP+QzaHOzTjFYXfvfU=
Subject key identifier:   7E:56:F8:FD:9D:BA:30:82:E1:DC:D3:9F:9D:77:ED:2F:C5:0B:A3:E8
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019E513436559725C619D167205DF28F8BE9
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/flb4_Z26MILh3NOfnXftL8ULo-g.roa
Signing time:             Fri 22 May 2026 19:40:36 +0000
ROA not before:           Fri 22 May 2026 19:40:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49363
IP address blocks:        185.13.196.0/22 maxlen: 24
                          185.13.196.0/24 maxlen: 24
                          185.13.197.0/24 maxlen: 24
                          185.13.198.0/24 maxlen: 24
                          185.13.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:51:34:36:55:97:25:c6:19:d1:67:20:5d:f2:8f:8b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: May 22 19:40:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e56f8fd9dba3082e1dcd39f9d77ed2fc50ba3e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:3c:86:24:5f:d8:fc:68:0f:4a:9e:9d:c1:41:
                    a6:6d:43:b3:0b:57:8e:ed:d8:1e:d6:85:eb:2d:1b:
                    93:81:eb:07:b9:3c:53:1c:f6:3c:69:d6:4b:08:3c:
                    ba:6c:bf:0a:19:fe:71:04:d5:bd:1e:fa:75:c5:dc:
                    84:99:28:da:68:b8:ac:17:7b:96:79:76:44:cd:29:
                    0d:7f:97:2b:c9:03:95:76:57:11:ac:20:b4:b5:76:
                    18:d3:da:24:50:11:fe:db:99:6b:fc:77:a0:c8:48:
                    9f:e6:5a:ef:56:58:9a:13:fe:0c:22:e8:6c:4b:ab:
                    d1:21:4c:6f:87:0c:d8:35:7d:f8:3a:3a:a7:d6:8e:
                    1c:8a:ea:96:19:72:2c:ff:db:b0:1a:0b:d9:21:60:
                    28:02:02:81:a7:5e:e5:ef:dc:d6:03:c6:84:06:5a:
                    0e:da:cd:2c:4e:25:ae:8c:1b:57:6e:56:c5:b9:2f:
                    a0:10:b6:9c:35:b5:8c:e3:a2:f6:d5:23:32:df:44:
                    7c:79:9f:7d:2c:4f:1a:75:ca:73:b6:f1:6f:fd:93:
                    e4:62:38:f0:a1:42:ee:41:d1:85:a7:a0:d5:00:b4:
                    87:fe:53:19:4b:c7:ab:64:f4:06:5a:05:48:3c:03:
                    da:6f:de:05:3c:d5:cb:75:db:6f:cb:b2:4b:da:28:
                    0c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:56:F8:FD:9D:BA:30:82:E1:DC:D3:9F:9D:77:ED:2F:C5:0B:A3:E8
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/flb4_Z26MILh3NOfnXftL8ULo-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:16:c6:76:df:e7:cc:e4:d8:7d:2e:c4:92:f5:d0:87:df:bf:
         9b:5c:69:ba:28:5e:9d:6b:26:1f:da:42:58:78:96:cb:7b:39:
         fb:d1:8f:81:94:38:06:3f:14:c6:5a:18:2a:8a:fb:b0:28:7f:
         ad:ab:e7:ca:a7:f7:ec:75:e7:48:17:45:58:45:c1:6e:15:83:
         c7:db:fa:9d:5f:85:f9:bd:7d:47:ea:99:a9:27:6b:62:1b:8f:
         d0:49:f5:06:50:8c:da:fe:88:5b:92:8f:3b:e2:01:f6:da:57:
         b0:99:27:cf:1f:76:a5:60:0c:73:00:a1:a2:8a:df:6b:4c:44:
         39:42:db:f9:fd:6b:d9:c1:2a:b6:87:66:d7:16:f6:16:3b:1c:
         20:45:7d:70:ff:c1:18:a0:0c:d4:3f:ee:b6:85:47:d6:4c:06:
         19:33:4b:56:fc:e5:a7:3c:07:dc:17:71:98:04:07:1e:07:0f:
         10:da:95:bc:71:db:b6:97:68:4e:23:7c:1f:89:10:86:27:12:
         95:d0:96:ff:93:a2:18:f4:a6:1f:6e:22:e7:91:c1:5c:2b:fe:
         87:64:51:a6:2c:c6:8e:ad:a0:9b:c1:1e:6a:ce:6c:bd:3c:d6:
         06:31:f7:f9:21:48:0f:b4:23:0f:a3:4e:10:1e:83:39:d9:d3:
         56:b9:c9:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5RNDZVlyXGGdFnIF3yj4vpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwNTIyMTk0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTU2ZjhmZDlkYmEzMDgyZTFkY2QzOWY5ZDc3ZWQyZmM1MGJhM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zyGJF/Y/GgPSp6dwUGmbUOzC1eO
7dge1oXrLRuTgesHuTxTHPY8adZLCDy6bL8KGf5xBNW9Hvp1xdyEmSjaaLisF3uW
eXZEzSkNf5cryQOVdlcRrCC0tXYY09okUBH+25lr/HegyEif5lrvVliaE/4MIuhs
S6vRIUxvhwzYNX34Ojqn1o4ciuqWGXIs/9uwGgvZIWAoAgKBp17l79zWA8aEBloO
2s0sTiWujBtXblbFuS+gELacNbWM46L21SMy30R8eZ99LE8adcpztvFv/ZPkYjjw
oULuQdGFp6DVALSH/lMZS8erZPQGWgVIPAPab94FPNXLddtvy7JL2igMPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5W+P2dujCC4dzTn5137S/FC6PoMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvZmxiNF9aMjZNSUxoM05PZm5YZnRMOFVMby1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ3EMA0G
CSqGSIb3DQEBCwUAA4IBAQCOFsZ23+fM5Nh9LsSS9dCH37+bXGm6KF6dayYf2kJY
eJbLezn70Y+BlDgGPxTGWhgqivuwKH+tq+fKp/fsdedIF0VYRcFuFYPH2/qdX4X5
vX1H6pmpJ2tiG4/QSfUGUIza/ohbko874gH22lewmSfPH3alYAxzAKGiit9rTEQ5
Qtv5/WvZwSq2h2bXFvYWOxwgRX1w/8EYoAzUP+62hUfWTAYZM0tW/OWnPAfcF3GY
BAceBw8Q2pW8cdu2l2hOI3wfiRCGJxKV0Jb/k6IY9KYfbiLnkcFcK/6HZFGmLMaO
raCbwR5qzmy9PNYGMff5IUgPtCMPo04QHoM52dNWuckJ
-----END CERTIFICATE-----