Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/_dwzv5Ey8XaE9AcCY-HFERqij1Y.roa
File:                     _dwzv5Ey8XaE9AcCY-HFERqij1Y.roa (raw, json)
Hash identifier:          pkz7s54HMaWa/m7OAUVXoQxyBJfFcSo4KSPSlKnpCQ0=
Subject key identifier:   FD:DC:33:BF:91:32:F1:76:84:F4:07:02:63:E1:C5:11:1A:A2:8F:56
Certificate issuer:       /CN=2c4344722645da25ece3b17c7a83762ed42dda52
Certificate serial:       019B77C693A78C09447B95FD9A1040AB0AE6
Authority key identifier: 2C:43:44:72:26:45:DA:25:EC:E3:B1:7C:7A:83:76:2E:D4:2D:DA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/_dwzv5Ey8XaE9AcCY-HFERqij1Y.roa
Signing time:             Thu 01 Jan 2026 04:17:41 +0000
ROA not before:           Thu 01 Jan 2026 04:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202078
IP address blocks:        185.54.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:93:a7:8c:09:44:7b:95:fd:9a:10:40:ab:0a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c4344722645da25ece3b17c7a83762ed42dda52
        Validity
            Not Before: Jan  1 04:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fddc33bf9132f17684f4070263e1c5111aa28f56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6b:b1:99:1f:d9:2b:4f:08:6f:bd:68:5a:1a:
                    ff:ba:5d:a7:29:62:2f:10:ed:bb:11:f6:74:47:8e:
                    8e:ac:2a:95:10:7d:a5:f0:e8:09:a7:5e:72:96:bd:
                    6f:a0:90:09:f8:ff:17:af:25:e9:c6:80:4c:94:94:
                    56:3e:72:b2:68:00:c7:d0:39:a8:18:c5:57:aa:ab:
                    81:7f:46:b6:a5:4c:38:b7:fa:52:af:aa:14:b9:45:
                    2f:39:42:b9:8d:6b:7e:67:90:21:68:8d:bd:d4:61:
                    8b:84:49:f4:93:dc:3a:b6:e7:9e:b0:31:65:ec:86:
                    a1:ba:8e:4a:cf:53:68:92:51:9b:df:b3:57:40:13:
                    96:bd:6e:55:2d:49:44:9c:2c:eb:06:f9:58:17:4b:
                    36:f4:f5:80:af:c8:46:34:ac:17:73:ba:99:1a:43:
                    ed:44:c4:99:bf:97:2b:df:c8:34:7a:9f:06:a2:9c:
                    95:16:12:15:59:76:c6:8b:90:91:59:bf:ac:b5:e4:
                    bb:50:1b:5d:d2:ad:6d:ed:6b:3c:0c:e3:e8:47:5f:
                    7d:22:be:79:a7:56:97:45:bf:93:8e:26:12:f6:dc:
                    88:71:0a:57:32:c1:07:64:79:3c:2d:81:87:3f:84:
                    3b:08:b2:0e:d6:8d:ad:ac:e7:6c:23:c3:b3:1a:66:
                    c5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DC:33:BF:91:32:F1:76:84:F4:07:02:63:E1:C5:11:1A:A2:8F:56
            X509v3 Authority Key Identifier:
                keyid:2C:43:44:72:26:45:DA:25:EC:E3:B1:7C:7A:83:76:2E:D4:2D:DA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/_dwzv5Ey8XaE9AcCY-HFERqij1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:ad:3b:c0:ae:0a:bf:fc:18:21:13:fa:f9:b1:a3:18:87:bf:
         1a:0d:52:67:cd:96:3a:fd:5e:4d:5e:dd:51:ac:f1:16:b5:c0:
         91:bc:9f:02:84:ba:0f:10:c8:0b:9b:57:fa:88:c9:d8:a4:62:
         e2:be:f1:68:dd:12:ae:04:17:09:08:a8:e6:42:a0:48:78:13:
         dd:23:c5:38:03:a1:07:c1:12:22:ec:03:07:22:81:94:f2:39:
         ac:de:62:d3:b5:b6:6e:94:6a:83:bb:95:e9:c6:84:5b:1a:94:
         25:7c:62:32:f1:ee:80:bc:ab:78:f3:3d:f4:b5:54:94:fd:2a:
         04:bd:ff:e3:74:20:08:c0:76:04:ef:38:e1:a6:74:fd:f0:95:
         3b:34:c9:af:28:5d:f5:bf:5c:28:53:cb:25:65:57:53:79:d8:
         11:26:ee:9f:1d:33:99:0e:17:b0:03:75:44:6e:28:70:17:c0:
         9b:18:2f:15:25:38:98:92:6a:50:ae:61:c8:d6:5f:dc:29:a7:
         6a:e4:56:f0:bc:47:a8:58:c4:e1:b6:df:5f:55:7c:a2:13:0e:
         e0:da:58:ed:13:b1:84:b2:76:f9:64:21:3d:76:b1:c7:1f:49:
         de:ac:a7:08:55:36:00:57:b3:ea:dd:81:75:9a:b4:26:aa:92:
         d0:19:c2:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpOnjAlEe5X9mhBAqwrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNDM0NDcyMjY0NWRhMjVlY2UzYjE3YzdhODM3NjJlZDQy
ZGRhNTIwHhcNMjYwMTAxMDQxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRjMzNiZjkxMzJmMTc2ODRmNDA3MDI2M2UxYzUxMTFhYTI4ZjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmuxmR/ZK08Ib71oWhr/ul2nKWIv
EO27EfZ0R46OrCqVEH2l8OgJp15ylr1voJAJ+P8XryXpxoBMlJRWPnKyaADH0Dmo
GMVXqquBf0a2pUw4t/pSr6oUuUUvOUK5jWt+Z5AhaI291GGLhEn0k9w6tueesDFl
7Iahuo5Kz1NoklGb37NXQBOWvW5VLUlEnCzrBvlYF0s29PWAr8hGNKwXc7qZGkPt
RMSZv5cr38g0ep8GopyVFhIVWXbGi5CRWb+steS7UBtd0q1t7Ws8DOPoR199Ir55
p1aXRb+TjiYS9tyIcQpXMsEHZHk8LYGHP4Q7CLIO1o2trOdsI8OzGmbFAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3cM7+RMvF2hPQHAmPhxREaoo9WMB8GA1UdIwQY
MBaAFCxDRHImRdol7OOxfHqDdi7ULdpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEVORWNpWkYyaVhzNDdGOGVvTjJMdFF0MmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jMzVkY2QtMzEwMy00ZWEwLWE4YzUt
ODY2ZjFkMjMyN2FhLzEvX2R3enY1RXk4WGFFOUFjQ1ktSEZFUnFpajFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jMzVkY2QtMzEwMy00ZWEwLWE4YzUtODY2ZjFkMjMyN2Fh
LzEvTEVORWNpWkYyaVhzNDdGOGVvTjJMdFF0MmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTYoMA0G
CSqGSIb3DQEBCwUAA4IBAQBerTvArgq//BghE/r5saMYh78aDVJnzZY6/V5NXt1R
rPEWtcCRvJ8ChLoPEMgLm1f6iMnYpGLivvFo3RKuBBcJCKjmQqBIeBPdI8U4A6EH
wRIi7AMHIoGU8jms3mLTtbZulGqDu5XpxoRbGpQlfGIy8e6AvKt48z30tVSU/SoE
vf/jdCAIwHYE7zjhpnT98JU7NMmvKF31v1woU8slZVdTedgRJu6fHTOZDhewA3VE
bihwF8CbGC8VJTiYkmpQrmHI1l/cKadq5FbwvEeoWMThtt9fVXyiEw7g2ljtE7GE
snb5ZCE9drHHH0nerKcIVTYAV7Pq3YF1mrQmqpLQGcJv
-----END CERTIFICATE-----