Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/wJ7_Xvzpdt1CtacBkZyFEU6Rq8w.roa
File:                     wJ7_Xvzpdt1CtacBkZyFEU6Rq8w.roa (raw, json)
Hash identifier:          mYKkkRY5nHeUPjxezloUDprRN7Wi7BEuCqiUJh2cLUU=
Subject key identifier:   C0:9E:FF:5E:FC:E9:76:DD:42:B5:A7:01:91:9C:85:11:4E:91:AB:CC
Certificate issuer:       /CN=5281b841f12769489d5fd343b72ba44f90c96f32
Certificate serial:       019B7D5CA5A1E448CD2F2F84746E7B5A593E
Authority key identifier: 52:81:B8:41:F1:27:69:48:9D:5F:D3:43:B7:2B:A4:4F:90:C9:6F:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/wJ7_Xvzpdt1CtacBkZyFEU6Rq8w.roa
Signing time:             Fri 02 Jan 2026 06:19:42 +0000
ROA not before:           Fri 02 Jan 2026 06:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44141
IP address blocks:        46.31.40.0/21 maxlen: 21
                          91.198.44.0/24 maxlen: 24
                          185.13.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:a5:a1:e4:48:cd:2f:2f:84:74:6e:7b:5a:59:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5281b841f12769489d5fd343b72ba44f90c96f32
        Validity
            Not Before: Jan  2 06:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c09eff5efce976dd42b5a701919c85114e91abcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:88:21:08:13:97:78:8f:d4:90:1a:1f:11:37:
                    74:d8:90:f1:8b:15:be:26:66:c3:da:8d:67:c0:4d:
                    e0:a0:d8:2b:af:bd:c2:80:e9:df:f4:51:69:23:a1:
                    48:31:93:28:eb:01:e6:93:59:d9:7b:18:bf:9e:14:
                    f2:b5:a3:73:71:22:cf:47:43:c6:74:b7:12:f7:a1:
                    81:f5:21:5d:29:31:6b:4e:5a:eb:a3:22:44:14:e2:
                    c7:cc:96:62:9a:79:f8:e0:7f:78:03:97:65:9c:4f:
                    25:1a:59:86:c6:e7:a4:cc:26:74:00:5e:11:ad:d8:
                    0e:6d:b9:79:90:7a:2a:ec:d8:90:f9:1e:cf:78:84:
                    ac:28:34:91:8b:1b:45:e9:67:62:74:82:41:10:7e:
                    91:01:38:30:53:7c:f5:76:18:53:57:e4:7b:8e:13:
                    61:7c:f8:ee:ad:47:e3:2b:56:2e:e6:0d:7e:f1:0f:
                    d9:57:cc:ca:0c:0f:f8:80:25:51:84:b4:65:41:34:
                    a8:95:bc:1e:d3:3d:08:49:29:71:8a:bd:5f:31:a0:
                    13:c3:4a:f7:52:75:59:ce:10:24:20:ed:52:33:2d:
                    94:11:61:b4:e0:d3:ef:e4:16:79:cb:96:98:64:e2:
                    2f:08:41:29:dd:87:7c:5b:cb:f9:a1:72:4e:d6:78:
                    c1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:9E:FF:5E:FC:E9:76:DD:42:B5:A7:01:91:9C:85:11:4E:91:AB:CC
            X509v3 Authority Key Identifier:
                keyid:52:81:B8:41:F1:27:69:48:9D:5F:D3:43:B7:2B:A4:4F:90:C9:6F:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/wJ7_Xvzpdt1CtacBkZyFEU6Rq8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.40.0/21
                  91.198.44.0/24
                  185.13.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:38:f0:c2:68:1b:e7:b5:45:8e:24:be:3e:d7:ec:4a:fa:28:
         44:1e:4f:d0:40:6c:71:0b:0a:9b:36:35:d9:1b:18:73:49:a7:
         fc:f2:07:6e:2e:d6:c0:e6:54:69:10:e4:a9:44:4e:f6:81:2d:
         9f:e5:53:5e:ed:06:a4:5a:7f:53:a3:61:c6:f8:18:03:e6:69:
         00:32:27:fa:6b:65:22:7f:48:dd:cd:e8:ca:59:29:42:bc:9e:
         85:e3:73:78:cd:3f:ba:60:cc:ab:c0:a4:c7:12:ec:dc:1b:f4:
         46:b8:91:70:e5:eb:0b:9b:7c:ca:cd:11:47:1f:1f:f7:91:85:
         14:fa:d4:14:1d:31:68:55:d2:ef:60:fa:74:57:ea:80:b9:d8:
         d3:cf:03:85:97:b4:3c:7f:03:fb:d0:a2:e0:2b:db:7c:06:7d:
         92:66:4a:9e:93:3f:33:ef:44:7a:68:59:f9:55:90:38:55:a7:
         a7:73:be:24:45:56:0d:05:58:19:33:cf:9b:bb:a7:4b:be:d4:
         f1:8e:3c:1d:35:50:22:27:a8:af:20:91:4c:ee:83:36:f5:39:
         1d:59:83:3d:e2:80:80:fe:95:60:67:73:d7:dd:9c:d0:2d:0f:
         1d:3f:70:cf:cf:82:d0:a5:9e:41:1f:e3:4e:62:50:60:91:dc:
         ef:5e:3e:8b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt9XKWh5EjNLy+EdG57Wlk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyODFiODQxZjEyNzY5NDg5ZDVmZDM0M2I3MmJhNDRmOTBj
OTZmMzIwHhcNMjYwMTAyMDYxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDllZmY1ZWZjZTk3NmRkNDJiNWE3MDE5MTljODUxMTRlOTFhYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4ghCBOXeI/UkBofETd02JDxixW+
JmbD2o1nwE3goNgrr73CgOnf9FFpI6FIMZMo6wHmk1nZexi/nhTytaNzcSLPR0PG
dLcS96GB9SFdKTFrTlrroyJEFOLHzJZimnn44H94A5dlnE8lGlmGxuekzCZ0AF4R
rdgObbl5kHoq7NiQ+R7PeISsKDSRixtF6WdidIJBEH6RATgwU3z1dhhTV+R7jhNh
fPjurUfjK1Yu5g1+8Q/ZV8zKDA/4gCVRhLRlQTSolbwe0z0ISSlxir1fMaATw0r3
UnVZzhAkIO1SMy2UEWG04NPv5BZ5y5aYZOIvCEEp3Yd8W8v5oXJO1njB/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMCe/1786XbdQrWnAZGchRFOkavMMB8GA1UdIwQY
MBaAFFKBuEHxJ2lInV/TQ7crpE+QyW8yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW9HNFFmRW5hVWlkWDlORHR5dWtUNURKYnpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xNDIyNWItYmY5NS00NWM5LThkN2It
ZmMyNWQ0NTVhZjg1LzEvd0o3X1h2enBkdDFDdGFjQmtaeUZFVTZScTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xNDIyNWItYmY5NS00NWM5LThkN2ItZmMyNWQ0NTVhZjg1
LzEvVW9HNFFmRW5hVWlkWDlORHR5dWtUNURKYnpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLh8oAwQA
W8YsAwQCuQ1AMA0GCSqGSIb3DQEBCwUAA4IBAQAIOPDCaBvntUWOJL4+1+xK+ihE
Hk/QQGxxCwqbNjXZGxhzSaf88gduLtbA5lRpEOSpRE72gS2f5VNe7QakWn9To2HG
+BgD5mkAMif6a2Uif0jdzejKWSlCvJ6F43N4zT+6YMyrwKTHEuzcG/RGuJFw5esL
m3zKzRFHHx/3kYUU+tQUHTFoVdLvYPp0V+qAudjTzwOFl7Q8fwP70KLgK9t8Bn2S
Zkqekz8z70R6aFn5VZA4Vaenc74kRVYNBVgZM8+bu6dLvtTxjjwdNVAiJ6ivIJFM
7oM29TkdWYM94oCA/pVgZ3PX3ZzQLQ8dP3DPz4LQpZ5BH+NOYlBgkdzvXj6L
-----END CERTIFICATE-----