Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/iNIfTEbRurk2_KSbD6u4EIHoS34.roa
File:                     iNIfTEbRurk2_KSbD6u4EIHoS34.roa (raw, json)
Hash identifier:          VWcmonHA25zoE8Zz7o/5jtf2xZbxn37/k47tEhrM/z4=
Subject key identifier:   88:D2:1F:4C:46:D1:BA:B9:36:FC:A4:9B:0F:AB:B8:10:81:E8:4B:7E
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019ED3C61D6EE50A385E0A89F658E6318DAF
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/iNIfTEbRurk2_KSbD6u4EIHoS34.roa
Signing time:             Wed 17 Jun 2026 04:10:36 +0000
ROA not before:           Wed 17 Jun 2026 04:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141933
IP address blocks:        185.92.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 04:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d3:c6:1d:6e:e5:0a:38:5e:0a:89:f6:58:e6:31:8d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jun 17 04:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88d21f4c46d1bab936fca49b0fabb81081e84b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f3:a2:9e:3a:e3:57:42:4e:82:f1:b3:df:54:
                    a7:f1:3d:ef:e8:a0:1a:60:ff:09:39:cf:17:11:f2:
                    fb:f6:33:29:e1:bb:0a:39:0b:9d:45:83:d4:61:30:
                    af:c1:92:a8:87:58:9b:a3:09:a7:d4:40:dd:ac:71:
                    d8:8e:42:19:90:a3:6e:2c:48:77:cc:d5:04:83:f0:
                    df:bb:9d:bf:df:47:b2:4a:03:a5:c3:86:8c:79:e0:
                    46:e2:b2:63:e7:59:83:74:44:13:d3:a7:4c:ba:0b:
                    6e:4c:b7:e3:39:58:aa:aa:8c:d7:31:73:26:83:70:
                    17:8b:2a:50:e4:66:37:b4:2e:30:29:7c:19:17:4d:
                    ad:b8:d6:74:fe:c7:d4:99:45:51:e9:77:8d:a2:38:
                    19:aa:5b:89:c9:e7:ed:82:fc:13:ec:75:ea:d6:f6:
                    c6:69:76:2a:90:b0:08:13:95:7e:4d:ce:50:06:da:
                    7b:92:40:3d:bf:56:bb:91:ca:34:d4:ba:f1:48:99:
                    37:b0:5d:91:cb:65:0e:5a:a7:12:51:d5:99:6b:08:
                    a0:be:9c:50:00:7f:b1:89:4e:d9:91:51:9e:21:97:
                    0c:30:c0:79:13:21:70:32:11:ed:f4:1d:33:d5:6e:
                    3d:55:6c:73:b2:d6:db:ab:cf:1a:0a:3d:b1:e7:b7:
                    70:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D2:1F:4C:46:D1:BA:B9:36:FC:A4:9B:0F:AB:B8:10:81:E8:4B:7E
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/iNIfTEbRurk2_KSbD6u4EIHoS34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:14:4a:00:52:25:82:18:4b:53:4b:22:a4:dd:7f:e2:93:6e:
         59:52:14:a6:24:7c:69:70:2b:5c:9f:32:d4:b5:09:ca:73:fc:
         90:1b:16:78:e5:ca:56:32:ca:53:32:db:d3:02:a1:9f:5d:f7:
         33:7d:2f:2a:44:59:fa:98:ca:01:a0:63:bd:41:b7:a8:27:4f:
         35:10:ff:55:4f:89:db:b3:79:a9:c6:c8:60:da:d0:ac:07:4e:
         d7:ec:d7:c2:d0:51:64:b1:a3:69:7c:c2:8f:66:53:f0:ec:b2:
         e9:12:43:05:86:50:e5:f7:86:27:71:74:a7:6a:de:d5:03:e5:
         b5:40:e8:bd:4b:c6:3a:2a:cc:5c:fb:c8:09:84:c2:b7:93:b4:
         c8:c9:f0:3e:7f:ba:90:27:86:85:7b:93:49:12:1e:7f:35:f3:
         19:4c:0a:32:08:4e:21:0f:13:f8:ed:75:c9:f5:a6:3a:17:bc:
         a6:f1:84:03:7b:19:55:63:43:db:5a:8f:43:19:e7:80:89:4a:
         9b:a8:4a:db:0e:aa:3e:97:99:c8:bb:d4:2c:ce:03:48:00:64:
         d1:b8:cc:05:ba:fe:84:4d:16:52:77:71:f2:64:ec:d5:c3:38:
         83:d7:00:91:ec:65:ef:d2:87:81:dc:ac:df:52:22:77:11:15:
         8d:94:73:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Txh1u5Qo4XgqJ9ljmMY2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjYwNjE3MDQxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQyMWY0YzQ2ZDFiYWI5MzZmY2E0OWIwZmFiYjgxMDgxZTg0YjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPOinjrjV0JOgvGz31Sn8T3v6KAa
YP8JOc8XEfL79jMp4bsKOQudRYPUYTCvwZKoh1ibowmn1EDdrHHYjkIZkKNuLEh3
zNUEg/Dfu52/30eySgOlw4aMeeBG4rJj51mDdEQT06dMugtuTLfjOViqqozXMXMm
g3AXiypQ5GY3tC4wKXwZF02tuNZ0/sfUmUVR6XeNojgZqluJyeftgvwT7HXq1vbG
aXYqkLAIE5V+Tc5QBtp7kkA9v1a7kco01LrxSJk3sF2Ry2UOWqcSUdWZawigvpxQ
AH+xiU7ZkVGeIZcMMMB5EyFwMhHt9B0z1W49VWxzstbbq88aCj2x57dw+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjSH0xG0bq5Nvykmw+ruBCB6Et+MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvaU5JZlRFYlJ1cmsyX0tTYkQ2dTRFSUhvUzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwtMA0G
CSqGSIb3DQEBCwUAA4IBAQB/FEoAUiWCGEtTSyKk3X/ik25ZUhSmJHxpcCtcnzLU
tQnKc/yQGxZ45cpWMspTMtvTAqGfXfczfS8qRFn6mMoBoGO9QbeoJ081EP9VT4nb
s3mpxshg2tCsB07X7NfC0FFksaNpfMKPZlPw7LLpEkMFhlDl94YncXSnat7VA+W1
QOi9S8Y6Ksxc+8gJhMK3k7TIyfA+f7qQJ4aFe5NJEh5/NfMZTAoyCE4hDxP47XXJ
9aY6F7ym8YQDexlVY0PbWo9DGeeAiUqbqErbDqo+l5nIu9QszgNIAGTRuMwFuv6E
TRZSd3HyZOzVwziD1wCR7GXv0oeB3KzfUiJ3ERWNlHPl
-----END CERTIFICATE-----