Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/vlUmsnf6hFJJ_ExSqkIBAJq54y0.roa
File:                     vlUmsnf6hFJJ_ExSqkIBAJq54y0.roa (raw, json)
Hash identifier:          Lg+/aX3TWQ0Z5VlbPaXH4EbEoo4bdOS3f3c2Bb0++BI=
Subject key identifier:   BE:55:26:B2:77:FA:84:52:49:FC:4C:52:AA:42:01:00:9A:B9:E3:2D
Certificate issuer:       /CN=b085804db153eb724c58557c79359c4408205550
Certificate serial:       019B7E3915E7FE84DD4B0F3E96AA8AB72F87
Authority key identifier: B0:85:80:4D:B1:53:EB:72:4C:58:55:7C:79:35:9C:44:08:20:55:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/vlUmsnf6hFJJ_ExSqkIBAJq54y0.roa
Signing time:             Fri 02 Jan 2026 10:20:28 +0000
ROA not before:           Fri 02 Jan 2026 10:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51171
IP address blocks:        195.54.168.0/23 maxlen: 23
                          195.54.168.0/24 maxlen: 24
                          195.54.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:15:e7:fe:84:dd:4b:0f:3e:96:aa:8a:b7:2f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b085804db153eb724c58557c79359c4408205550
        Validity
            Not Before: Jan  2 10:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be5526b277fa845249fc4c52aa4201009ab9e32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f4:62:c0:02:9c:ad:41:93:5a:2d:ca:98:c2:
                    a7:bd:f0:cb:4a:db:6b:75:54:80:70:a2:f0:8d:3c:
                    e4:e1:e6:d0:26:02:4c:15:30:23:9b:78:f4:89:f5:
                    6b:21:f3:79:52:b7:7a:1c:6a:6f:41:fc:4f:15:b3:
                    9a:da:b2:cb:3b:e3:61:d8:0a:88:63:73:2f:08:14:
                    3c:6e:83:b7:81:1e:0c:03:e9:33:5f:70:fa:56:24:
                    79:38:84:c4:bc:8f:1a:91:f9:75:93:84:ed:8a:f9:
                    02:16:fc:6a:3d:77:0a:f9:f8:da:48:8c:eb:63:04:
                    28:06:be:db:02:61:2a:f1:a7:44:a0:f0:11:8b:f0:
                    4c:a3:53:7c:2c:4c:70:4d:a1:16:3e:22:3a:eb:aa:
                    58:4e:6c:d6:9d:c2:73:df:dd:66:91:4e:c9:a5:9a:
                    78:2c:e6:fb:6d:6c:83:ee:7a:22:88:05:aa:2b:45:
                    49:63:ed:4b:f6:8c:dd:06:15:57:9a:65:ce:8f:1d:
                    f5:98:5c:f2:30:2d:91:04:c6:3b:1e:92:2e:07:66:
                    92:69:c2:cb:ac:b8:af:9b:02:0e:94:90:54:15:ef:
                    c0:d1:81:19:95:85:33:0b:f3:c6:b5:c3:53:23:f4:
                    fe:29:c4:f3:28:3e:4e:b8:f0:b1:3a:0f:bc:6c:cb:
                    2b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:55:26:B2:77:FA:84:52:49:FC:4C:52:AA:42:01:00:9A:B9:E3:2D
            X509v3 Authority Key Identifier:
                keyid:B0:85:80:4D:B1:53:EB:72:4C:58:55:7C:79:35:9C:44:08:20:55:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/vlUmsnf6hFJJ_ExSqkIBAJq54y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:61:14:32:73:95:09:0d:bb:88:3e:27:2e:1f:8e:19:19:de:
         76:83:ff:61:d4:71:3a:63:c9:83:db:98:79:a7:61:04:5a:48:
         1f:b4:98:2f:92:ef:51:c0:08:91:60:0f:30:90:8e:43:a8:b5:
         63:8a:91:7d:fd:35:53:0e:94:8e:cf:16:5e:db:5e:84:81:3b:
         64:69:0e:7a:63:9f:1f:95:06:28:2b:25:5a:f0:cf:25:66:5f:
         52:ca:65:3b:01:ed:b2:55:f7:ad:c4:97:f7:6b:84:02:6d:ed:
         dc:e2:07:dc:30:cc:e0:fa:7b:07:bd:b4:27:74:96:3c:60:e2:
         88:c0:ce:3e:25:97:47:04:3d:6b:90:2e:37:67:3d:20:e4:c1:
         67:06:4b:84:83:91:b5:5a:f2:03:f9:78:ee:30:06:78:ad:86:
         ca:19:39:ea:ed:ff:34:df:08:df:de:ca:3a:f9:b4:bc:cd:b9:
         f3:8c:ad:aa:9e:49:03:f8:40:ad:2b:06:b5:8b:fb:71:0a:4b:
         f0:19:d0:11:b4:ec:33:f4:9e:86:00:6c:ce:3f:66:d3:97:dc:
         a9:5a:37:96:54:08:82:cd:25:2f:58:03:cf:9d:1b:df:18:95:
         11:8c:49:29:77:ac:dc:ac:21:e0:32:1d:01:b2:a9:ba:47:b2:
         fd:4f:c1:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ORXn/oTdSw8+lqqKty+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwODU4MDRkYjE1M2ViNzI0YzU4NTU3Yzc5MzU5YzQ0MDgy
MDU1NTAwHhcNMjYwMTAyMTAyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU1MjZiMjc3ZmE4NDUyNDlmYzRjNTJhYTQyMDEwMDlhYjllMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvRiwAKcrUGTWi3KmMKnvfDLSttr
dVSAcKLwjTzk4ebQJgJMFTAjm3j0ifVrIfN5Urd6HGpvQfxPFbOa2rLLO+Nh2AqI
Y3MvCBQ8boO3gR4MA+kzX3D6ViR5OITEvI8akfl1k4TtivkCFvxqPXcK+fjaSIzr
YwQoBr7bAmEq8adEoPARi/BMo1N8LExwTaEWPiI666pYTmzWncJz391mkU7JpZp4
LOb7bWyD7noiiAWqK0VJY+1L9ozdBhVXmmXOjx31mFzyMC2RBMY7HpIuB2aSacLL
rLivmwIOlJBUFe/A0YEZlYUzC/PGtcNTI/T+KcTzKD5OuPCxOg+8bMsrywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5VJrJ3+oRSSfxMUqpCAQCaueMtMB8GA1UdIwQY
MBaAFLCFgE2xU+tyTFhVfHk1nEQIIFVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lXQVRiRlQ2M0pNV0ZWOGVUV2NSQWdnVlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yOWFhOTYtMTIzZi00MGVhLTk1ZDUt
ZDI1YjdjYTNkYjg5LzEvdmxVbXNuZjZoRkpKX0V4U3FrSUJBSnE1NHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yOWFhOTYtMTIzZi00MGVhLTk1ZDUtZDI1YjdjYTNkYjg5
LzEvc0lXQVRiRlQ2M0pNV0ZWOGVUV2NSQWdnVlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBiYRQyc5UJDbuIPicuH44ZGd52g/9h1HE6Y8mD25h5
p2EEWkgftJgvku9RwAiRYA8wkI5DqLVjipF9/TVTDpSOzxZe216EgTtkaQ56Y58f
lQYoKyVa8M8lZl9SymU7Ae2yVfetxJf3a4QCbe3c4gfcMMzg+nsHvbQndJY8YOKI
wM4+JZdHBD1rkC43Zz0g5MFnBkuEg5G1WvID+XjuMAZ4rYbKGTnq7f803wjf3so6
+bS8zbnzjK2qnkkD+ECtKwa1i/txCkvwGdARtOwz9J6GAGzOP2bTl9ypWjeWVAiC
zSUvWAPPnRvfGJURjEkpd6zcrCHgMh0Bsqm6R7L9T8EI
-----END CERTIFICATE-----