Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/3L8-SFiTWU4fVJqNJH9oAV2l1y4.roa
File:                     3L8-SFiTWU4fVJqNJH9oAV2l1y4.roa (raw, json)
Hash identifier:          xttM0UfqMX6deZWNGbRNOdSazxn0Mbttw4sD7m2GsmU=
Subject key identifier:   DC:BF:3E:48:58:93:59:4E:1F:54:9A:8D:24:7F:68:01:5D:A5:D7:2E
Certificate issuer:       /CN=7969c4bd8767780bec161a2ad612a2735dbcabfd
Certificate serial:       019B77593CC0E7FB81A3833C4B776DDE0A3F
Authority key identifier: 79:69:C4:BD:87:67:78:0B:EC:16:1A:2A:D6:12:A2:73:5D:BC:AB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/3L8-SFiTWU4fVJqNJH9oAV2l1y4.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212926
IP address blocks:        88.135.70.0/24 maxlen: 24
                          2a07:e8c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3c:c0:e7:fb:81:a3:83:3c:4b:77:6d:de:0a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7969c4bd8767780bec161a2ad612a2735dbcabfd
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcbf3e485893594e1f549a8d247f68015da5d72e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a8:3c:3e:60:54:2d:fd:01:e8:42:cf:6a:ab:
                    3f:2e:bf:cf:52:b7:bf:75:e3:5e:90:dc:ab:b5:af:
                    73:9a:74:47:58:b6:11:b0:6f:48:60:13:8c:a1:73:
                    29:d1:df:87:2e:b9:35:f7:00:01:25:25:10:60:09:
                    da:53:88:2e:4a:e0:5b:e1:ec:22:3d:f7:75:41:f2:
                    e6:fa:3f:a3:24:39:bb:f4:91:df:3c:27:80:bf:ae:
                    33:82:13:5e:40:fa:95:36:97:9f:ff:e8:23:19:ef:
                    f1:2d:e1:bb:81:4a:43:35:98:19:e9:80:c5:da:47:
                    40:33:7a:b1:09:86:72:b9:bd:6d:5b:d7:1b:84:31:
                    05:6b:c6:3d:2e:29:b1:80:11:86:0e:f4:49:9a:8c:
                    a9:c7:fc:e6:4a:06:30:3a:5b:d1:72:49:73:8f:12:
                    9a:75:4b:55:ce:09:55:54:18:73:b1:d6:7b:5a:42:
                    fe:7e:9e:91:72:6c:18:9a:b5:20:0a:e4:d2:06:24:
                    5e:fe:d4:79:57:5f:ab:71:22:3b:52:5d:0c:36:77:
                    37:f5:38:07:2c:ba:9a:00:4a:85:ea:8c:65:5a:57:
                    c2:3b:84:00:53:d5:39:bd:52:6f:7d:68:38:dd:90:
                    4e:71:29:7e:b1:45:10:aa:f1:2e:82:ab:d1:f2:a7:
                    90:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BF:3E:48:58:93:59:4E:1F:54:9A:8D:24:7F:68:01:5D:A5:D7:2E
            X509v3 Authority Key Identifier:
                keyid:79:69:C4:BD:87:67:78:0B:EC:16:1A:2A:D6:12:A2:73:5D:BC:AB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/3L8-SFiTWU4fVJqNJH9oAV2l1y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.70.0/24
                IPv6:
                  2a07:e8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:40:72:56:50:d2:32:91:d4:bd:5f:2a:70:9f:db:bb:9d:be:
         c9:bf:00:86:19:b2:b7:a1:27:56:ef:4d:66:24:72:66:80:4f:
         6a:74:48:09:b1:4f:0f:8a:cb:54:ec:74:df:6d:b1:4b:5a:d8:
         c7:35:ed:64:75:76:31:66:78:bf:8c:27:80:cd:f7:ed:66:56:
         f3:91:0e:91:58:13:58:89:18:4a:5e:12:d0:9d:7a:ab:b4:3c:
         c3:c8:da:14:d9:0f:70:2b:dc:f2:3d:15:41:2f:67:ea:59:70:
         75:6c:bf:af:b7:ef:75:e7:e1:61:d4:0d:6a:a4:07:96:bc:7c:
         1f:57:4c:2b:20:0a:0a:f3:bd:e1:ee:c5:3d:5f:3a:4d:48:19:
         7c:80:c5:f5:10:5c:bb:dd:6c:be:4b:6a:83:23:1e:e4:29:80:
         b3:3c:58:04:fb:6d:96:df:e3:6f:36:83:40:ce:da:52:0d:67:
         41:52:60:4a:37:03:4f:8b:e3:e2:b8:d3:27:bd:70:3b:fb:ea:
         b4:3e:21:10:b7:ca:51:5b:fc:1b:73:21:ac:fb:68:bb:6e:33:
         58:78:e9:b4:d2:e0:a1:c5:46:b2:62:96:7d:4e:5d:47:8d:fa:
         d7:d1:fe:af:4b:41:24:29:e9:e2:99:c2:1f:60:1f:9a:a7:2e:
         78:f9:9b:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3WTzA5/uBo4M8S3dt3go/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NjljNGJkODc2Nzc4MGJlYzE2MWEyYWQ2MTJhMjczNWRi
Y2FiZmQwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JmM2U0ODU4OTM1OTRlMWY1NDlhOGQyNDdmNjgwMTVkYTVkNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArag8PmBULf0B6ELPaqs/Lr/PUre/
deNekNyrta9zmnRHWLYRsG9IYBOMoXMp0d+HLrk19wABJSUQYAnaU4guSuBb4ewi
Pfd1QfLm+j+jJDm79JHfPCeAv64zghNeQPqVNpef/+gjGe/xLeG7gUpDNZgZ6YDF
2kdAM3qxCYZyub1tW9cbhDEFa8Y9LimxgBGGDvRJmoypx/zmSgYwOlvRcklzjxKa
dUtVzglVVBhzsdZ7WkL+fp6RcmwYmrUgCuTSBiRe/tR5V1+rcSI7Ul0MNnc39TgH
LLqaAEqF6oxlWlfCO4QAU9U5vVJvfWg43ZBOcSl+sUUQqvEugqvR8qeQsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNy/PkhYk1lOH1SajSR/aAFdpdcuMB8GA1UdIwQY
MBaAFHlpxL2HZ3gL7BYaKtYSonNdvKv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVduRXZZZG5lQXZzRmhvcTFoS2ljMTI4cV8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZTM4OGItOWJlYS00OGU5LTk2NWYt
MGU4ZGRkNjkxZjYzLzEvM0w4LVNGaVRXVTRmVkpxTkpIOW9BVjJsMXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZTM4OGItOWJlYS00OGU5LTk2NWYtMGU4ZGRkNjkxZjYz
LzEvZVduRXZZZG5lQXZzRmhvcTFoS2ljMTI4cV8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWIdGMA0E
AgACMAcDBQAqB+jAMA0GCSqGSIb3DQEBCwUAA4IBAQAlQHJWUNIykdS9Xypwn9u7
nb7JvwCGGbK3oSdW701mJHJmgE9qdEgJsU8PistU7HTfbbFLWtjHNe1kdXYxZni/
jCeAzfftZlbzkQ6RWBNYiRhKXhLQnXqrtDzDyNoU2Q9wK9zyPRVBL2fqWXB1bL+v
t+915+Fh1A1qpAeWvHwfV0wrIAoK873h7sU9XzpNSBl8gMX1EFy73Wy+S2qDIx7k
KYCzPFgE+22W3+NvNoNAztpSDWdBUmBKNwNPi+PiuNMnvXA7++q0PiEQt8pRW/wb
cyGs+2i7bjNYeOm00uChxUayYpZ9Tl1HjfrX0f6vS0EkKenimcIfYB+apy54+ZvV
-----END CERTIFICATE-----