Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/43Q8B1j8uCGR8HMdyPrt74IDtQ0.roa
File:                     43Q8B1j8uCGR8HMdyPrt74IDtQ0.roa (raw, json)
Hash identifier:          jg6HtmjBC3mwgDbDxK1J2hnGtmR596d4s1Ft0DjJQas=
Subject key identifier:   E3:74:3C:07:58:FC:B8:21:91:F0:73:1D:C8:FA:ED:EF:82:03:B5:0D
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019C9E073046198B3D394DBBE6A1E2B36283
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/43Q8B1j8uCGR8HMdyPrt74IDtQ0.roa
Signing time:             Fri 27 Feb 2026 07:36:37 +0000
ROA not before:           Fri 27 Feb 2026 07:36:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        109.229.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:07:30:46:19:8b:3d:39:4d:bb:e6:a1:e2:b3:62:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Feb 27 07:36:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3743c0758fcb82191f0731dc8faedef8203b50d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9f:43:cf:be:31:58:d3:48:70:da:b5:91:41:
                    37:6a:0f:19:bb:e7:4f:b2:d9:1e:e2:9f:53:01:7a:
                    0c:bd:9c:9d:ff:bf:7a:b0:2b:70:4f:2b:fb:13:63:
                    f4:a1:f4:af:de:f8:9c:96:d7:8a:99:06:66:c5:02:
                    d2:a8:12:e4:71:37:58:7d:66:da:3d:90:00:d1:6c:
                    d2:09:6f:c4:03:09:2b:84:8b:e2:c6:f7:07:fb:a0:
                    2a:bf:80:27:c8:58:d5:ce:41:1c:af:f2:a9:53:fa:
                    4d:99:aa:b5:02:4b:c1:86:fe:11:b1:8f:65:f7:69:
                    d5:b6:e7:24:ff:8c:b8:51:1e:8c:f3:ff:73:07:58:
                    e1:a0:3c:fc:81:96:53:7e:85:6a:6e:7d:69:8d:b4:
                    8b:5d:3c:3e:20:23:33:25:45:e4:7c:d4:3c:a4:39:
                    f8:95:ce:b6:18:ca:36:37:3c:6d:8e:7d:62:53:cf:
                    46:5c:08:b8:b2:60:e5:bd:41:c2:c2:25:4d:61:e3:
                    95:a7:dd:97:ec:93:da:22:d5:54:f3:ff:c2:94:64:
                    d3:01:79:e8:fc:7d:02:03:1e:7f:80:e0:d6:37:6e:
                    05:ae:af:ea:b3:5d:95:6b:c8:ba:17:61:ca:cc:98:
                    2d:fc:33:8b:3e:75:e1:ff:06:84:71:a2:58:64:ec:
                    31:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:74:3C:07:58:FC:B8:21:91:F0:73:1D:C8:FA:ED:EF:82:03:B5:0D
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/43Q8B1j8uCGR8HMdyPrt74IDtQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:18:5a:a5:42:73:40:20:32:ca:0e:d7:7c:02:d1:20:52:39:
         60:69:05:1d:60:be:88:c3:26:a8:49:72:1d:e1:cc:05:07:5a:
         63:7d:88:50:11:ca:ce:18:bc:41:72:56:50:85:e6:0b:c5:cc:
         0f:8b:41:9c:c7:75:fa:87:2b:17:43:0d:59:7f:37:ea:c0:30:
         66:15:a7:94:2f:e8:b9:f3:31:ad:70:e6:f4:66:8c:80:20:51:
         6c:91:94:51:46:34:bb:46:3d:48:45:9b:8a:94:19:3b:8d:9e:
         ca:47:9f:33:6b:9b:a0:e1:e5:c5:cf:05:35:fe:f7:90:a4:fd:
         17:fe:76:06:8d:dd:7c:e7:3a:73:cc:c9:35:f3:28:06:46:11:
         77:54:2f:51:44:d8:14:75:ae:74:32:19:49:db:0c:f9:60:79:
         58:aa:20:7d:cb:79:b8:b3:68:45:06:ee:74:16:34:92:37:31:
         b1:2c:15:22:7e:98:6d:49:39:c4:06:00:d6:c6:ff:bd:1a:51:
         2e:d0:57:d6:05:f0:3d:8c:1d:ec:ff:74:d4:24:6f:76:ef:ac:
         c4:95:6d:83:c2:92:9a:e0:2a:45:2e:0a:37:ab:3c:20:75:ce:
         40:d7:39:24:d7:d3:b0:b0:35:d3:f6:10:44:8c:5d:4a:7b:f6:
         cf:f3:8e:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyeBzBGGYs9OU275qHis2KDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMjI3MDczNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc0M2MwNzU4ZmNiODIxOTFmMDczMWRjOGZhZWRlZjgyMDNiNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp9Dz74xWNNIcNq1kUE3ag8Zu+dP
stke4p9TAXoMvZyd/796sCtwTyv7E2P0ofSv3viclteKmQZmxQLSqBLkcTdYfWba
PZAA0WzSCW/EAwkrhIvixvcH+6Aqv4AnyFjVzkEcr/KpU/pNmaq1AkvBhv4RsY9l
92nVtuck/4y4UR6M8/9zB1jhoDz8gZZTfoVqbn1pjbSLXTw+ICMzJUXkfNQ8pDn4
lc62GMo2Nzxtjn1iU89GXAi4smDlvUHCwiVNYeOVp92X7JPaItVU8//ClGTTAXno
/H0CAx5/gODWN24Frq/qs12Va8i6F2HKzJgt/DOLPnXh/waEcaJYZOwxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON0PAdY/LghkfBzHcj67e+CA7UNMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvNDNROEIxajh1Q0dSOEhNZHlQcnQ3NElEdFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbeXcMA0G
CSqGSIb3DQEBCwUAA4IBAQCRGFqlQnNAIDLKDtd8AtEgUjlgaQUdYL6IwyaoSXId
4cwFB1pjfYhQEcrOGLxBclZQheYLxcwPi0Gcx3X6hysXQw1ZfzfqwDBmFaeUL+i5
8zGtcOb0ZoyAIFFskZRRRjS7Rj1IRZuKlBk7jZ7KR58za5ug4eXFzwU1/veQpP0X
/nYGjd185zpzzMk18ygGRhF3VC9RRNgUda50MhlJ2wz5YHlYqiB9y3m4s2hFBu50
FjSSNzGxLBUifphtSTnEBgDWxv+9GlEu0FfWBfA9jB3s/3TUJG9276zElW2DwpKa
4CpFLgo3qzwgdc5A1zkk19OwsDXT9hBEjF1Ke/bP847K
-----END CERTIFICATE-----