Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0HODiJ6zETUxB5V-7gVm2tivJwY.roa
File:                     0HODiJ6zETUxB5V-7gVm2tivJwY.roa (raw, json)
Hash identifier:          qGeG3nhf+YLEqzJKX+7cT8wuG9iiTSfd9cCIvKbcpI4=
Subject key identifier:   D0:73:83:88:9E:B3:11:35:31:07:95:7E:EE:05:66:DA:D8:AF:27:06
Certificate issuer:       /CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
Certificate serial:       019EA84E648BB50B6A155FCD680A8BA8754E
Authority key identifier: D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0HODiJ6zETUxB5V-7gVm2tivJwY.roa
Signing time:             Mon 08 Jun 2026 17:36:10 +0000
ROA not before:           Mon 08 Jun 2026 17:36:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        5.100.152.0/21 maxlen: 24
                          185.195.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:4e:64:8b:b5:0b:6a:15:5f:cd:68:0a:8b:a8:75:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
        Validity
            Not Before: Jun  8 17:36:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d07383889eb311353107957eee0566dad8af2706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d8:32:42:db:a7:cf:10:73:58:d6:9d:76:fd:
                    65:a3:90:8d:a5:ea:61:c2:fb:b0:1c:aa:49:d1:d2:
                    b8:28:f0:37:f2:35:7a:bd:8d:4b:38:01:f2:6f:5d:
                    d8:5e:b3:9e:8c:48:4b:7d:5d:c8:92:e7:d0:37:76:
                    5d:cc:af:f5:42:a7:91:23:90:9b:6d:c2:0d:41:bf:
                    0a:2b:39:73:e1:3f:1e:0d:3f:a1:f1:97:52:37:8b:
                    c2:c9:32:be:2b:86:c9:97:24:f6:8c:8d:15:ab:55:
                    b7:c5:be:32:4e:cf:86:02:29:89:e4:7f:4d:0c:96:
                    fa:72:f6:ae:7e:ad:53:28:c3:c5:2a:7c:d9:9d:e2:
                    ad:ab:5a:d9:94:1d:41:65:91:7d:71:1f:53:6a:a7:
                    c8:bb:ee:cd:87:21:30:d0:71:74:d4:6e:3a:11:db:
                    66:fe:d4:25:c3:fb:22:af:2a:56:4f:30:31:d8:56:
                    ec:e8:a3:f5:d4:fa:b4:d0:75:a9:66:fc:fd:11:96:
                    a6:b3:e5:58:f6:d9:9f:82:bf:d7:d6:a6:7e:d8:0c:
                    80:7c:a6:c9:fd:fa:f8:39:e5:1d:f0:5b:62:45:6b:
                    40:4f:43:36:b2:99:70:5f:ce:02:b2:d4:aa:a6:b7:
                    c9:b0:49:2a:6e:f0:8f:ac:2e:24:1b:c1:31:0d:95:
                    12:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:73:83:88:9E:B3:11:35:31:07:95:7E:EE:05:66:DA:D8:AF:27:06
            X509v3 Authority Key Identifier:
                keyid:D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0HODiJ6zETUxB5V-7gVm2tivJwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.152.0/21
                  185.195.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:47:d7:cc:38:a5:7a:9a:60:81:82:73:c2:8a:5e:91:0f:9e:
         59:b1:3d:69:e2:c4:12:67:26:8b:24:fa:c9:75:6c:5b:a1:03:
         e0:6a:96:dd:ad:5c:b4:88:2e:19:80:9d:f9:6c:b6:0a:e6:e3:
         9b:b8:fc:fc:82:b8:c5:22:a0:2f:33:01:84:f9:6b:27:0c:cb:
         31:53:a2:fe:13:f6:9f:51:e2:fa:f2:86:b7:02:49:c3:f2:9b:
         c2:b5:70:f5:42:ba:4c:46:eb:9a:15:14:0c:53:b3:14:3e:c4:
         c6:0f:15:bd:b3:5d:91:80:f8:b2:df:1e:f4:38:6e:26:07:58:
         a6:b0:00:dc:d7:7e:7c:67:e4:cd:a3:53:8f:c4:8a:71:45:8b:
         5f:df:a8:dd:ab:c4:9d:14:78:a2:8f:b1:6e:2b:40:13:8c:b2:
         77:42:42:a6:8d:02:1a:fd:6b:04:de:f8:a5:43:90:16:23:b4:
         63:f1:00:da:d1:84:82:ac:69:9a:10:4b:e3:bd:74:9a:ba:1a:
         c3:17:23:21:ae:12:46:39:a3:c4:fa:12:68:75:2e:95:9a:19:
         9d:5e:2d:d3:5d:1a:b4:0d:15:e6:62:5d:b2:b2:33:09:12:6e:
         47:81:30:6e:c3:3c:f5:08:96:75:88:b6:1b:88:2d:b9:51:c2:
         3e:57:99:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6oTmSLtQtqFV/NaAqLqHVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2FlOWRjOWY0M2EyNjllYjBhY2NmMzQ4OGU4NjFmNGZm
MGU4OWUwHhcNMjYwNjA4MTczNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDczODM4ODllYjMxMTM1MzEwNzk1N2VlZTA1NjZkYWQ4YWYyNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNgyQtunzxBzWNaddv1lo5CNpeph
wvuwHKpJ0dK4KPA38jV6vY1LOAHyb13YXrOejEhLfV3IkufQN3ZdzK/1QqeRI5Cb
bcINQb8KKzlz4T8eDT+h8ZdSN4vCyTK+K4bJlyT2jI0Vq1W3xb4yTs+GAimJ5H9N
DJb6cvaufq1TKMPFKnzZneKtq1rZlB1BZZF9cR9TaqfIu+7NhyEw0HF01G46Edtm
/tQlw/sirypWTzAx2Fbs6KP11Pq00HWpZvz9EZams+VY9tmfgr/X1qZ+2AyAfKbJ
/fr4OeUd8FtiRWtAT0M2splwX84CstSqprfJsEkqbvCPrC4kG8ExDZUSZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNBzg4iesxE1MQeVfu4FZtrYrycGMB8GA1UdIwQY
MBaAFNF66dyfQ6Jp6wrM80iOhh9P8OieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUt
ZmRhNGU4YTViNDZlLzEvMEhPRGlKNnpFVFV4QjVWLTdnVm0ydGl2SndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUtZmRhNGU4YTViNDZl
LzEvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBWSYAwQC
ucMMMA0GCSqGSIb3DQEBCwUAA4IBAQBLR9fMOKV6mmCBgnPCil6RD55ZsT1p4sQS
ZyaLJPrJdWxboQPgapbdrVy0iC4ZgJ35bLYK5uObuPz8grjFIqAvMwGE+WsnDMsx
U6L+E/afUeL68oa3AknD8pvCtXD1QrpMRuuaFRQMU7MUPsTGDxW9s12RgPiy3x70
OG4mB1imsADc1358Z+TNo1OPxIpxRYtf36jdq8SdFHiij7FuK0ATjLJ3QkKmjQIa
/WsE3vilQ5AWI7Rj8QDa0YSCrGmaEEvjvXSauhrDFyMhrhJGOaPE+hJodS6Vmhmd
Xi3TXRq0DRXmYl2ysjMJEm5HgTBuwzz1CJZ1iLYbiC25UcI+V5k7
-----END CERTIFICATE-----