Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1--ygXZQa4D_dSiIOZ1u8jXbSbRs.roa
File:                     1--ygXZQa4D_dSiIOZ1u8jXbSbRs.roa (raw, json)
Hash identifier:          CiR2LnQSz1FbuT0UgtsqxOOwWLBQf3d77LwNhyDcLNY=
Subject key identifier:   FB:EC:A0:5D:94:1A:E0:3F:DD:4A:22:0E:67:5B:BC:8D:76:D2:6D:1B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E969D4B644E89510D5F7B104E061F55AE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1--ygXZQa4D_dSiIOZ1u8jXbSbRs.roa
Signing time:             Fri 05 Jun 2026 07:09:11 +0000
ROA not before:           Fri 05 Jun 2026 07:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        82.152.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:9d:4b:64:4e:89:51:0d:5f:7b:10:4e:06:1f:55:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  5 07:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fbeca05d941ae03fdd4a220e675bbc8d76d26d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:eb:7e:df:23:d1:d3:29:95:b7:5d:db:b2:88:
                    98:a2:8b:5f:a2:10:51:58:7a:2f:0a:8d:87:fa:ad:
                    ee:1a:c8:eb:c0:f7:9d:15:02:88:b8:0c:02:32:ba:
                    09:ba:f6:01:44:4d:5d:96:92:0c:c6:8a:08:e0:d3:
                    50:69:95:84:8a:7d:ed:63:ab:13:f2:43:93:11:dd:
                    a4:92:7a:6f:c3:bf:34:78:71:2a:b5:1f:4e:7c:0c:
                    2c:10:2d:25:ff:4f:50:07:f9:b9:4c:cc:46:5d:14:
                    e7:dd:63:1c:06:9c:c1:38:ee:ec:dc:16:64:09:64:
                    cb:bd:87:65:f7:d1:bb:fe:5e:e2:55:4c:ab:4a:3a:
                    b1:32:1f:85:fc:ad:2d:81:56:4a:79:96:be:3c:f5:
                    59:e7:4c:d5:81:ec:76:6b:79:05:73:15:39:43:51:
                    3c:b0:fd:8a:fb:64:d8:85:b0:b9:47:b4:8e:16:d4:
                    cf:31:ad:e0:cd:4a:e0:28:eb:bc:d4:79:07:f2:f9:
                    c6:a5:5d:23:30:fe:83:74:b6:7b:bc:d1:06:03:d4:
                    d0:24:73:f1:bd:3f:b6:c8:ff:fe:39:4d:b8:d4:57:
                    04:b6:cb:79:5e:6e:90:0a:0d:86:eb:63:1e:f6:b7:
                    7e:6c:80:94:62:8c:2a:0e:cc:c8:38:58:c6:fc:50:
                    23:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EC:A0:5D:94:1A:E0:3F:DD:4A:22:0E:67:5B:BC:8D:76:D2:6D:1B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1--ygXZQa4D_dSiIOZ1u8jXbSbRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ef:56:33:0d:5f:40:81:07:f1:2f:17:77:5a:70:8a:11:58:
         01:1b:9f:2f:2a:95:1b:67:0d:ae:9a:d0:e7:75:fd:d4:a4:01:
         43:9c:29:7e:16:0a:d5:ad:50:09:38:b7:3e:d6:d3:2b:3b:f1:
         21:1e:ac:11:6b:ba:8b:50:2f:eb:3d:e5:4d:2a:60:25:b0:63:
         dc:d6:82:ee:09:99:6a:75:e5:d6:1a:dd:18:f9:bb:71:6f:89:
         ea:cf:b9:1c:fe:3c:9d:fd:a2:c9:17:e4:d1:e3:cf:bf:ef:6e:
         24:82:88:59:d6:99:25:30:ae:0f:2d:89:fa:cf:34:15:f3:ec:
         8c:8a:19:c1:46:85:e9:53:75:49:7b:28:6d:ce:f8:45:34:12:
         cd:c4:d2:3b:e7:4e:e0:d7:0d:84:fd:19:71:71:48:1f:56:fc:
         44:8c:5e:cb:44:28:aa:16:10:ef:e7:1b:2b:5c:98:85:ca:6c:
         f1:f7:73:2c:26:bb:be:37:6e:5f:56:34:84:b2:9c:88:53:8c:
         00:6c:78:ce:1e:b0:be:2b:99:f7:f0:9a:20:72:cd:5a:ca:99:
         c4:09:a5:a0:ff:72:ea:d4:fc:13:70:9a:49:b5:95:ab:22:4a:
         d6:5b:a9:bf:2c:54:c4:48:a6:24:27:61:3b:33:21:49:7a:a2:
         e3:58:4e:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6WnUtkTolRDV97EE4GH1WuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA1MDcwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmVjYTA1ZDk0MWFlMDNmZGQ0YTIyMGU2NzViYmM4ZDc2ZDI2ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ut+3yPR0ymVt13bsoiYootfohBR
WHovCo2H+q3uGsjrwPedFQKIuAwCMroJuvYBRE1dlpIMxooI4NNQaZWEin3tY6sT
8kOTEd2kknpvw780eHEqtR9OfAwsEC0l/09QB/m5TMxGXRTn3WMcBpzBOO7s3BZk
CWTLvYdl99G7/l7iVUyrSjqxMh+F/K0tgVZKeZa+PPVZ50zVgex2a3kFcxU5Q1E8
sP2K+2TYhbC5R7SOFtTPMa3gzUrgKOu81HkH8vnGpV0jMP6DdLZ7vNEGA9TQJHPx
vT+2yP/+OU241FcEtst5Xm6QCg2G62Me9rd+bICUYowqDszIOFjG/FAjZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvsoF2UGuA/3UoiDmdbvI120m0bMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS0teWdYWlFhNERfZFNpSU9aMXU4alhiU2JScy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKYwTAN
BgkqhkiG9w0BAQsFAAOCAQEAIu9WMw1fQIEH8S8Xd1pwihFYARufLyqVG2cNrprQ
53X91KQBQ5wpfhYK1a1QCTi3PtbTKzvxIR6sEWu6i1Av6z3lTSpgJbBj3NaC7gmZ
anXl1hrdGPm7cW+J6s+5HP48nf2iyRfk0ePPv+9uJIKIWdaZJTCuDy2J+s80FfPs
jIoZwUaF6VN1SXsobc74RTQSzcTSO+dO4NcNhP0ZcXFIH1b8RIxey0QoqhYQ7+cb
K1yYhcps8fdzLCa7vjduX1Y0hLKciFOMAGx4zh6wviuZ9/CaIHLNWsqZxAmloP9y
6tT8E3CaSbWVqyJK1lupvyxUxEimJCdhOzMhSXqi41hOTA==
-----END CERTIFICATE-----