Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/10Uli64Xn-ToBAVMZLdRb-_lKPI.roa
File:                     10Uli64Xn-ToBAVMZLdRb-_lKPI.roa (raw, json)
Hash identifier:          QK1f4TaT8uNDv78xsdOn+3aPS89kYtsBVM6AamkGNIk=
Subject key identifier:   D7:45:25:8B:AE:17:9F:E4:E8:04:05:4C:64:B7:51:6F:EF:E5:28:F2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D91B9B8BF43C25FDC79D89BAC67222482
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/10Uli64Xn-ToBAVMZLdRb-_lKPI.roa
Signing time:             Wed 15 Apr 2026 15:19:20 +0000
ROA not before:           Wed 15 Apr 2026 15:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        89.213.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:b9:b8:bf:43:c2:5f:dc:79:d8:9b:ac:67:22:24:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 15 15:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d745258bae179fe4e804054c64b7516fefe528f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:94:25:15:ef:40:cd:c2:e8:ec:e0:3a:96:b1:
                    d5:47:e2:81:4a:6c:a7:2c:40:d9:16:95:54:92:86:
                    2f:64:81:41:81:0f:ab:c1:1b:f2:ff:55:d5:cf:2b:
                    af:9d:7e:d3:9e:17:8e:b0:e4:98:05:50:a3:c2:b1:
                    63:26:2e:4b:6d:a0:d5:2b:a4:ce:02:a3:0d:66:31:
                    51:67:ba:4b:a0:15:ae:e9:4f:0b:06:29:55:2e:23:
                    e9:8d:73:e8:9b:77:76:56:24:ba:a5:47:24:7e:41:
                    3c:e8:06:cf:98:79:fa:50:81:8c:3e:34:7d:4e:4a:
                    e3:28:f7:3d:1c:70:d8:5f:ab:2b:64:13:6a:ec:97:
                    bc:0e:af:64:7a:1c:30:c9:50:ff:ca:d0:ce:84:1e:
                    68:7f:34:df:bb:6e:5a:0b:b4:05:b2:99:32:a8:61:
                    e6:b8:ec:9e:17:8b:cd:30:74:99:6f:c9:30:f0:c3:
                    4d:05:19:4c:aa:a4:9e:30:12:b1:b5:8b:b2:18:17:
                    9a:1d:05:b2:a5:2c:c4:51:a8:21:83:b0:db:26:4a:
                    66:f8:15:9f:43:61:8b:b9:57:25:b6:cc:c6:62:4e:
                    26:79:2a:37:84:5d:6d:27:49:30:35:ec:92:b3:a9:
                    d1:a7:e8:d8:3f:dd:3c:6c:65:29:ae:61:24:b5:be:
                    21:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:45:25:8B:AE:17:9F:E4:E8:04:05:4C:64:B7:51:6F:EF:E5:28:F2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/10Uli64Xn-ToBAVMZLdRb-_lKPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:95:ec:d4:3d:5d:52:8c:e3:1c:e3:12:c4:f1:93:61:e3:cf:
         84:67:35:2d:94:ed:48:d2:20:42:0a:8f:ae:65:17:c8:55:1a:
         60:1a:c7:70:28:4d:6b:f1:f5:83:fb:fb:04:1c:c9:e5:af:42:
         0c:30:ca:a4:2d:db:83:3e:59:35:33:b2:aa:32:cf:aa:fd:ef:
         43:75:f5:7e:27:fe:0c:1b:f7:47:08:2b:59:6a:42:2d:c7:bf:
         76:e6:28:80:9c:40:cd:a3:27:01:b6:54:e9:f3:7e:40:74:c1:
         d6:f1:95:db:0a:4e:97:8e:bd:0a:78:93:65:90:7f:9e:66:fd:
         2b:e0:a2:e1:88:82:2b:a1:9a:30:93:24:db:9b:23:cd:1c:b8:
         fe:6e:61:dd:bd:f3:8d:f5:d4:d4:4e:99:8b:56:0d:c5:0a:1f:
         79:2f:74:f7:f2:89:2b:a0:76:8a:03:43:a2:ed:ea:9b:73:d1:
         1b:43:0f:8b:06:e2:3b:88:e1:61:a6:ed:f6:03:2a:96:ba:85:
         8a:df:8b:d8:a7:9c:a3:83:11:4e:00:45:5f:bf:db:c2:cc:6f:
         37:71:ea:61:84:cd:9a:49:d3:60:e1:f1:7b:e0:fe:1c:94:d8:
         3c:5f:ce:7a:20:6f:de:77:cb:db:72:cd:72:9e:3b:5b:17:fb:
         13:12:fc:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Rubi/Q8Jf3HnYm6xnIiSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDE1MTUxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzQ1MjU4YmFlMTc5ZmU0ZTgwNDA1NGM2NGI3NTE2ZmVmZTUyOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpQlFe9AzcLo7OA6lrHVR+KBSmyn
LEDZFpVUkoYvZIFBgQ+rwRvy/1XVzyuvnX7TnheOsOSYBVCjwrFjJi5LbaDVK6TO
AqMNZjFRZ7pLoBWu6U8LBilVLiPpjXPom3d2ViS6pUckfkE86AbPmHn6UIGMPjR9
TkrjKPc9HHDYX6srZBNq7Je8Dq9kehwwyVD/ytDOhB5ofzTfu25aC7QFspkyqGHm
uOyeF4vNMHSZb8kw8MNNBRlMqqSeMBKxtYuyGBeaHQWypSzEUaghg7DbJkpm+BWf
Q2GLuVcltszGYk4meSo3hF1tJ0kwNeySs6nRp+jYP908bGUprmEktb4hHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdFJYuuF5/k6AQFTGS3UW/v5SjyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTBVbGk2NFhuLVRvQkFWTVpMZFJiLV9sS1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUoMA0G
CSqGSIb3DQEBCwUAA4IBAQCPlezUPV1SjOMc4xLE8ZNh48+EZzUtlO1I0iBCCo+u
ZRfIVRpgGsdwKE1r8fWD+/sEHMnlr0IMMMqkLduDPlk1M7KqMs+q/e9DdfV+J/4M
G/dHCCtZakItx7925iiAnEDNoycBtlTp835AdMHW8ZXbCk6Xjr0KeJNlkH+eZv0r
4KLhiIIroZowkyTbmyPNHLj+bmHdvfON9dTUTpmLVg3FCh95L3T38okroHaKA0Oi
7eqbc9EbQw+LBuI7iOFhpu32AyqWuoWK34vYp5yjgxFOAEVfv9vCzG83cephhM2a
SdNg4fF74P4clNg8X856IG/ed8vbcs1ynjtbF/sTEvzT
-----END CERTIFICATE-----