Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tz1pjHR4TqLnKSJ1jkwFvtYR0G8.roa
File:                     Tz1pjHR4TqLnKSJ1jkwFvtYR0G8.roa (raw, json)
Hash identifier:          WWoAwDFuJ5oacbVeNOsAiyAV0ApVQBFDJYM6xoSgGMI=
Subject key identifier:   4F:3D:69:8C:74:78:4E:A2:E7:29:22:75:8E:4C:05:BE:D6:11:D0:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EBAF051C5AC77660C2E325DFB4C7F8150
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tz1pjHR4TqLnKSJ1jkwFvtYR0G8.roa
Signing time:             Fri 12 Jun 2026 08:26:12 +0000
ROA not before:           Fri 12 Jun 2026 08:26:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154612
IP address blocks:        81.168.63.0/24 maxlen: 24
                          89.213.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:f0:51:c5:ac:77:66:0c:2e:32:5d:fb:4c:7f:81:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 12 08:26:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f3d698c74784ea2e72922758e4c05bed611d06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:97:9a:bf:cb:c9:61:4a:e1:e6:50:e7:b9:f4:
                    c9:22:90:b5:6c:f7:4d:dc:48:a0:20:79:74:c3:68:
                    2e:5b:b8:bc:5a:e0:8d:0a:8f:ab:5e:14:23:5d:da:
                    0f:c1:1f:a0:aa:e4:62:45:28:51:72:4d:3b:28:e6:
                    5b:a1:23:2e:20:63:6f:37:21:8a:35:97:17:c1:31:
                    70:0e:22:3b:68:eb:f0:1e:31:2e:e1:86:43:f6:6d:
                    a6:46:28:4c:22:9e:25:92:54:9f:03:68:73:68:d6:
                    f4:c7:24:18:c3:f1:27:24:fa:67:62:7d:f7:fd:72:
                    26:2b:2e:72:31:69:59:7c:95:2b:3e:6e:a2:86:ab:
                    cc:9f:bd:3f:2c:bd:20:54:a9:08:aa:b9:ce:c2:31:
                    78:2b:53:40:d7:0c:2e:10:d4:97:b5:71:b7:5c:3d:
                    ae:a6:2c:12:43:7c:75:8a:a1:15:1e:3a:7c:42:70:
                    78:d1:57:e5:71:e3:e8:18:a6:a4:a9:3a:19:71:e9:
                    d4:a6:8a:39:8f:90:47:8e:df:c2:a1:b3:b8:e3:3b:
                    9e:39:58:14:3e:18:87:04:5f:16:08:8b:73:e8:3b:
                    11:db:73:50:ab:7d:ba:0a:51:e8:49:11:58:7a:8d:
                    7b:09:54:18:62:bc:f1:8f:60:71:cc:90:6b:9f:6c:
                    72:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3D:69:8C:74:78:4E:A2:E7:29:22:75:8E:4C:05:BE:D6:11:D0:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tz1pjHR4TqLnKSJ1jkwFvtYR0G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.63.0/24
                  89.213.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:14:2d:47:35:1d:b5:a0:5c:ae:0b:23:2d:55:68:ec:01:48:
         39:0f:06:73:40:87:4d:42:19:74:07:79:95:16:ad:2a:d1:53:
         76:ab:2e:80:63:be:fb:e9:f7:fb:dd:24:d0:76:df:cf:9c:25:
         ce:ca:af:ff:e1:4d:48:e4:b8:3d:91:43:3a:fa:97:e5:26:1a:
         56:61:14:f8:d7:47:06:ae:57:47:63:4b:c6:a4:bf:79:ea:a8:
         7e:3a:6f:24:99:b5:2b:81:87:be:4b:fc:25:74:2a:76:5d:6b:
         10:02:22:b7:d1:db:2a:ae:16:16:ce:42:8c:05:3c:53:c2:00:
         5c:10:1c:6f:50:75:f2:61:45:69:75:a9:d0:5c:f1:9b:61:4e:
         81:52:3e:aa:73:83:0a:c8:aa:48:47:d0:9c:c1:82:64:be:44:
         0f:69:23:83:d5:59:be:3a:76:fe:c0:b1:71:77:2b:22:10:55:
         d8:9b:b4:e9:4a:2b:bf:84:c7:f5:64:d9:63:4d:65:3e:69:66:
         06:e7:37:fd:f6:26:23:d7:a4:d4:69:d1:c8:99:fd:e1:5f:03:
         58:0a:b2:d6:3a:dc:ef:26:1a:6b:76:cc:b2:83:88:b5:3f:f8:
         89:d6:b4:53:b0:8a:37:f6:5b:14:f3:15:6e:91:85:32:10:f5:
         e9:d0:36:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ668FHFrHdmDC4yXftMf4FQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjEyMDgyNjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNkNjk4Yzc0Nzg0ZWEyZTcyOTIyNzU4ZTRjMDViZWQ2MTFkMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5eav8vJYUrh5lDnufTJIpC1bPdN
3EigIHl0w2guW7i8WuCNCo+rXhQjXdoPwR+gquRiRShRck07KOZboSMuIGNvNyGK
NZcXwTFwDiI7aOvwHjEu4YZD9m2mRihMIp4lklSfA2hzaNb0xyQYw/EnJPpnYn33
/XImKy5yMWlZfJUrPm6ihqvMn70/LL0gVKkIqrnOwjF4K1NA1wwuENSXtXG3XD2u
piwSQ3x1iqEVHjp8QnB40VflcePoGKakqToZcenUpoo5j5BHjt/CobO44zueOVgU
PhiHBF8WCItz6DsR23NQq326ClHoSRFYeo17CVQYYrzxj2BxzJBrn2xypQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE89aYx0eE6i5ykidY5MBb7WEdBvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVHoxcGpIUjRUcUxuS1NKMWprd0Z2dFlSMEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUag/AwQA
WdVEMA0GCSqGSIb3DQEBCwUAA4IBAQCQFC1HNR21oFyuCyMtVWjsAUg5DwZzQIdN
Qhl0B3mVFq0q0VN2qy6AY7776ff73STQdt/PnCXOyq//4U1I5Lg9kUM6+pflJhpW
YRT410cGrldHY0vGpL956qh+Om8kmbUrgYe+S/wldCp2XWsQAiK30dsqrhYWzkKM
BTxTwgBcEBxvUHXyYUVpdanQXPGbYU6BUj6qc4MKyKpIR9CcwYJkvkQPaSOD1Vm+
Onb+wLFxdysiEFXYm7TpSiu/hMf1ZNljTWU+aWYG5zf99iYj16TUadHImf3hXwNY
CrLWOtzvJhprdsyyg4i1P/iJ1rRTsIo39lsU8xVukYUyEPXp0DbW
-----END CERTIFICATE-----