Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/NLYSEvng8AX2VRtPGTIcyZbKRjk.roa
File:                     NLYSEvng8AX2VRtPGTIcyZbKRjk.roa (raw, json)
Hash identifier:          Y4zpwbKI5+zqZBTRqFeBCG4Xc2c73w3Ij+kGXRrc9Tg=
Subject key identifier:   34:B6:12:12:F9:E0:F0:05:F6:55:1B:4F:19:32:1C:C9:96:CA:46:39
Certificate issuer:       /CN=4732d0fce83fb67382ceace3756c8b13c0a95c98
Certificate serial:       019B77596BCF8425532731E9F9D779FBAC4A
Authority key identifier: 47:32:D0:FC:E8:3F:B6:73:82:CE:AC:E3:75:6C:8B:13:C0:A9:5C:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/NLYSEvng8AX2VRtPGTIcyZbKRjk.roa
Signing time:             Thu 01 Jan 2026 02:18:27 +0000
ROA not before:           Thu 01 Jan 2026 02:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213193
IP address blocks:        88.218.156.0/24 maxlen: 24
                          88.218.157.0/24 maxlen: 24
                          88.218.158.0/24 maxlen: 24
                          88.218.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:6b:cf:84:25:53:27:31:e9:f9:d7:79:fb:ac:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4732d0fce83fb67382ceace3756c8b13c0a95c98
        Validity
            Not Before: Jan  1 02:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34b61212f9e0f005f6551b4f19321cc996ca4639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:65:0e:b8:dc:4f:96:67:5c:ce:67:8c:66:8f:
                    67:57:af:2b:ae:03:4e:10:a2:28:26:51:25:bd:c1:
                    e7:b7:70:c5:e5:fc:1e:ed:08:69:2d:32:b1:09:6c:
                    e2:c3:b8:10:d0:57:e4:d8:22:5c:d0:56:bb:18:31:
                    b2:d2:a4:c8:8d:76:f4:8f:61:8e:9c:c7:c7:7a:50:
                    07:2b:ae:9a:09:dd:22:d1:88:c8:90:b9:61:71:cc:
                    5e:4c:38:58:18:5a:d8:bf:70:8e:32:d8:a6:52:7b:
                    38:7d:17:14:f2:04:10:e6:23:97:8b:3c:ed:8f:f2:
                    20:32:4c:8c:ff:fd:ab:5d:ee:d2:f0:22:1a:a1:d3:
                    ee:43:68:0b:77:cc:f0:71:a1:45:7a:14:93:ac:1f:
                    ad:8c:f8:d0:c4:69:2e:fb:19:e4:b5:64:1b:4c:14:
                    ad:90:21:0f:f8:fe:cb:3b:3b:df:b1:8c:33:cd:8b:
                    4a:d7:f2:f8:0c:a9:4e:2c:b4:98:ee:5d:c8:3b:7c:
                    ab:da:9e:59:7e:12:8c:42:06:58:be:1c:0b:0a:1a:
                    3e:a2:df:ad:ea:d1:20:eb:ed:38:df:33:55:df:30:
                    fd:26:71:9f:73:b3:3b:88:8a:9f:c7:67:8e:2d:14:
                    8d:32:a1:f5:ab:0f:e9:c6:44:b0:d9:d4:a6:4d:08:
                    9e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B6:12:12:F9:E0:F0:05:F6:55:1B:4F:19:32:1C:C9:96:CA:46:39
            X509v3 Authority Key Identifier:
                keyid:47:32:D0:FC:E8:3F:B6:73:82:CE:AC:E3:75:6C:8B:13:C0:A9:5C:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/NLYSEvng8AX2VRtPGTIcyZbKRjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:f6:f4:95:45:0b:a9:f0:99:c6:37:3c:02:29:58:af:c6:c7:
         94:e6:3c:bb:84:62:a5:fa:4d:f4:cd:a2:42:9b:ad:e0:c8:6a:
         ab:c5:ea:00:d2:03:60:c9:88:e9:18:da:3a:2f:0d:12:38:c0:
         ac:43:e3:6c:5b:d9:b8:57:d9:5b:33:01:ff:79:9b:53:9a:6e:
         7b:e6:37:bf:cb:2a:e5:c3:23:5e:e7:bc:24:3e:63:39:7a:ea:
         db:dd:b8:9e:62:49:d4:27:94:fd:89:2d:4d:29:4b:b4:40:35:
         1d:e4:60:b4:09:27:60:99:0f:e1:11:da:d7:8f:ba:c1:64:a9:
         81:cc:6f:22:53:06:0c:92:90:22:d7:46:af:6b:25:25:ee:98:
         ae:30:f9:f6:3f:d0:7e:5c:ee:b0:d9:3b:c7:89:5b:d4:3a:39:
         c9:11:ad:0b:1b:6a:be:2c:a6:18:4a:87:07:90:61:ab:b0:9d:
         b7:a1:79:95:c7:aa:38:9c:f5:66:9c:26:b3:6a:6b:53:2c:b2:
         04:14:a3:03:68:aa:a0:97:42:95:31:0b:3f:c1:0a:e2:ad:b6:
         87:96:ab:ea:33:3b:48:4b:e6:a1:f6:cf:7a:6d:f2:46:fc:07:
         96:6a:11:a1:24:76:c3:17:84:3c:e3:85:ed:bb:6b:af:fd:64:
         1f:32:8a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WWvPhCVTJzHp+dd5+6xKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzJkMGZjZTgzZmI2NzM4MmNlYWNlMzc1NmM4YjEzYzBh
OTVjOTgwHhcNMjYwMTAxMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI2MTIxMmY5ZTBmMDA1ZjY1NTFiNGYxOTMyMWNjOTk2Y2E0NjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWUOuNxPlmdczmeMZo9nV68rrgNO
EKIoJlElvcHnt3DF5fwe7QhpLTKxCWziw7gQ0Ffk2CJc0Fa7GDGy0qTIjXb0j2GO
nMfHelAHK66aCd0i0YjIkLlhccxeTDhYGFrYv3COMtimUns4fRcU8gQQ5iOXizzt
j/IgMkyM//2rXe7S8CIaodPuQ2gLd8zwcaFFehSTrB+tjPjQxGku+xnktWQbTBSt
kCEP+P7LOzvfsYwzzYtK1/L4DKlOLLSY7l3IO3yr2p5ZfhKMQgZYvhwLCho+ot+t
6tEg6+043zNV3zD9JnGfc7M7iIqfx2eOLRSNMqH1qw/pxkSw2dSmTQieyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDS2EhL54PAF9lUbTxkyHMmWykY5MB8GA1UdIwQY
MBaAFEcy0PzoP7Zzgs6s43VsixPAqVyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpMUV9PZ190bk9DenF6amRXeUxFOENwWEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kY2FjZDItZDc4MC00NmY3LWE1YjYt
NzljYzdhMTRiZjlhLzEvTkxZU0V2bmc4QVgyVlJ0UEdUSWN5WmJLUmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kY2FjZDItZDc4MC00NmY3LWE1YjYtNzljYzdhMTRiZjlh
LzEvUnpMUV9PZ190bk9DenF6amRXeUxFOENwWEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNqcMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ9vSVRQup8JnGNzwCKVivxseU5jy7hGKl+k30zaJC
m63gyGqrxeoA0gNgyYjpGNo6Lw0SOMCsQ+NsW9m4V9lbMwH/eZtTmm575je/yyrl
wyNe57wkPmM5eurb3bieYknUJ5T9iS1NKUu0QDUd5GC0CSdgmQ/hEdrXj7rBZKmB
zG8iUwYMkpAi10avayUl7piuMPn2P9B+XO6w2TvHiVvUOjnJEa0LG2q+LKYYSocH
kGGrsJ23oXmVx6o4nPVmnCazamtTLLIEFKMDaKqgl0KVMQs/wQrirbaHlqvqMztI
S+ah9s96bfJG/AeWahGhJHbDF4Q844Xtu2uv/WQfMooQ
-----END CERTIFICATE-----