Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/hl3Yd95fQNxwoRIo3-4kn7W_Dcs.roa
File:                     hl3Yd95fQNxwoRIo3-4kn7W_Dcs.roa (raw, json)
Hash identifier:          bf3A6eur16fDQenvn2mn0EiiLqdDCmb0v7sPr8NzgvI=
Subject key identifier:   86:5D:D8:77:DE:5F:40:DC:70:A1:12:28:DF:EE:24:9F:B5:BF:0D:CB
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       019D709583F4CEF20076DB4D1C484D80AAFC
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/hl3Yd95fQNxwoRIo3-4kn7W_Dcs.roa
Signing time:             Thu 09 Apr 2026 04:52:20 +0000
ROA not before:           Thu 09 Apr 2026 04:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210644
IP address blocks:        77.73.131.0/24 maxlen: 24
                          77.73.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:70:95:83:f4:ce:f2:00:76:db:4d:1c:48:4d:80:aa:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Apr  9 04:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=865dd877de5f40dc70a11228dfee249fb5bf0dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:66:fc:fc:ee:be:9c:47:bb:f6:4f:00:21:e0:
                    59:4a:76:67:70:ae:03:fd:65:8d:9e:15:e1:82:7c:
                    3d:e0:c0:c8:5b:39:84:63:8e:c1:ad:24:7e:b9:52:
                    6b:6e:80:fd:ae:24:86:d4:3e:5d:6c:97:1f:a2:cc:
                    28:ed:a0:5d:41:b0:64:61:f5:7e:22:79:f3:c9:e4:
                    21:49:82:d9:b7:4f:f4:18:93:f6:8e:7c:65:eb:5f:
                    4c:ba:78:1b:a1:2e:b9:ce:f1:bd:26:8f:f8:c7:f9:
                    a5:ef:4f:01:de:f8:66:c3:75:2c:d1:b7:7c:2e:91:
                    d1:a2:16:b3:27:b1:b7:ca:02:92:c9:d4:60:b4:08:
                    99:09:dd:9d:af:46:a6:43:b8:1e:4d:9c:df:6f:8f:
                    08:ef:d3:cc:ca:72:ca:38:35:a4:85:54:95:66:2d:
                    99:79:df:0a:b5:00:a8:f0:14:d5:47:af:92:8d:4d:
                    ec:bb:5f:03:02:eb:dd:99:66:ae:c6:28:e8:d4:e5:
                    04:3e:f2:ba:d5:b7:40:cb:23:0f:fa:01:ce:f0:3a:
                    05:6b:36:69:aa:91:5b:b8:c0:19:30:64:04:fc:57:
                    04:ed:59:44:9b:78:67:96:d7:16:2f:ad:63:33:56:
                    71:88:fb:af:1f:c8:ce:d9:88:59:1b:72:a2:5f:4b:
                    91:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5D:D8:77:DE:5F:40:DC:70:A1:12:28:DF:EE:24:9F:B5:BF:0D:CB
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/hl3Yd95fQNxwoRIo3-4kn7W_Dcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.131.0/24
                  77.73.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:53:ef:b6:f4:df:25:5f:c2:1e:fe:8b:88:3d:65:f4:aa:36:
         c5:74:ab:58:51:9a:a2:99:3d:7e:c9:20:96:01:9f:e1:6b:a3:
         95:07:28:02:8a:8c:32:b2:96:87:e7:e2:26:30:39:0b:e8:3d:
         12:46:9a:2f:9f:cd:8f:28:cb:01:35:08:d7:85:0f:61:ae:bb:
         6f:af:ad:94:0f:f8:87:b2:80:da:a4:3e:36:3f:d8:cb:f1:a7:
         b1:f0:3c:a4:66:fe:c1:df:fc:c0:a6:ef:13:9a:05:0c:02:59:
         dc:93:74:a7:90:a8:4e:98:88:3d:03:d2:d6:ba:bc:f4:dc:c3:
         d6:bb:13:66:9f:62:1f:b8:92:ce:0a:45:23:32:0d:9b:65:fd:
         57:00:16:f1:64:af:4e:25:af:8b:ec:1a:a3:10:53:af:52:e4:
         e9:d8:2b:6c:63:02:69:17:ad:82:5c:2c:d6:15:69:42:84:d9:
         8a:0a:75:8d:8d:b1:aa:d2:39:73:c8:58:c7:7a:6d:70:60:65:
         61:51:59:1b:8b:9d:90:17:56:bd:aa:26:99:8b:d5:da:93:55:
         a9:6a:93:5e:91:39:d0:a0:0b:de:92:8d:8b:23:c1:39:61:ab:
         e2:74:c4:cd:91:6e:b8:8a:2f:be:a7:e1:73:79:34:86:fe:39:
         17:72:63:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1wlYP0zvIAdttNHEhNgKr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjYwNDA5MDQ1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVkZDg3N2RlNWY0MGRjNzBhMTEyMjhkZmVlMjQ5ZmI1YmYwZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWb8/O6+nEe79k8AIeBZSnZncK4D
/WWNnhXhgnw94MDIWzmEY47BrSR+uVJrboD9riSG1D5dbJcfoswo7aBdQbBkYfV+
InnzyeQhSYLZt0/0GJP2jnxl619MungboS65zvG9Jo/4x/ml708B3vhmw3Us0bd8
LpHRohazJ7G3ygKSydRgtAiZCd2dr0amQ7geTZzfb48I79PMynLKODWkhVSVZi2Z
ed8KtQCo8BTVR6+SjU3su18DAuvdmWauxijo1OUEPvK61bdAyyMP+gHO8DoFazZp
qpFbuMAZMGQE/FcE7VlEm3hnltcWL61jM1ZxiPuvH8jO2YhZG3KiX0uR9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZd2HfeX0DccKESKN/uJJ+1vw3LMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvaGwzWWQ5NWZRTnh3b1JJbzMtNGtuN1dfRGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUmDAwQA
TUmHMA0GCSqGSIb3DQEBCwUAA4IBAQBhU++29N8lX8Ie/ouIPWX0qjbFdKtYUZqi
mT1+ySCWAZ/ha6OVBygCiowyspaH5+ImMDkL6D0SRpovn82PKMsBNQjXhQ9hrrtv
r62UD/iHsoDapD42P9jL8aex8DykZv7B3/zApu8TmgUMAlnck3SnkKhOmIg9A9LW
urz03MPWuxNmn2IfuJLOCkUjMg2bZf1XABbxZK9OJa+L7BqjEFOvUuTp2CtsYwJp
F62CXCzWFWlChNmKCnWNjbGq0jlzyFjHem1wYGVhUVkbi52QF1a9qiaZi9Xak1Wp
apNekTnQoAveko2LI8E5YavidMTNkW64ii++p+FzeTSG/jkXcmNu
-----END CERTIFICATE-----