Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/iDGiu9b2-5gZed1g0VFujNY9Peg.roa
File:                     iDGiu9b2-5gZed1g0VFujNY9Peg.roa (raw, json)
Hash identifier:          ZId1dGdqtQ2GMpbChYr39bY2N4BezjujTh90i4mM35w=
Subject key identifier:   88:31:A2:BB:D6:F6:FB:98:19:79:DD:60:D1:51:6E:8C:D6:3D:3D:E8
Certificate issuer:       /CN=3de4598e21736501a73944c107114c850c7d8b09
Certificate serial:       019E9E60E28FC6C5AB37E6C997544AED2D8F
Authority key identifier: 3D:E4:59:8E:21:73:65:01:A7:39:44:C1:07:11:4C:85:0C:7D:8B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/iDGiu9b2-5gZed1g0VFujNY9Peg.roa
Signing time:             Sat 06 Jun 2026 19:20:09 +0000
ROA not before:           Sat 06 Jun 2026 19:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196750
IP address blocks:        37.153.0.0/18 maxlen: 18
                          2a0e:ba00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:60:e2:8f:c6:c5:ab:37:e6:c9:97:54:4a:ed:2d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de4598e21736501a73944c107114c850c7d8b09
        Validity
            Not Before: Jun  6 19:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8831a2bbd6f6fb981979dd60d1516e8cd63d3de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:84:4d:d8:c2:20:d1:70:de:4e:27:20:6a:bf:
                    86:ab:e9:3c:34:77:9c:53:aa:67:9b:25:da:c4:f9:
                    d1:65:72:3c:74:c4:04:88:fa:b3:f1:c1:cf:f5:9d:
                    63:31:5c:f4:df:35:c6:97:86:b6:25:68:aa:f4:56:
                    a0:86:56:e1:73:2a:b9:bf:a3:1d:b6:80:80:b7:57:
                    d7:95:56:2d:d5:05:5a:94:62:55:6a:e1:25:b9:86:
                    2d:5b:d3:d0:7e:93:ff:5b:0c:11:f5:b7:66:e5:23:
                    ca:1e:52:6e:e7:7e:19:bc:30:c1:21:62:72:24:16:
                    a5:7b:4b:57:b5:c9:b0:6c:b8:32:25:40:58:43:47:
                    db:bc:30:26:eb:85:19:d1:f4:31:dc:1e:a2:d3:99:
                    56:01:da:bb:d1:4b:d7:22:b0:e1:f0:1b:0a:d9:eb:
                    45:a4:bd:77:1c:5b:18:43:48:c6:1c:97:9c:ef:d5:
                    fe:c2:66:66:39:96:f5:1f:f2:48:86:ec:6e:42:e6:
                    5e:97:d9:38:44:17:a7:b3:c4:e1:3c:d7:6d:81:51:
                    de:af:52:14:18:d4:6f:67:83:18:dc:09:a1:a3:72:
                    b2:68:da:2e:0e:ea:cd:a2:44:50:1c:6d:80:e3:8b:
                    fa:62:63:b0:22:6d:c7:f0:67:6b:08:e8:53:00:89:
                    1b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:31:A2:BB:D6:F6:FB:98:19:79:DD:60:D1:51:6E:8C:D6:3D:3D:E8
            X509v3 Authority Key Identifier:
                keyid:3D:E4:59:8E:21:73:65:01:A7:39:44:C1:07:11:4C:85:0C:7D:8B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/iDGiu9b2-5gZed1g0VFujNY9Peg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.0.0/18
                IPv6:
                  2a0e:ba00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:51:a9:cf:0f:d1:31:9f:4f:7f:3d:78:2a:7a:6b:8d:6d:ac:
         bf:91:17:77:f1:7e:63:aa:40:fa:6e:ba:8c:b6:ec:71:6c:e6:
         e4:e4:1c:8b:ee:e4:a0:56:e9:03:d9:44:76:c3:d3:51:7f:9a:
         34:28:ca:44:cc:a1:7c:2a:50:00:aa:9a:a3:82:55:1f:ac:a0:
         9b:d4:04:53:1c:fe:b2:56:42:74:4a:f2:bd:97:58:f7:89:01:
         d1:d3:86:3a:a6:cd:4a:37:c6:cf:e8:34:2f:19:61:a9:28:e8:
         b9:43:6a:9e:7b:6d:e8:22:e1:13:31:de:a7:24:a3:94:80:dd:
         e0:84:03:9d:b8:52:7f:22:59:44:67:c2:85:fc:fa:92:ca:44:
         4c:3a:39:55:79:2e:be:c1:f4:7b:7a:7d:d2:a0:ee:f7:5d:d7:
         43:cf:0c:f4:b3:69:e3:77:b1:1e:77:5b:b0:9b:29:c5:98:a4:
         18:a4:47:77:ec:c4:c5:8a:72:73:83:a5:99:27:d1:37:4c:6a:
         07:8f:a3:ba:f3:57:6f:61:25:7a:8e:99:ea:da:47:38:0e:9d:
         49:99:5f:82:d9:92:95:52:18:bd:ed:ef:8f:ed:8b:36:2c:07:
         d3:de:16:bd:65:a4:d7:87:79:7a:7f:d9:f0:4a:53:75:df:8a:
         fd:7d:a2:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6eYOKPxsWrN+bJl1RK7S2PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTQ1OThlMjE3MzY1MDFhNzM5NDRjMTA3MTE0Yzg1MGM3
ZDhiMDkwHhcNMjYwNjA2MTkyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMxYTJiYmQ2ZjZmYjk4MTk3OWRkNjBkMTUxNmU4Y2Q2M2QzZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYRN2MIg0XDeTicgar+Gq+k8NHec
U6pnmyXaxPnRZXI8dMQEiPqz8cHP9Z1jMVz03zXGl4a2JWiq9Faghlbhcyq5v6Md
toCAt1fXlVYt1QValGJVauEluYYtW9PQfpP/WwwR9bdm5SPKHlJu534ZvDDBIWJy
JBale0tXtcmwbLgyJUBYQ0fbvDAm64UZ0fQx3B6i05lWAdq70UvXIrDh8BsK2etF
pL13HFsYQ0jGHJec79X+wmZmOZb1H/JIhuxuQuZel9k4RBens8ThPNdtgVHer1IU
GNRvZ4MY3Amho3KyaNouDurNokRQHG2A44v6YmOwIm3H8GdrCOhTAIkbOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIgxorvW9vuYGXndYNFRbozWPT3oMB8GA1UdIwQY
MBaAFD3kWY4hc2UBpzlEwQcRTIUMfYsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVSWmppRnpaUUduT1VUQkJ4Rk1oUXg5aXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi80ZDNiOGMtNzIzOS00ODNjLWE0OGMt
N2Q2MDhiZWUzMTY3LzEvaURHaXU5YjItNWdaZWQxZzBWRnVqTlk5UGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi80ZDNiOGMtNzIzOS00ODNjLWE0OGMtN2Q2MDhiZWUzMTY3
LzEvUGVSWmppRnpaUUduT1VUQkJ4Rk1oUXg5aXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGJZkAMA0E
AgACMAcDBQMqDroAMA0GCSqGSIb3DQEBCwUAA4IBAQAvUanPD9Exn09/PXgqemuN
bay/kRd38X5jqkD6brqMtuxxbObk5ByL7uSgVukD2UR2w9NRf5o0KMpEzKF8KlAA
qpqjglUfrKCb1ARTHP6yVkJ0SvK9l1j3iQHR04Y6ps1KN8bP6DQvGWGpKOi5Q2qe
e23oIuETMd6nJKOUgN3ghAOduFJ/IllEZ8KF/PqSykRMOjlVeS6+wfR7en3SoO73
XddDzwz0s2njd7Eed1uwmynFmKQYpEd37MTFinJzg6WZJ9E3TGoHj6O681dvYSV6
jpnq2kc4Dp1JmV+C2ZKVUhi97e+P7Ys2LAfT3ha9ZaTXh3l6f9nwSlN134r9faIs
-----END CERTIFICATE-----