Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/L3xiDt_DxrLi4lqDX4KsweyPBfU.roa
File:                     L3xiDt_DxrLi4lqDX4KsweyPBfU.roa (raw, json)
Hash identifier:          mBvswTZSHAsOBHr7dGG73RpsdwizI277vUMRdc8O0TI=
Subject key identifier:   2F:7C:62:0E:DF:C3:C6:B2:E2:E2:5A:83:5F:82:AC:C1:EC:8F:05:F5
Certificate issuer:       /CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
Certificate serial:       019B7B3661EDD500836412342E964C77121C
Authority key identifier: 4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/L3xiDt_DxrLi4lqDX4KsweyPBfU.roa
Signing time:             Thu 01 Jan 2026 20:18:40 +0000
ROA not before:           Thu 01 Jan 2026 20:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41310
IP address blocks:        89.249.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:61:ed:d5:00:83:64:12:34:2e:96:4c:77:12:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
        Validity
            Not Before: Jan  1 20:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f7c620edfc3c6b2e2e25a835f82acc1ec8f05f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:0c:81:9d:14:cf:a3:4e:be:9d:9a:55:99:
                    9f:7e:35:94:e4:54:fb:5d:c4:70:6c:36:2e:bd:bb:
                    dd:4a:e8:4b:3a:3c:d2:21:e9:1f:49:83:99:15:b7:
                    56:71:d9:9d:7d:79:fe:40:b7:49:26:fa:7e:e2:10:
                    e7:8c:da:f5:80:73:54:0f:94:e0:d3:b2:f3:a6:ec:
                    c9:af:cd:d6:8f:97:d9:69:46:07:56:3b:aa:ca:a1:
                    d3:d0:7d:47:63:06:70:db:30:73:b2:b9:3b:42:0e:
                    f8:53:e0:1f:6e:1e:c7:61:22:25:4b:ff:0f:a6:63:
                    c3:b9:91:31:4d:eb:87:a8:6e:92:c5:47:0d:a4:31:
                    03:a0:b1:0d:60:95:ce:05:a5:74:17:e1:a2:13:03:
                    cf:d9:87:d6:31:be:dc:4b:3d:70:66:91:c2:f9:45:
                    18:d9:19:f2:cd:79:bb:d4:e0:3f:07:15:c3:32:a9:
                    ee:7d:36:a2:c6:d8:07:33:d1:3d:4a:43:24:60:cb:
                    d9:a8:91:c7:6f:99:38:54:d2:b8:24:f3:54:00:e4:
                    d4:47:98:51:c9:e2:57:b5:f4:89:99:24:51:12:02:
                    c2:8c:c1:92:14:19:35:8c:17:cb:d9:0f:23:a1:b5:
                    15:62:71:93:78:23:f0:f9:2d:84:23:fc:c4:a2:42:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7C:62:0E:DF:C3:C6:B2:E2:E2:5A:83:5F:82:AC:C1:EC:8F:05:F5
            X509v3 Authority Key Identifier:
                keyid:4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/L3xiDt_DxrLi4lqDX4KsweyPBfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:bf:f2:23:ff:6c:c1:7b:75:a0:ca:d2:38:c5:4f:09:80:78:
         0a:72:79:47:2b:f5:ff:78:bd:78:0b:f7:2c:5a:8d:4e:73:d5:
         00:9f:06:4f:6f:c1:09:7d:8d:53:1a:e1:f8:56:f6:0c:a5:8e:
         c0:4e:38:32:c7:d6:94:87:e5:22:a2:95:8c:cf:70:de:9a:ee:
         53:f4:78:3e:0b:de:94:2d:ac:6a:b7:d2:af:54:e4:f8:95:bd:
         4a:6e:ca:bf:2c:35:a3:2c:26:c4:5d:dc:06:ea:60:7a:cd:d3:
         b7:17:ac:c1:60:01:aa:c7:ef:6d:b4:dd:bf:6e:ad:f8:ce:10:
         f8:37:f1:2c:a8:2b:64:ad:e3:7f:e8:97:99:17:c5:92:00:50:
         02:6a:cf:35:fb:dc:7b:6a:c8:ae:ee:2a:68:c4:66:1c:6f:c2:
         fb:5f:ff:1d:94:06:db:60:81:6c:25:c9:1b:06:2f:b2:27:43:
         80:d3:dd:23:3f:ea:1c:a5:0a:f8:7d:c3:c4:dd:8a:16:7c:2c:
         ca:4a:26:d5:3e:29:27:ab:0f:6c:8d:b6:b7:81:1a:4c:57:81:
         77:3c:d9:a1:73:94:9b:eb:dc:3c:f2:a9:58:41:87:e2:26:36:
         2a:55:e8:39:e7:da:ec:60:59:c3:91:d7:50:85:a5:9d:c1:f2:
         af:1a:70:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NmHt1QCDZBI0LpZMdxIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWViYjliMDUxYWQ1ZWM3YTM2OTg5ZmMzZmNjOTRjMWNh
YmNjNzQwHhcNMjYwMTAxMjAxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdjNjIwZWRmYzNjNmIyZTJlMjVhODM1ZjgyYWNjMWVjOGYwNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfwMgZ0Uz6NOvp2aVZmffjWU5FT7
XcRwbDYuvbvdSuhLOjzSIekfSYOZFbdWcdmdfXn+QLdJJvp+4hDnjNr1gHNUD5Tg
07LzpuzJr83Wj5fZaUYHVjuqyqHT0H1HYwZw2zBzsrk7Qg74U+Afbh7HYSIlS/8P
pmPDuZExTeuHqG6SxUcNpDEDoLENYJXOBaV0F+GiEwPP2YfWMb7cSz1wZpHC+UUY
2RnyzXm71OA/BxXDMqnufTaixtgHM9E9SkMkYMvZqJHHb5k4VNK4JPNUAOTUR5hR
yeJXtfSJmSRREgLCjMGSFBk1jBfL2Q8jobUVYnGTeCPw+S2EI/zEokIjsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC98Yg7fw8ay4uJag1+CrMHsjwX1MB8GA1UdIwQY
MBaAFE5eu5sFGtXsejaYn8P8yUwcq8x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUt
YzJmZDBmOTU4ZDRiLzEvTDN4aUR0X0R4ckxpNGxxRFg0S3N3ZXlQQmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUtYzJmZDBmOTU4ZDRi
LzEvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfkwMA0G
CSqGSIb3DQEBCwUAA4IBAQCqv/Ij/2zBe3WgytI4xU8JgHgKcnlHK/X/eL14C/cs
Wo1Oc9UAnwZPb8EJfY1TGuH4VvYMpY7ATjgyx9aUh+UiopWMz3Demu5T9Hg+C96U
Laxqt9KvVOT4lb1Kbsq/LDWjLCbEXdwG6mB6zdO3F6zBYAGqx+9ttN2/bq34zhD4
N/EsqCtkreN/6JeZF8WSAFACas81+9x7asiu7ipoxGYcb8L7X/8dlAbbYIFsJckb
Bi+yJ0OA090jP+ocpQr4fcPE3YoWfCzKSibVPiknqw9sjba3gRpMV4F3PNmhc5Sb
69w88qlYQYfiJjYqVeg559rsYFnDkddQhaWdwfKvGnCf
-----END CERTIFICATE-----