Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/3TZvjEfkPGnfb-tMF5tui2UzMj0.roa
File:                     3TZvjEfkPGnfb-tMF5tui2UzMj0.roa (raw, json)
Hash identifier:          QOEhgl7wja/sJ10iRCnuW/2g1XbkedQKiYSWjxKqvZE=
Subject key identifier:   DD:36:6F:8C:47:E4:3C:69:DF:6F:EB:4C:17:9B:6E:8B:65:33:32:3D
Certificate issuer:       /CN=a87bc832f412b79f730166ec57eb36c1a35b0689
Certificate serial:       019EA7C8B885A3FC8F6F6C23B2D7EAE62B98
Authority key identifier: A8:7B:C8:32:F4:12:B7:9F:73:01:66:EC:57:EB:36:C1:A3:5B:06:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHvIMvQSt59zAWbsV-s2waNbBok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/3TZvjEfkPGnfb-tMF5tui2UzMj0.roa
Signing time:             Mon 08 Jun 2026 15:10:09 +0000
ROA not before:           Mon 08 Jun 2026 15:10:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        193.150.48.0/24 maxlen: 24
                          193.201.122.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/qHvIMvQSt59zAWbsV-s2waNbBok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/qHvIMvQSt59zAWbsV-s2waNbBok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHvIMvQSt59zAWbsV-s2waNbBok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:c8:b8:85:a3:fc:8f:6f:6c:23:b2:d7:ea:e6:2b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87bc832f412b79f730166ec57eb36c1a35b0689
        Validity
            Not Before: Jun  8 15:10:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd366f8c47e43c69df6feb4c179b6e8b6533323d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:93:29:31:65:21:d1:25:0d:2b:ae:41:99:34:
                    d2:cd:7c:09:5d:96:bc:e0:fa:ea:0f:88:59:ee:98:
                    9d:b8:d7:f2:ef:b8:1f:bd:bf:54:ce:e3:70:47:34:
                    16:7b:f1:e1:2f:0f:91:21:f2:74:ab:d3:98:9e:a5:
                    97:ac:e4:8f:bc:05:77:02:a2:f7:db:dd:7f:ea:72:
                    48:14:36:c7:4e:2c:9d:9f:f1:8d:41:0f:f9:30:40:
                    9f:ef:9b:b4:69:06:e3:60:32:70:cd:29:ac:12:f1:
                    5b:22:26:45:0b:ed:16:13:8e:53:ae:bd:65:28:42:
                    8e:db:9b:e6:d4:79:19:ce:ee:bf:3f:b7:a0:7a:50:
                    2d:26:f6:1b:88:c2:be:98:6b:0e:48:ea:f6:a3:7b:
                    ed:44:8f:bb:7b:5e:14:c3:db:a1:08:a0:05:d2:25:
                    32:70:b5:6e:99:49:21:cd:9b:64:cd:22:79:79:b8:
                    16:3a:93:90:0c:1e:03:fc:b3:ef:2e:9f:18:22:a4:
                    86:2c:f7:ac:25:04:8c:4e:e6:62:c9:20:39:9a:d5:
                    64:ee:5d:86:f6:3f:0f:ac:dc:6a:f5:ee:d4:31:04:
                    f0:0e:2b:e4:9b:07:19:51:6f:2e:4f:6e:a4:4e:d0:
                    ec:d6:b9:91:ce:1f:7e:f8:1f:39:86:9c:aa:ae:75:
                    6c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:36:6F:8C:47:E4:3C:69:DF:6F:EB:4C:17:9B:6E:8B:65:33:32:3D
            X509v3 Authority Key Identifier:
                keyid:A8:7B:C8:32:F4:12:B7:9F:73:01:66:EC:57:EB:36:C1:A3:5B:06:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHvIMvQSt59zAWbsV-s2waNbBok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/3TZvjEfkPGnfb-tMF5tui2UzMj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/039057-f1ca-46e4-8237-a764ada8b95e/1/qHvIMvQSt59zAWbsV-s2waNbBok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.48.0/24
                  193.201.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:d6:18:44:93:73:ef:26:61:c3:ac:a1:3a:59:39:bd:c4:d4:
         d8:65:f4:b5:42:de:a1:f8:ae:b6:49:69:66:31:80:14:79:b0:
         ed:be:49:49:a1:8e:80:c6:cb:03:4a:37:66:f9:fd:72:88:79:
         85:58:83:91:04:5c:01:64:5d:ec:1f:44:39:37:56:d8:de:f0:
         1b:c6:46:8c:b2:b3:60:5f:5f:af:c8:51:13:d4:27:bc:09:67:
         b4:d3:b8:c3:ec:0b:45:3d:25:4d:bf:0a:49:17:59:85:7d:68:
         1e:eb:2c:fe:bf:a8:05:ab:81:93:d8:c4:76:54:f4:d6:5d:95:
         dd:52:21:1e:62:19:d9:99:32:18:53:ab:ae:c6:f1:c0:1f:22:
         8f:b9:7f:6d:03:a8:9b:fb:ee:53:9b:c9:35:9c:79:3e:d1:e8:
         66:65:a0:4a:41:b7:6d:86:d3:02:a5:60:bf:5e:fa:07:42:b7:
         4a:ae:7c:5e:05:5c:c1:e3:7a:3d:d3:14:7f:59:35:f0:b5:56:
         0f:dd:b6:1b:62:c7:1b:97:ad:6a:98:9d:6d:3d:2c:02:45:4b:
         39:25:93:29:3a:f8:5e:75:fe:51:73:ac:10:d2:22:27:b7:a2:
         c3:1b:ef:fc:ef:25:e3:23:10:0c:13:e7:c2:b0:be:31:bf:d6:
         57:6d:97:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6nyLiFo/yPb2wjstfq5iuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4N2JjODMyZjQxMmI3OWY3MzAxNjZlYzU3ZWIzNmMxYTM1
YjA2ODkwHhcNMjYwNjA4MTUxMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM2NmY4YzQ3ZTQzYzY5ZGY2ZmViNGMxNzliNmU4YjY1MzMzMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZMpMWUh0SUNK65BmTTSzXwJXZa8
4PrqD4hZ7piduNfy77gfvb9UzuNwRzQWe/HhLw+RIfJ0q9OYnqWXrOSPvAV3AqL3
291/6nJIFDbHTiydn/GNQQ/5MECf75u0aQbjYDJwzSmsEvFbIiZFC+0WE45Trr1l
KEKO25vm1HkZzu6/P7egelAtJvYbiMK+mGsOSOr2o3vtRI+7e14Uw9uhCKAF0iUy
cLVumUkhzZtkzSJ5ebgWOpOQDB4D/LPvLp8YIqSGLPesJQSMTuZiySA5mtVk7l2G
9j8PrNxq9e7UMQTwDivkmwcZUW8uT26kTtDs1rmRzh9++B85hpyqrnVskQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN02b4xH5Dxp32/rTBebbotlMzI9MB8GA1UdIwQY
MBaAFKh7yDL0ErefcwFm7FfrNsGjWwaJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUh2SU12UVN0NTl6QVdic1YtczJ3YU5iQm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wMzkwNTctZjFjYS00NmU0LTgyMzct
YTc2NGFkYThiOTVlLzEvM1RadmpFZmtQR25mYi10TUY1dHVpMlV6TWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wMzkwNTctZjFjYS00NmU0LTgyMzctYTc2NGFkYThiOTVl
LzEvcUh2SU12UVN0NTl6QVdic1YtczJ3YU5iQm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwZYwAwQB
wcl6MA0GCSqGSIb3DQEBCwUAA4IBAQBX1hhEk3PvJmHDrKE6WTm9xNTYZfS1Qt6h
+K62SWlmMYAUebDtvklJoY6AxssDSjdm+f1yiHmFWIORBFwBZF3sH0Q5N1bY3vAb
xkaMsrNgX1+vyFET1Ce8CWe007jD7AtFPSVNvwpJF1mFfWge6yz+v6gFq4GT2MR2
VPTWXZXdUiEeYhnZmTIYU6uuxvHAHyKPuX9tA6ib++5Tm8k1nHk+0ehmZaBKQbdt
htMCpWC/XvoHQrdKrnxeBVzB43o90xR/WTXwtVYP3bYbYscbl61qmJ1tPSwCRUs5
JZMpOvhedf5Rc6wQ0iInt6LDG+/87yXjIxAME+fCsL4xv9ZXbZdX
-----END CERTIFICATE-----