Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/VYAgH06Dd2AAmtmMRcX62MSmu30.roa
File:                     VYAgH06Dd2AAmtmMRcX62MSmu30.roa (raw, json)
Hash identifier:          wWglSYNfzNqJ/P/vIT/3W6rtPuW+K+dqOVOaQCUvhaY=
Subject key identifier:   55:80:20:1F:4E:83:77:60:00:9A:D9:8C:45:C5:FA:D8:C4:A6:BB:7D
Certificate issuer:       /CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
Certificate serial:       019D9AE177563BCF23BA11C1498701178806
Authority key identifier: D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/VYAgH06Dd2AAmtmMRcX62MSmu30.roa
Signing time:             Fri 17 Apr 2026 09:59:20 +0000
ROA not before:           Fri 17 Apr 2026 09:59:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13879
IP address blocks:        89.147.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:e1:77:56:3b:cf:23:ba:11:c1:49:87:01:17:88:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
        Validity
            Not Before: Apr 17 09:59:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5580201f4e837760009ad98c45c5fad8c4a6bb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6b:14:61:a1:a6:01:20:d9:a1:d2:2a:18:29:
                    31:9f:dd:54:e9:56:9e:09:23:48:9b:d8:5d:48:6d:
                    11:e3:a4:be:4f:ad:70:f4:53:ee:6d:97:22:e5:19:
                    0d:d6:a6:27:23:54:e6:6c:2c:36:78:13:49:49:c0:
                    bb:2c:93:3c:7d:cc:9a:f4:ed:77:31:f4:e9:65:aa:
                    fc:6b:2e:72:4c:b1:23:b3:85:46:f9:f4:ee:c5:25:
                    c8:0f:fb:5d:f3:5e:a4:f5:50:c4:8f:81:80:89:61:
                    6c:43:ea:ec:1a:ec:39:33:ad:cb:93:ff:67:16:bb:
                    1a:9e:32:64:75:76:73:82:e0:f8:a9:1f:5e:f3:9e:
                    df:b5:7b:ab:ad:f7:81:44:39:c7:c6:fe:47:68:74:
                    0f:47:72:14:87:cd:e5:fd:06:30:60:1a:f7:3d:5e:
                    f6:c6:80:75:d0:08:28:4f:3e:e1:88:ad:d6:a1:45:
                    8a:0a:03:85:09:13:34:d8:c8:fb:4a:7c:3e:6c:ae:
                    10:22:19:3e:76:96:90:fd:67:f9:93:b7:04:a2:d9:
                    fe:d7:0c:7b:1a:fb:a4:d7:01:b8:ea:76:38:5d:f8:
                    b2:95:7c:52:60:f9:0b:eb:8e:20:a3:1f:49:1c:93:
                    32:65:81:14:f1:0e:86:a9:b9:5d:5f:d2:13:c9:86:
                    06:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:80:20:1F:4E:83:77:60:00:9A:D9:8C:45:C5:FA:D8:C4:A6:BB:7D
            X509v3 Authority Key Identifier:
                keyid:D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/VYAgH06Dd2AAmtmMRcX62MSmu30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.147.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9f:b8:c1:58:c1:fb:90:33:30:cb:d1:b4:2c:0d:32:cf:71:
         d6:09:00:a2:f0:3b:d7:9f:f1:6d:7f:1a:04:2a:87:67:83:a2:
         51:33:aa:57:9f:5d:dd:3a:7f:79:88:63:6b:e7:ca:34:2a:40:
         9c:8d:27:98:73:0e:c6:69:a9:14:2b:e2:f7:e3:9b:0a:e6:ac:
         73:92:9b:69:9b:dc:be:39:c3:c1:fe:c3:63:d3:db:4b:24:dc:
         35:d0:7d:00:29:93:16:5f:88:a9:2f:90:d6:79:3e:ab:bf:3b:
         1a:88:79:70:e4:6e:d9:74:9b:b4:9b:f4:11:7b:49:78:e7:85:
         53:9c:8f:1b:dd:f7:c4:38:fa:d2:f5:de:d7:0a:5b:96:ac:c0:
         f8:22:57:1d:b5:9f:e7:42:0d:1a:35:51:0d:ce:24:f1:db:01:
         3a:f5:2d:a5:66:81:7f:62:53:cb:d7:92:0a:4f:09:20:7c:d9:
         c2:11:1d:22:43:26:6e:7e:f2:4e:98:e7:20:ea:70:d8:a8:3d:
         1a:d6:00:3c:17:80:5b:a7:f1:a7:d7:2f:9f:00:52:14:61:b6:
         49:0e:4f:87:1c:2b:c3:0f:58:6d:7e:b2:fe:90:1b:f0:81:84:
         9a:6b:a0:ac:c4:9e:93:53:2f:46:f2:b5:79:97:9d:7c:a5:f3:
         39:21:51:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2a4XdWO88juhHBSYcBF4gGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZDA2NzRiZDZmMGNjOTE3NTIxOWEzMjhjOGIzOTY4Mjlm
NmMwYWYwHhcNMjYwNDE3MDk1OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTgwMjAxZjRlODM3NzYwMDA5YWQ5OGM0NWM1ZmFkOGM0YTZiYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGsUYaGmASDZodIqGCkxn91U6Vae
CSNIm9hdSG0R46S+T61w9FPubZci5RkN1qYnI1TmbCw2eBNJScC7LJM8fcya9O13
MfTpZar8ay5yTLEjs4VG+fTuxSXID/td816k9VDEj4GAiWFsQ+rsGuw5M63Lk/9n
FrsanjJkdXZzguD4qR9e857ftXurrfeBRDnHxv5HaHQPR3IUh83l/QYwYBr3PV72
xoB10AgoTz7hiK3WoUWKCgOFCRM02Mj7Snw+bK4QIhk+dpaQ/Wf5k7cEotn+1wx7
Gvuk1wG46nY4XfiylXxSYPkL644gox9JHJMyZYEU8Q6GqbldX9ITyYYG/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWAIB9Og3dgAJrZjEXF+tjEprt9MB8GA1UdIwQY
MBaAFNfQZ0vW8MyRdSGaMoyLOWgp9sCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2It
ODIzMmZhM2U2MjlkLzEvVllBZ0gwNkRkMkFBbXRtTVJjWDYyTVNtdTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2ItODIzMmZhM2U2Mjlk
LzEvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZMiMA0G
CSqGSIb3DQEBCwUAA4IBAQAOn7jBWMH7kDMwy9G0LA0yz3HWCQCi8DvXn/FtfxoE
Kodng6JRM6pXn13dOn95iGNr58o0KkCcjSeYcw7GaakUK+L345sK5qxzkptpm9y+
OcPB/sNj09tLJNw10H0AKZMWX4ipL5DWeT6rvzsaiHlw5G7ZdJu0m/QRe0l454VT
nI8b3ffEOPrS9d7XCluWrMD4IlcdtZ/nQg0aNVENziTx2wE69S2lZoF/YlPL15IK
TwkgfNnCER0iQyZufvJOmOcg6nDYqD0a1gA8F4Bbp/Gn1y+fAFIUYbZJDk+HHCvD
D1htfrL+kBvwgYSaa6CsxJ6TUy9G8rV5l518pfM5IVEd
-----END CERTIFICATE-----