Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/EsY81cqV2uE-gTNVzR__YUa6Ke0.roa
File:                     EsY81cqV2uE-gTNVzR__YUa6Ke0.roa (raw, json)
Hash identifier:          e3XGs0Z4ig4tS4OcggclbKBdRHS5/fr05nyiyyt/zmo=
Subject key identifier:   12:C6:3C:D5:CA:95:DA:E1:3E:81:33:55:CD:1F:FF:61:46:BA:29:ED
Certificate issuer:       /CN=edfffb3c661e2f78a5785be95916044b06af51d2
Certificate serial:       019D433E6C33DCBC60A20089669C9646E772
Authority key identifier: ED:FF:FB:3C:66:1E:2F:78:A5:78:5B:E9:59:16:04:4B:06:AF:51:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/EsY81cqV2uE-gTNVzR__YUa6Ke0.roa
Signing time:             Tue 31 Mar 2026 09:34:17 +0000
ROA not before:           Tue 31 Mar 2026 09:34:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3292
IP address blocks:        5.182.128.0/24 maxlen: 24
                          5.182.129.0/24 maxlen: 24
                          193.163.40.0/23 maxlen: 23
                          193.163.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:3e:6c:33:dc:bc:60:a2:00:89:66:9c:96:46:e7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edfffb3c661e2f78a5785be95916044b06af51d2
        Validity
            Not Before: Mar 31 09:34:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12c63cd5ca95dae13e813355cd1fff6146ba29ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:62:67:65:dc:4c:9c:30:73:ef:ec:e1:11:b6:
                    cc:b7:d5:e7:53:b3:5e:5c:2c:41:32:65:25:0b:c4:
                    0b:9d:f6:d2:7e:7e:7e:38:29:0d:4d:c5:e3:3c:36:
                    06:56:27:ce:9e:36:c5:cc:12:ff:e4:77:f2:c8:20:
                    b5:a2:6a:22:99:b5:24:c2:ec:ce:4b:ce:57:53:9e:
                    d2:c0:93:a5:79:f0:b3:b7:f0:5c:33:46:f5:6f:c4:
                    6e:92:fb:03:66:d5:25:d9:b2:0e:4f:b9:43:fc:77:
                    0a:85:db:72:bf:a4:7c:f9:ae:69:74:e0:e2:10:7b:
                    b0:f0:17:95:af:25:5f:02:1d:ce:65:17:79:ae:7a:
                    b1:72:4b:a3:f0:0a:61:4a:40:3b:1f:77:c4:be:2f:
                    95:a3:ca:37:2f:c9:b0:45:1d:88:df:3f:2d:37:85:
                    16:12:9c:a7:a5:e0:30:3e:94:00:61:87:5a:d4:a9:
                    a3:d6:8c:75:4e:06:b2:96:2c:4c:ad:c2:28:d3:98:
                    2d:3b:9b:75:e1:ba:28:98:54:2b:4b:4f:f0:0f:cb:
                    68:6f:b0:8c:52:fc:62:c0:ba:59:17:dd:bc:6e:57:
                    cd:a6:cd:ba:9a:a0:ea:27:61:2c:49:4a:99:d0:91:
                    df:97:74:7b:ce:03:01:d7:be:06:42:0e:83:48:c0:
                    27:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C6:3C:D5:CA:95:DA:E1:3E:81:33:55:CD:1F:FF:61:46:BA:29:ED
            X509v3 Authority Key Identifier:
                keyid:ED:FF:FB:3C:66:1E:2F:78:A5:78:5B:E9:59:16:04:4B:06:AF:51:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/EsY81cqV2uE-gTNVzR__YUa6Ke0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.128.0/23
                  193.163.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:9c:47:31:7e:91:6e:81:9a:15:a9:c1:49:dd:bb:aa:7a:c8:
         fe:ec:41:23:c9:05:ce:e4:2b:32:ae:dd:55:5f:d0:a0:01:73:
         76:9c:fc:86:e2:13:04:7c:65:56:1d:a3:52:eb:6a:af:2c:00:
         bf:dc:4e:3f:e8:10:46:b8:4e:ef:74:39:8b:20:0e:bc:62:d3:
         29:de:63:db:b1:53:b6:c4:33:e7:d8:4e:93:1d:18:5e:f5:f5:
         3b:bb:ba:2e:25:68:01:ff:69:c2:a5:e9:1a:af:35:32:06:f3:
         bb:58:c3:ee:f9:c4:0c:b2:a2:31:a8:86:69:26:91:eb:a0:4e:
         86:9d:b3:3b:0a:c1:ca:c0:a0:13:85:5a:92:62:88:e0:b9:66:
         8e:45:56:11:e3:40:ae:ec:f3:aa:1d:91:2c:4e:3f:fb:17:44:
         d6:76:c0:74:d6:af:09:44:85:6b:bf:76:bf:ec:19:dc:68:28:
         8a:ca:7b:ff:35:0c:e6:85:0e:ad:63:a5:83:e3:ec:9c:c1:af:
         f8:6a:f5:d1:94:06:89:1a:51:2d:13:d9:d1:41:7f:00:4e:f3:
         bf:1b:0e:c5:d0:df:f3:c1:ca:b7:bf:36:c2:61:cf:b1:dc:4c:
         69:1a:38:70:43:a1:cf:be:16:6d:20:5f:77:cf:7d:87:1f:c1:
         4b:f1:cc:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1DPmwz3LxgogCJZpyWRudyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZmZmYjNjNjYxZTJmNzhhNTc4NWJlOTU5MTYwNDRiMDZh
ZjUxZDIwHhcNMjYwMzMxMDkzNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM2M2NkNWNhOTVkYWUxM2U4MTMzNTVjZDFmZmY2MTQ2YmEyOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWJnZdxMnDBz7+zhEbbMt9XnU7Ne
XCxBMmUlC8QLnfbSfn5+OCkNTcXjPDYGVifOnjbFzBL/5HfyyCC1omoimbUkwuzO
S85XU57SwJOlefCzt/BcM0b1b8RukvsDZtUl2bIOT7lD/HcKhdtyv6R8+a5pdODi
EHuw8BeVryVfAh3OZRd5rnqxckuj8AphSkA7H3fEvi+Vo8o3L8mwRR2I3z8tN4UW
EpynpeAwPpQAYYda1Kmj1ox1TgaylixMrcIo05gtO5t14boomFQrS0/wD8tob7CM
UvxiwLpZF928blfNps26mqDqJ2EsSUqZ0JHfl3R7zgMB174GQg6DSMAn4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBLGPNXKldrhPoEzVc0f/2FGuintMB8GA1UdIwQY
MBaAFO3/+zxmHi94pXhb6VkWBEsGr1HSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2ZfN1BHWWVMM2lsZUZ2cFdSWUVTd2F2VWRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hMzhlNGYtNGQxMC00YjlmLThmMmYt
YTk4OTM1NDVjM2M1LzEvRXNZODFjcVYydUUtZ1ROVnpSX19ZVWE2S2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hMzhlNGYtNGQxMC00YjlmLThmMmYtYTk4OTM1NDVjM2M1
LzEvN2ZfN1BHWWVMM2lsZUZ2cFdSWUVTd2F2VWRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBbaAAwQB
waMoMA0GCSqGSIb3DQEBCwUAA4IBAQBtnEcxfpFugZoVqcFJ3buqesj+7EEjyQXO
5Csyrt1VX9CgAXN2nPyG4hMEfGVWHaNS62qvLAC/3E4/6BBGuE7vdDmLIA68YtMp
3mPbsVO2xDPn2E6THRhe9fU7u7ouJWgB/2nCpekarzUyBvO7WMPu+cQMsqIxqIZp
JpHroE6GnbM7CsHKwKAThVqSYojguWaORVYR40Cu7POqHZEsTj/7F0TWdsB01q8J
RIVrv3a/7BncaCiKynv/NQzmhQ6tY6WD4+ycwa/4avXRlAaJGlEtE9nRQX8ATvO/
Gw7F0N/zwcq3vzbCYc+x3ExpGjhwQ6HPvhZtIF93z32HH8FL8cy/
-----END CERTIFICATE-----