Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/KUDAYGIsT3CXoWuYxHO7vusuZwM.roa
File:                     KUDAYGIsT3CXoWuYxHO7vusuZwM.roa (raw, json)
Hash identifier:          04pcVXnvwMaNPBLFWogLi25UblwMiRGuELwew3PlXfA=
Subject key identifier:   29:40:C0:60:62:2C:4F:70:97:A1:6B:98:C4:73:BB:BE:EB:2E:67:03
Certificate issuer:       /CN=4aefcfed51ff158fbe68ccd60b7b39be5f3eae20
Certificate serial:       019B7BA348A0292607F95A7DFF6C7C69BDC4
Authority key identifier: 4A:EF:CF:ED:51:FF:15:8F:BE:68:CC:D6:0B:7B:39:BE:5F:3E:AE:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Su_P7VH_FY--aMzWC3s5vl8-riA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/KUDAYGIsT3CXoWuYxHO7vusuZwM.roa
Signing time:             Thu 01 Jan 2026 22:17:37 +0000
ROA not before:           Thu 01 Jan 2026 22:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39202
IP address blocks:        81.20.48.0/20 maxlen: 20
                          2a01:6000::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/Su_P7VH_FY--aMzWC3s5vl8-riA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/Su_P7VH_FY--aMzWC3s5vl8-riA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Su_P7VH_FY--aMzWC3s5vl8-riA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:48:a0:29:26:07:f9:5a:7d:ff:6c:7c:69:bd:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aefcfed51ff158fbe68ccd60b7b39be5f3eae20
        Validity
            Not Before: Jan  1 22:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2940c060622c4f7097a16b98c473bbbeeb2e6703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9f:87:6a:6f:fb:c0:92:dd:10:fc:1e:ad:3a:
                    b6:65:c9:e0:12:31:c9:38:2e:d7:fe:e4:b0:c0:cb:
                    2a:f3:26:c3:60:4d:65:c4:4c:92:3f:de:50:88:55:
                    48:8e:54:35:a5:36:c6:44:cf:c2:44:bc:de:8e:e6:
                    18:5d:a7:c5:1c:30:ea:a6:a5:47:a2:40:da:fa:79:
                    75:8a:7b:7c:6e:db:2f:b8:dd:24:70:b7:b1:ee:2f:
                    40:0f:42:ea:67:42:02:c5:f0:3b:65:e8:95:ac:21:
                    6d:8c:96:24:7d:da:f5:3a:a5:b9:b1:02:88:ab:14:
                    77:1b:36:c7:98:83:bf:66:e1:33:bc:6b:93:86:f8:
                    37:fa:b9:bd:01:69:74:99:5d:d9:6b:b6:f4:4b:da:
                    1d:7b:56:39:a8:8d:bd:6a:d1:d3:07:f0:9d:6c:33:
                    b6:b5:0f:b6:fe:df:81:14:22:12:2e:2e:0d:d0:de:
                    14:65:ca:59:30:23:71:0c:79:be:98:b8:86:cb:a0:
                    4b:eb:17:96:ad:87:de:1a:de:a6:fd:b2:1c:4f:79:
                    51:50:1a:2a:18:2f:2b:14:5d:4f:83:a7:d4:ce:98:
                    2f:50:03:de:d5:4b:90:5e:6b:d3:c3:92:bb:0b:f3:
                    a1:1e:47:9a:4d:56:37:3c:33:55:f7:9e:3b:54:8d:
                    14:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:40:C0:60:62:2C:4F:70:97:A1:6B:98:C4:73:BB:BE:EB:2E:67:03
            X509v3 Authority Key Identifier:
                keyid:4A:EF:CF:ED:51:FF:15:8F:BE:68:CC:D6:0B:7B:39:BE:5F:3E:AE:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Su_P7VH_FY--aMzWC3s5vl8-riA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/KUDAYGIsT3CXoWuYxHO7vusuZwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8e5576-33c8-4002-a437-db6671ac7672/1/Su_P7VH_FY--aMzWC3s5vl8-riA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.20.48.0/20
                IPv6:
                  2a01:6000::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:d5:5c:41:f5:aa:85:5a:60:bf:53:ba:bd:d3:52:30:29:91:
         ab:e0:b3:69:a6:7d:9a:08:48:54:c9:bf:dd:cf:4e:b9:1b:38:
         ee:17:a5:a0:6f:75:1f:ca:c3:f5:e4:39:05:80:cc:8b:52:d6:
         28:8e:3d:c1:d5:d7:77:c3:20:75:e4:0b:e2:03:39:0b:0b:dc:
         64:0a:69:f1:98:f7:40:aa:38:d0:e1:70:44:56:35:1a:c6:34:
         df:d8:9f:e1:b2:8a:d2:0d:d7:a8:b4:1c:0b:7f:40:7a:17:23:
         39:a0:aa:4b:66:d7:f7:6e:0b:4c:4b:03:0a:82:61:42:74:f6:
         06:35:b9:c9:23:1e:ed:d3:df:a0:91:6a:9f:a7:40:4d:3c:0b:
         e4:df:7d:26:48:37:e3:a3:39:16:73:51:c0:11:f5:5c:1c:6f:
         35:64:05:a1:2d:f5:8a:a2:54:3b:39:de:b0:b8:4b:c7:cb:76:
         82:64:20:eb:e7:bd:cd:5f:32:59:5d:1b:a1:c2:66:94:12:20:
         70:fb:72:0b:33:a4:3a:f3:51:8b:55:7b:db:3e:36:07:b9:e5:
         27:44:fd:c3:b2:74:35:be:04:e4:82:25:6b:77:f9:ad:75:46:
         c8:99:c6:ef:c3:61:19:ed:92:49:42:ab:d1:d8:22:56:1c:b4:
         bb:35:a1:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt7o0igKSYH+Vp9/2x8ab3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZWZjZmVkNTFmZjE1OGZiZTY4Y2NkNjBiN2IzOWJlNWYz
ZWFlMjAwHhcNMjYwMTAxMjIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQwYzA2MDYyMmM0ZjcwOTdhMTZiOThjNDczYmJiZWViMmU2NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZ+Ham/7wJLdEPwerTq2ZcngEjHJ
OC7X/uSwwMsq8ybDYE1lxEySP95QiFVIjlQ1pTbGRM/CRLzejuYYXafFHDDqpqVH
okDa+nl1int8btsvuN0kcLex7i9AD0LqZ0ICxfA7ZeiVrCFtjJYkfdr1OqW5sQKI
qxR3GzbHmIO/ZuEzvGuThvg3+rm9AWl0mV3Za7b0S9ode1Y5qI29atHTB/CdbDO2
tQ+2/t+BFCISLi4N0N4UZcpZMCNxDHm+mLiGy6BL6xeWrYfeGt6m/bIcT3lRUBoq
GC8rFF1Pg6fUzpgvUAPe1UuQXmvTw5K7C/OhHkeaTVY3PDNV9547VI0UZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFClAwGBiLE9wl6FrmMRzu77rLmcDMB8GA1UdIwQY
MBaAFErvz+1R/xWPvmjM1gt7Ob5fPq4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3VfUDdWSF9GWS0tYU16V0MzczV2bDgtcmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS84ZTU1NzYtMzNjOC00MDAyLWE0Mzct
ZGI2NjcxYWM3NjcyLzEvS1VEQVlHSXNUM0NYb1d1WXhITzd2dXN1WndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS84ZTU1NzYtMzNjOC00MDAyLWE0MzctZGI2NjcxYWM3Njcy
LzEvU3VfUDdWSF9GWS0tYU16V0MzczV2bDgtcmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEURQwMA0E
AgACMAcDBQAqAWAAMA0GCSqGSIb3DQEBCwUAA4IBAQAJ1VxB9aqFWmC/U7q901Iw
KZGr4LNppn2aCEhUyb/dz065GzjuF6Wgb3UfysP15DkFgMyLUtYojj3B1dd3wyB1
5AviAzkLC9xkCmnxmPdAqjjQ4XBEVjUaxjTf2J/hsorSDdeotBwLf0B6FyM5oKpL
Ztf3bgtMSwMKgmFCdPYGNbnJIx7t09+gkWqfp0BNPAvk330mSDfjozkWc1HAEfVc
HG81ZAWhLfWKolQ7Od6wuEvHy3aCZCDr573NXzJZXRuhwmaUEiBw+3ILM6Q681GL
VXvbPjYHueUnRP3DsnQ1vgTkgiVrd/mtdUbImcbvw2EZ7ZJJQqvR2CJWHLS7NaHl
-----END CERTIFICATE-----