Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Da4_S4SNOtv4x_AyFwLO2iZ2NTk.roa
File:                     Da4_S4SNOtv4x_AyFwLO2iZ2NTk.roa (raw, json)
Hash identifier:          xJscPnkxP4a5FF40dHDyxZzM/Ukqt+kncsmZfw6FDtk=
Subject key identifier:   0D:AE:3F:4B:84:8D:3A:DB:F8:C7:F0:32:17:02:CE:DA:26:76:35:39
Certificate issuer:       /CN=36ea22f04b94078aae015e00957b273ff038cf12
Certificate serial:       019D3D943BAF9178417A7B754FF83B4EE000
Authority key identifier: 36:EA:22:F0:4B:94:07:8A:AE:01:5E:00:95:7B:27:3F:F0:38:CF:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nuoi8EuUB4quAV4AlXsnP_A4zxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Da4_S4SNOtv4x_AyFwLO2iZ2NTk.roa
Signing time:             Mon 30 Mar 2026 07:10:17 +0000
ROA not before:           Mon 30 Mar 2026 07:10:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212000
IP address blocks:        185.244.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Nuoi8EuUB4quAV4AlXsnP_A4zxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Nuoi8EuUB4quAV4AlXsnP_A4zxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nuoi8EuUB4quAV4AlXsnP_A4zxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3d:94:3b:af:91:78:41:7a:7b:75:4f:f8:3b:4e:e0:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36ea22f04b94078aae015e00957b273ff038cf12
        Validity
            Not Before: Mar 30 07:10:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dae3f4b848d3adbf8c7f0321702ceda26763539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:61:a5:0d:b7:28:4c:eb:23:e0:dd:2d:d4:f3:
                    a8:45:f4:05:d4:8d:44:b1:89:1b:72:1d:d3:17:41:
                    b5:18:06:fa:7e:50:12:60:68:98:8e:47:f3:4e:f1:
                    81:be:86:24:e4:35:a9:36:be:9a:fb:b9:33:fa:23:
                    ca:11:9a:4a:b2:9b:c3:28:ff:fb:79:06:9b:8f:ba:
                    a3:b4:2c:14:8d:a4:4d:fc:2f:c4:c0:78:3e:00:ff:
                    bf:2f:a2:e2:61:62:bc:d8:e5:46:77:b0:e6:70:36:
                    dd:35:a7:a6:71:54:d8:f8:a9:df:a5:8c:6b:6f:15:
                    0a:80:f8:c7:e2:d8:47:20:a9:13:ef:f4:79:2c:5f:
                    81:82:dd:87:c2:f9:2b:f0:d9:89:3e:5f:ff:67:38:
                    ea:0b:85:62:a5:f3:9c:aa:e8:11:8b:e7:75:5c:d1:
                    37:02:99:5a:07:b6:8d:6f:f4:6d:9a:4d:5b:e6:0e:
                    f1:90:77:02:56:2b:85:13:78:b5:ab:df:95:73:1e:
                    b7:61:27:37:e4:ab:0f:4f:2b:02:42:98:8d:a5:62:
                    37:40:56:4f:d8:20:e4:64:4b:ce:0c:36:08:ea:99:
                    d6:7c:6a:68:69:f0:4f:5c:8b:6f:46:0f:df:6d:4a:
                    d2:7e:40:9d:a4:da:65:00:fb:98:e6:a7:75:63:ff:
                    ac:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AE:3F:4B:84:8D:3A:DB:F8:C7:F0:32:17:02:CE:DA:26:76:35:39
            X509v3 Authority Key Identifier:
                keyid:36:EA:22:F0:4B:94:07:8A:AE:01:5E:00:95:7B:27:3F:F0:38:CF:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nuoi8EuUB4quAV4AlXsnP_A4zxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Da4_S4SNOtv4x_AyFwLO2iZ2NTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f3bfcf-b0cd-45f1-ae9e-5c3f76d11607/1/Nuoi8EuUB4quAV4AlXsnP_A4zxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:87:77:aa:ea:2b:8e:fa:dc:1a:71:46:f4:bf:df:ce:90:5b:
         fb:10:50:af:0a:18:e2:35:d9:76:18:65:24:32:12:fc:ee:ed:
         e1:bb:cf:74:a3:e0:af:f4:70:90:fc:1a:6a:45:27:d3:ba:9d:
         02:ca:e6:6a:af:1b:94:e1:d0:e0:d6:78:8e:65:f6:b1:72:04:
         dd:4a:f3:59:4b:03:a6:9f:6d:a2:27:d1:07:fa:c5:6c:59:0e:
         16:fd:87:57:49:18:30:25:8b:fc:e9:43:16:d9:84:63:0c:91:
         e6:11:ef:91:de:61:5f:03:6a:3e:3e:38:4a:34:77:df:fc:e9:
         33:6c:1c:7f:86:32:ec:bb:2c:f4:d9:65:2f:9d:95:71:d3:e1:
         55:41:86:3f:59:de:e1:ca:83:eb:d4:8a:60:53:49:56:ef:06:
         0d:4d:93:ab:91:f7:ab:25:99:17:f0:4e:94:0a:4a:d4:5f:32:
         40:97:94:5c:03:b4:10:b3:5c:d2:cb:3c:74:91:1c:b0:93:57:
         89:e1:76:c9:af:bf:ee:94:7e:d0:bd:b9:b8:85:ae:a2:8c:1e:
         87:cd:0c:c8:95:1b:e2:62:a9:7e:68:00:a5:59:1b:55:9c:73:
         1c:2c:f9:65:64:8d:db:64:d1:25:7e:4e:e0:73:35:63:47:85:
         29:83:1e:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ09lDuvkXhBent1T/g7TuAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZWEyMmYwNGI5NDA3OGFhZTAxNWUwMDk1N2IyNzNmZjAz
OGNmMTIwHhcNMjYwMzMwMDcxMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFlM2Y0Yjg0OGQzYWRiZjhjN2YwMzIxNzAyY2VkYTI2NzYzNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGGlDbcoTOsj4N0t1POoRfQF1I1E
sYkbch3TF0G1GAb6flASYGiYjkfzTvGBvoYk5DWpNr6a+7kz+iPKEZpKspvDKP/7
eQabj7qjtCwUjaRN/C/EwHg+AP+/L6LiYWK82OVGd7DmcDbdNaemcVTY+KnfpYxr
bxUKgPjH4thHIKkT7/R5LF+Bgt2Hwvkr8NmJPl//ZzjqC4VipfOcqugRi+d1XNE3
AplaB7aNb/Rtmk1b5g7xkHcCViuFE3i1q9+Vcx63YSc35KsPTysCQpiNpWI3QFZP
2CDkZEvODDYI6pnWfGpoafBPXItvRg/fbUrSfkCdpNplAPuY5qd1Y/+soQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2uP0uEjTrb+MfwMhcCztomdjU5MB8GA1UdIwQY
MBaAFDbqIvBLlAeKrgFeAJV7Jz/wOM8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVvaThFdVVCNHF1QVY0QWxYc25QX0E0enhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mM2JmY2YtYjBjZC00NWYxLWFlOWUt
NWMzZjc2ZDExNjA3LzEvRGE0X1M0U05PdHY0eF9BeUZ3TE8yaVoyTlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mM2JmY2YtYjBjZC00NWYxLWFlOWUtNWMzZjc2ZDExNjA3
LzEvTnVvaThFdVVCNHF1QVY0QWxYc25QX0E0enhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQcMA0G
CSqGSIb3DQEBCwUAA4IBAQCUh3eq6iuO+twacUb0v9/OkFv7EFCvChjiNdl2GGUk
MhL87u3hu890o+Cv9HCQ/BpqRSfTup0CyuZqrxuU4dDg1niOZfaxcgTdSvNZSwOm
n22iJ9EH+sVsWQ4W/YdXSRgwJYv86UMW2YRjDJHmEe+R3mFfA2o+PjhKNHff/Okz
bBx/hjLsuyz02WUvnZVx0+FVQYY/Wd7hyoPr1IpgU0lW7wYNTZOrkferJZkX8E6U
CkrUXzJAl5RcA7QQs1zSyzx0kRywk1eJ4XbJr7/ulH7Qvbm4ha6ijB6HzQzIlRvi
Yql+aAClWRtVnHMcLPllZI3bZNElfk7gczVjR4Upgx5F
-----END CERTIFICATE-----