Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/2VV3UfnItu_52uvF-k4DMpk1zjA.roa
File:                     2VV3UfnItu_52uvF-k4DMpk1zjA.roa (raw, json)
Hash identifier:          yurroUcvCQ0iRkkkr4yuxcK5LcAIk00+8chFnaavckE=
Subject key identifier:   D9:55:77:51:F9:C8:B6:EF:F9:DA:EB:C5:FA:4E:03:32:99:35:CE:30
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019CDEA0DF98F558120F5989EF06ABE76C1C
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/2VV3UfnItu_52uvF-k4DMpk1zjA.roa
Signing time:             Wed 11 Mar 2026 20:40:10 +0000
ROA not before:           Wed 11 Mar 2026 20:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399486
IP address blocks:        185.56.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:a0:df:98:f5:58:12:0f:59:89:ef:06:ab:e7:6c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar 11 20:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9557751f9c8b6eff9daebc5fa4e03329935ce30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a3:dd:9d:62:29:1a:ed:65:45:4c:47:81:3d:
                    fb:c8:56:72:fa:d3:7e:4b:47:e2:34:1f:a3:9a:76:
                    a4:f9:c8:b7:c6:a9:36:9d:e3:7a:c6:81:71:2d:92:
                    c7:5b:86:f0:9c:bf:63:33:ac:9b:41:37:24:76:e9:
                    81:0f:54:e8:89:6c:50:ce:83:d1:6f:62:d7:d9:f1:
                    76:06:a6:5b:66:4c:1a:81:b5:5d:c9:55:82:c6:07:
                    58:c0:72:7d:67:f9:27:a0:6d:6d:0c:30:18:e8:2d:
                    75:64:d2:bc:94:da:e0:ed:25:df:df:72:e4:b1:a0:
                    c8:f0:de:9d:27:d7:72:4e:17:4c:26:bc:39:f9:e7:
                    43:4d:d8:a3:ff:8a:23:81:fb:e0:b8:b2:de:21:fe:
                    73:47:82:cc:53:ac:20:4f:99:0d:57:5c:da:64:00:
                    01:21:02:b4:76:33:82:d0:21:fa:24:35:d6:ab:2e:
                    52:dc:a3:f4:85:bb:df:4c:99:7f:a1:64:41:29:ae:
                    f2:e5:dd:5d:7c:28:a6:6b:b7:1a:c1:af:67:a1:5e:
                    7f:c8:47:51:0d:76:11:bc:fe:12:4f:9c:58:aa:d2:
                    bb:3b:08:8f:d8:81:22:2f:b6:fc:04:23:e9:69:b9:
                    8b:38:77:96:87:e8:1a:6a:c1:fb:a2:76:ea:34:fc:
                    9c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:55:77:51:F9:C8:B6:EF:F9:DA:EB:C5:FA:4E:03:32:99:35:CE:30
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/2VV3UfnItu_52uvF-k4DMpk1zjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:35:eb:c4:b4:47:4b:86:8e:99:8e:9a:35:27:90:42:1e:fb:
         30:5c:d7:8f:b5:99:4c:3b:3d:63:f7:97:0f:de:51:de:a7:e2:
         45:4f:ee:3d:97:15:69:c5:16:ce:0a:47:87:2c:fb:c5:7a:9f:
         56:4b:16:cf:66:8c:84:ce:58:09:6b:a7:39:93:2f:36:61:96:
         be:33:ac:0c:b9:4d:bf:48:9c:f4:0a:94:08:b6:7c:ce:77:d0:
         7e:3e:0e:02:af:3b:c0:65:ae:00:eb:1a:48:44:6f:51:26:1c:
         75:cc:18:51:54:45:52:fa:f3:e3:38:9a:7f:dc:7c:a5:35:e9:
         ca:77:e4:a1:cc:33:8d:70:2a:84:3c:ec:b3:2a:60:46:7b:88:
         87:e2:b9:c4:76:11:d3:f5:b5:43:1b:a4:cb:be:c7:d0:71:ed:
         99:3d:bf:ba:28:da:9f:75:0a:66:65:d3:7e:3c:7f:e1:8d:c0:
         91:7c:92:2e:c1:20:b5:9f:ec:c6:13:6d:79:97:9b:c7:ab:47:
         2a:c6:ea:c4:ff:bb:c3:e9:a3:20:d2:e4:40:fa:b3:86:41:1e:
         54:f8:f0:cd:8a:4b:69:f2:8c:54:67:b7:09:92:b9:1f:37:2c:
         13:33:83:c4:aa:d4:7c:e0:3c:56:5c:9b:e4:08:50:76:ad:f6:
         87:5c:89:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzeoN+Y9VgSD1mJ7war52wcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzExMjA0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTU1Nzc1MWY5YzhiNmVmZjlkYWViYzVmYTRlMDMzMjk5MzVjZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KPdnWIpGu1lRUxHgT37yFZy+tN+
S0fiNB+jmnak+ci3xqk2neN6xoFxLZLHW4bwnL9jM6ybQTckdumBD1ToiWxQzoPR
b2LX2fF2BqZbZkwagbVdyVWCxgdYwHJ9Z/knoG1tDDAY6C11ZNK8lNrg7SXf33Lk
saDI8N6dJ9dyThdMJrw5+edDTdij/4ojgfvguLLeIf5zR4LMU6wgT5kNV1zaZAAB
IQK0djOC0CH6JDXWqy5S3KP0hbvfTJl/oWRBKa7y5d1dfCima7cawa9noV5/yEdR
DXYRvP4ST5xYqtK7OwiP2IEiL7b8BCPpabmLOHeWh+gaasH7onbqNPycKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlVd1H5yLbv+drrxfpOAzKZNc4wMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvMlZWM1Vmbkl0dV81MnV2Ri1rNERNcGsxempBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTgtMA0G
CSqGSIb3DQEBCwUAA4IBAQAiNevEtEdLho6Zjpo1J5BCHvswXNePtZlMOz1j95cP
3lHep+JFT+49lxVpxRbOCkeHLPvFep9WSxbPZoyEzlgJa6c5ky82YZa+M6wMuU2/
SJz0CpQItnzOd9B+Pg4CrzvAZa4A6xpIRG9RJhx1zBhRVEVS+vPjOJp/3HylNenK
d+ShzDONcCqEPOyzKmBGe4iH4rnEdhHT9bVDG6TLvsfQce2ZPb+6KNqfdQpmZdN+
PH/hjcCRfJIuwSC1n+zGE215l5vHq0cqxurE/7vD6aMg0uRA+rOGQR5U+PDNiktp
8oxUZ7cJkrkfNywTM4PEqtR84DxWXJvkCFB2rfaHXInJ
-----END CERTIFICATE-----