Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/vNu-_Ags0P3lFhRpGUL0_gAMyt0.roa
File:                     vNu-_Ags0P3lFhRpGUL0_gAMyt0.roa (raw, json)
Hash identifier:          XyZAVOk//yLK+Q1NDb1vY7xGa6GhXOkekxx56xvTGy8=
Subject key identifier:   BC:DB:BE:FC:08:2C:D0:FD:E5:16:14:69:19:42:F4:FE:00:0C:CA:DD
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019D29E180D0F0743B74BA27214472C8163A
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/vNu-_Ags0P3lFhRpGUL0_gAMyt0.roa
Signing time:             Thu 26 Mar 2026 11:22:17 +0000
ROA not before:           Thu 26 Mar 2026 11:22:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        45.83.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:e1:80:d0:f0:74:3b:74:ba:27:21:44:72:c8:16:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Mar 26 11:22:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcdbbefc082cd0fde51614691942f4fe000ccadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:59:bd:af:c5:41:bb:b8:47:4b:7b:d5:f5:87:
                    18:ea:f8:2a:2b:ab:a3:11:27:be:e2:05:7f:e4:9a:
                    1a:b1:ac:e8:8e:ac:19:24:5b:78:75:0b:e4:c3:3f:
                    e6:75:82:87:86:dd:3e:28:37:8a:b3:19:a2:9a:7b:
                    2c:81:37:06:be:53:1a:4d:03:22:c0:29:c1:95:0e:
                    62:20:e3:5d:cf:c4:da:c0:07:83:f9:41:84:37:62:
                    ef:a9:d4:5a:b2:6d:c4:8c:82:ab:a0:e7:a5:9d:75:
                    63:b1:8c:1e:a2:e6:a6:78:20:de:42:d6:86:06:01:
                    a7:18:47:ea:62:74:e0:f8:5e:07:b5:af:59:28:a8:
                    94:4a:d6:1c:f9:23:6d:6e:62:e6:c8:d0:2e:da:8c:
                    59:d6:25:28:d0:e5:15:dc:85:80:1b:a9:12:ac:c6:
                    dc:23:53:a7:f4:3b:53:23:60:4c:4d:5b:e9:85:96:
                    69:e9:5b:55:9a:1b:f6:c7:f5:81:a7:69:84:36:96:
                    b0:3c:34:1e:af:8b:57:67:1a:49:a0:b9:44:ed:9e:
                    f7:52:59:b3:15:c4:84:aa:37:19:ae:70:80:f1:6d:
                    8e:db:51:18:58:6e:f5:6b:91:27:27:b0:1a:e0:f9:
                    0d:33:e9:66:fd:5b:4a:ef:0f:8b:5c:41:ba:34:d9:
                    6a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DB:BE:FC:08:2C:D0:FD:E5:16:14:69:19:42:F4:FE:00:0C:CA:DD
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/vNu-_Ags0P3lFhRpGUL0_gAMyt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:f3:09:b0:1d:92:b7:6f:fb:38:6d:0c:3f:a5:e2:09:b3:5e:
         0c:38:67:0c:ae:ab:23:0d:16:8b:88:e0:75:98:f2:90:fd:28:
         34:8b:dd:7e:7b:a5:e2:54:96:18:73:87:c3:65:f4:bc:1e:f6:
         81:11:c3:bc:e8:df:8a:2f:9f:e7:8f:b1:dd:50:a2:47:3c:dc:
         1b:3a:28:47:7c:8c:4a:bd:7c:c7:a5:ba:a9:b8:20:be:44:e8:
         86:3b:b7:b3:88:ad:15:7e:97:a7:cb:4e:3d:0a:3b:62:82:ca:
         c1:02:db:a4:d0:cd:d8:c2:a0:18:d9:24:93:d7:a9:e7:0a:a3:
         f3:ed:e6:ce:8e:2d:b0:4e:3b:87:af:17:87:cc:47:49:d6:4e:
         21:29:6c:14:ad:be:9e:85:09:77:03:26:1c:50:5d:da:e7:9e:
         a7:23:bd:1d:2d:d5:1c:10:a5:8f:6d:27:92:14:9d:c8:03:45:
         ab:fc:ab:0c:ce:5f:38:fe:57:fa:88:7f:9d:8b:ac:d7:ce:07:
         ab:85:96:00:f5:95:0d:82:39:08:e7:e6:e0:e9:42:81:4e:c9:
         64:6a:0d:75:03:0f:68:11:68:81:43:28:c1:de:ac:b8:d7:56:
         c0:da:be:68:4a:a7:35:70:d3:be:2e:6e:ee:fc:ab:a8:ad:b3:
         5b:e2:29:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0p4YDQ8HQ7dLonIURyyBY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwMzI2MTEyMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RiYmVmYzA4MmNkMGZkZTUxNjE0NjkxOTQyZjRmZTAwMGNjYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1m9r8VBu7hHS3vV9YcY6vgqK6uj
ESe+4gV/5JoasazojqwZJFt4dQvkwz/mdYKHht0+KDeKsxmimnssgTcGvlMaTQMi
wCnBlQ5iIONdz8TawAeD+UGEN2LvqdRasm3EjIKroOelnXVjsYweouameCDeQtaG
BgGnGEfqYnTg+F4Hta9ZKKiUStYc+SNtbmLmyNAu2oxZ1iUo0OUV3IWAG6kSrMbc
I1On9DtTI2BMTVvphZZp6VtVmhv2x/WBp2mENpawPDQer4tXZxpJoLlE7Z73Ulmz
FcSEqjcZrnCA8W2O21EYWG71a5EnJ7Aa4PkNM+lm/VtK7w+LXEG6NNlqywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzbvvwILND95RYUaRlC9P4ADMrdMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvdk51LV9BZ3MwUDNsRmhScEdVTDBfZ0FNeXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQBm8wmwHZK3b/s4bQw/peIJs14MOGcMrqsjDRaLiOB1
mPKQ/Sg0i91+e6XiVJYYc4fDZfS8HvaBEcO86N+KL5/nj7HdUKJHPNwbOihHfIxK
vXzHpbqpuCC+ROiGO7eziK0Vfpeny049CjtigsrBAtuk0M3YwqAY2SST16nnCqPz
7ebOji2wTjuHrxeHzEdJ1k4hKWwUrb6ehQl3AyYcUF3a556nI70dLdUcEKWPbSeS
FJ3IA0Wr/KsMzl84/lf6iH+di6zXzgerhZYA9ZUNgjkI5+bg6UKBTslkag11Aw9o
EWiBQyjB3qy411bA2r5oSqc1cNO+Lm7u/KuorbNb4ilD
-----END CERTIFICATE-----