Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/kQp_ZLe15Zu0M6kNuE6RUIpLUlY.roa
File:                     kQp_ZLe15Zu0M6kNuE6RUIpLUlY.roa (raw, json)
Hash identifier:          7PWI3K79oOniAkWfGGFPuJUr+xMaJSAED92LF0a6Q2E=
Subject key identifier:   91:0A:7F:64:B7:B5:E5:9B:B4:33:A9:0D:B8:4E:91:50:8A:4B:52:56
Certificate issuer:       /CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Certificate serial:       019CD75AB0B9949CA74FEA443A2AB63ABC93
Authority key identifier: 8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/kQp_ZLe15Zu0M6kNuE6RUIpLUlY.roa
Signing time:             Tue 10 Mar 2026 10:46:10 +0000
ROA not before:           Tue 10 Mar 2026 10:46:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        45.91.44.0/24 maxlen: 24
                          45.128.172.0/24 maxlen: 24
                          45.128.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:5a:b0:b9:94:9c:a7:4f:ea:44:3a:2a:b6:3a:bc:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
        Validity
            Not Before: Mar 10 10:46:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=910a7f64b7b5e59bb433a90db84e91508a4b5256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a4:b6:9c:87:e8:89:be:c2:e5:42:9f:ef:4d:
                    4d:1c:17:a8:c0:f3:ba:74:f9:54:60:06:c1:cd:cd:
                    c4:cc:4b:f7:c4:03:03:66:44:e9:6a:82:b2:c2:b4:
                    2c:69:e3:3c:eb:67:f2:84:7b:38:89:fc:e0:e5:40:
                    cd:e3:53:b2:2d:6d:5f:ba:b0:8c:9e:1f:47:56:59:
                    1d:06:a3:48:4c:d4:b7:37:1d:76:82:8d:14:a0:cc:
                    d0:d9:fe:7a:77:25:10:8b:e9:05:d7:48:f3:13:34:
                    ef:46:6a:43:bb:2a:90:f0:87:93:ac:44:b4:8d:1e:
                    c9:52:ee:53:d6:8e:9a:7d:9b:57:c7:ba:f2:bf:c0:
                    06:46:6d:21:9e:0b:3c:9c:c5:24:03:81:26:a2:85:
                    f5:b7:5b:36:f2:5c:99:8e:18:75:4e:a2:a2:24:44:
                    08:cb:39:32:bc:b7:c6:b2:fb:c9:cd:d8:4b:f4:e6:
                    7a:1c:b7:6c:0f:67:bd:a1:f3:b9:f6:37:50:68:d7:
                    6e:ea:12:ee:8d:fc:da:e1:eb:94:47:46:5e:96:77:
                    e9:ea:fd:a8:91:11:aa:27:25:8b:67:34:66:dc:6e:
                    f6:ba:fb:19:57:70:81:e0:cd:09:fa:5c:51:5b:a6:
                    5c:a3:b4:2d:89:e2:b6:41:39:93:f3:75:13:16:49:
                    6c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0A:7F:64:B7:B5:E5:9B:B4:33:A9:0D:B8:4E:91:50:8A:4B:52:56
            X509v3 Authority Key Identifier:
                keyid:8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/kQp_ZLe15Zu0M6kNuE6RUIpLUlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.44.0/24
                  45.128.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:fc:47:5f:17:10:f2:2e:ec:3f:69:ec:92:8a:76:ba:ef:d8:
         c6:82:44:bc:7c:95:94:9a:ce:8f:c3:c4:66:1f:85:a1:ea:fa:
         10:4d:bc:c6:bc:69:78:7d:11:12:15:ef:25:f2:5e:d3:ce:4d:
         3b:cb:3c:a0:78:55:a5:d9:a8:02:a8:ac:ac:fc:70:6c:56:34:
         1c:63:06:55:3b:9d:8b:37:7b:93:f7:46:e4:ec:91:00:8d:65:
         6c:a1:33:99:1e:89:db:d0:f1:26:a5:69:ed:2a:0e:1e:f5:2b:
         fa:84:15:8c:65:be:ec:d9:59:c9:58:f7:a0:17:04:6e:76:9d:
         cb:e9:f7:ef:0d:76:fe:1c:e0:ab:db:5c:e3:85:4a:9a:e7:c1:
         f8:d8:f8:e6:b6:2b:0a:e3:53:f8:e5:fe:e9:a2:9c:c8:93:31:
         6e:8c:c2:f8:6f:60:02:4b:b6:24:20:19:c9:3c:ed:37:3d:be:
         73:b6:e7:64:7e:17:c9:07:8a:df:d1:e0:f1:bc:37:ca:d6:a0:
         c8:6e:f7:6e:bc:79:ca:e4:63:ea:90:f6:13:86:74:06:21:b8:
         8b:5e:81:17:86:1b:28:fc:eb:91:05:2b:1d:5b:be:60:1c:22:
         30:f3:1a:93:58:50:ae:c3:d8:d8:f7:af:00:01:0f:11:52:52:
         a4:67:ac:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzXWrC5lJynT+pEOiq2OryTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiN2Y4MWE2ZTc4MmUyMTExODljNGYzNGU0NTliNDIyNmM3
NWY0YTYwHhcNMjYwMzEwMTA0NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBhN2Y2NGI3YjVlNTliYjQzM2E5MGRiODRlOTE1MDhhNGI1MjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36S2nIfoib7C5UKf701NHBeowPO6
dPlUYAbBzc3EzEv3xAMDZkTpaoKywrQsaeM862fyhHs4ifzg5UDN41OyLW1furCM
nh9HVlkdBqNITNS3Nx12go0UoMzQ2f56dyUQi+kF10jzEzTvRmpDuyqQ8IeTrES0
jR7JUu5T1o6afZtXx7ryv8AGRm0hngs8nMUkA4EmooX1t1s28lyZjhh1TqKiJEQI
yzkyvLfGsvvJzdhL9OZ6HLdsD2e9ofO59jdQaNdu6hLujfza4euUR0Zelnfp6v2o
kRGqJyWLZzRm3G72uvsZV3CB4M0J+lxRW6Zco7QtieK2QTmT83UTFklsbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJEKf2S3teWbtDOpDbhOkVCKS1JWMB8GA1UdIwQY
MBaAFIt/gabnguIRGJxPNORZtCJsdfSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUt
ZjJmNDI2ZWZlMDM5LzEva1FwX1pMZTE1WnUwTTZrTnVFNlJVSXBMVWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUtZjJmNDI2ZWZlMDM5
LzEvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVssAwQB
LYCsMA0GCSqGSIb3DQEBCwUAA4IBAQCt/EdfFxDyLuw/aeySina679jGgkS8fJWU
ms6Pw8RmH4Wh6voQTbzGvGl4fRESFe8l8l7Tzk07yzygeFWl2agCqKys/HBsVjQc
YwZVO52LN3uT90bk7JEAjWVsoTOZHonb0PEmpWntKg4e9Sv6hBWMZb7s2VnJWPeg
FwRudp3L6ffvDXb+HOCr21zjhUqa58H42PjmtisK41P45f7popzIkzFujML4b2AC
S7YkIBnJPO03Pb5ztudkfhfJB4rf0eDxvDfK1qDIbvduvHnK5GPqkPYThnQGIbiL
XoEXhhso/OuRBSsdW75gHCIw8xqTWFCuw9jY968AAQ8RUlKkZ6xJ
-----END CERTIFICATE-----