Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/KjyZ-IWUc2C7pVW-MHRxX3svnzE.roa
File:                     KjyZ-IWUc2C7pVW-MHRxX3svnzE.roa (raw, json)
Hash identifier:          0GkpPe5cedhyWHxbUVRPb6N3X2iYNRX2oFNBWSQd5QM=
Subject key identifier:   2A:3C:99:F8:85:94:73:60:BB:A5:55:BE:30:74:71:5F:7B:2F:9F:31
Certificate issuer:       /CN=1e1c2357e70b97d03ed70c3d688ce507c6758d54
Certificate serial:       019CDF361C44CB65C03557B5B5D782FA80FD
Authority key identifier: 1E:1C:23:57:E7:0B:97:D0:3E:D7:0C:3D:68:8C:E5:07:C6:75:8D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/KjyZ-IWUc2C7pVW-MHRxX3svnzE.roa
Signing time:             Wed 11 Mar 2026 23:23:11 +0000
ROA not before:           Wed 11 Mar 2026 23:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44847
IP address blocks:        91.203.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:df:36:1c:44:cb:65:c0:35:57:b5:b5:d7:82:fa:80:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e1c2357e70b97d03ed70c3d688ce507c6758d54
        Validity
            Not Before: Mar 11 23:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a3c99f885947360bba555be3074715f7b2f9f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f6:fd:08:c3:a1:fd:a4:43:30:59:71:84:39:
                    5c:50:8e:03:88:c4:f9:68:04:d6:89:51:f5:47:13:
                    65:db:e1:4b:86:bf:0d:15:fd:10:60:93:f9:13:82:
                    03:28:2b:4f:5b:64:76:80:17:0a:34:81:2a:dc:cd:
                    d5:d3:37:86:e5:2d:76:4d:87:20:38:90:c5:68:cc:
                    f4:d7:dc:30:e9:0a:d7:3b:3f:a8:c2:c3:53:29:b4:
                    af:82:9e:23:29:c4:33:81:a1:a7:e0:73:dd:74:fe:
                    df:47:0e:96:6c:3f:12:1c:65:34:b1:9a:42:d8:29:
                    b4:4a:37:ac:a8:9d:3b:a8:a1:a2:79:a2:19:af:41:
                    2c:c4:6f:96:9d:b6:df:3f:61:5d:c0:eb:88:66:d8:
                    d4:91:ff:d7:88:ef:75:da:86:c8:44:e6:8b:f1:1d:
                    a7:77:e2:83:0f:b0:0b:9e:91:ab:24:84:8a:38:80:
                    bb:11:ac:00:8e:1f:97:70:ee:2c:a7:42:03:5f:77:
                    c5:7e:ed:81:b2:f8:da:8f:cd:28:ee:68:d8:0a:3c:
                    6e:14:1d:d6:93:d2:92:6e:a6:f7:a8:be:b6:c5:db:
                    2d:eb:77:3a:89:0c:28:1c:f7:98:e8:89:ea:63:24:
                    65:53:a1:a1:e4:24:ef:fa:33:78:0a:af:97:b3:b8:
                    00:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3C:99:F8:85:94:73:60:BB:A5:55:BE:30:74:71:5F:7B:2F:9F:31
            X509v3 Authority Key Identifier:
                keyid:1E:1C:23:57:E7:0B:97:D0:3E:D7:0C:3D:68:8C:E5:07:C6:75:8D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/KjyZ-IWUc2C7pVW-MHRxX3svnzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/054867-14d4-4922-bf5f-6ddcfac970f7/1/HhwjV-cLl9A-1ww9aIzlB8Z1jVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fd:7b:ca:dc:c1:bb:fb:e8:f0:0e:25:59:1f:10:8a:39:a4:
         55:a6:25:8f:3d:2b:60:2e:72:f8:85:23:a1:e1:76:13:95:6d:
         0d:22:d8:d5:b5:1b:c6:cf:6f:be:e4:9f:d7:02:bc:dc:8b:f9:
         cd:a4:fb:b8:06:8e:04:cc:27:68:a4:ed:96:85:b6:00:89:a2:
         7b:a7:a0:24:d4:f3:cf:5a:29:ff:74:73:83:3c:5a:9d:e2:3b:
         50:de:af:2d:1c:24:08:59:ef:7d:51:6c:7d:d9:de:4e:a2:ee:
         72:f1:9c:b9:9b:47:a0:60:7a:45:bd:41:bb:3e:46:12:20:a8:
         33:09:cc:fe:9c:06:f5:a5:7b:71:31:46:7b:c3:cb:82:b4:6c:
         f5:23:b0:b2:93:ed:5d:5a:8d:0f:58:0b:1c:55:ef:61:96:bc:
         40:29:c1:7d:3c:5d:fb:72:0b:dd:74:8a:34:92:ff:f5:3e:28:
         98:c1:e4:c0:0e:37:09:ce:86:24:54:3a:04:59:08:e7:5c:c6:
         12:1a:00:d7:ce:37:fb:37:36:bc:ba:19:26:dc:ad:55:37:ae:
         0b:82:3c:71:1a:cc:17:b3:9c:43:78:18:b4:e2:26:a4:dd:98:
         0f:88:e4:34:9d:83:f6:9b:5b:7b:db:43:60:53:35:b1:f3:e3:
         cb:f0:8c:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzfNhxEy2XANVe1tdeC+oD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMWMyMzU3ZTcwYjk3ZDAzZWQ3MGMzZDY4OGNlNTA3YzY3
NThkNTQwHhcNMjYwMzExMjMyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNjOTlmODg1OTQ3MzYwYmJhNTU1YmUzMDc0NzE1ZjdiMmY5ZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPb9CMOh/aRDMFlxhDlcUI4DiMT5
aATWiVH1RxNl2+FLhr8NFf0QYJP5E4IDKCtPW2R2gBcKNIEq3M3V0zeG5S12TYcg
OJDFaMz019ww6QrXOz+owsNTKbSvgp4jKcQzgaGn4HPddP7fRw6WbD8SHGU0sZpC
2Cm0SjesqJ07qKGieaIZr0EsxG+WnbbfP2FdwOuIZtjUkf/XiO912obIROaL8R2n
d+KDD7ALnpGrJISKOIC7EawAjh+XcO4sp0IDX3fFfu2Bsvjaj80o7mjYCjxuFB3W
k9KSbqb3qL62xdst63c6iQwoHPeY6InqYyRlU6Gh5CTv+jN4Cq+Xs7gAlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCo8mfiFlHNgu6VVvjB0cV97L58xMB8GA1UdIwQY
MBaAFB4cI1fnC5fQPtcMPWiM5QfGdY1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGh3alYtY0xsOUEtMXd3OWFJemxCOFoxalZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8wNTQ4NjctMTRkNC00OTIyLWJmNWYt
NmRkY2ZhYzk3MGY3LzEvS2p5Wi1JV1VjMkM3cFZXLU1IUnhYM3N2bnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8wNTQ4NjctMTRkNC00OTIyLWJmNWYtNmRkY2ZhYzk3MGY3
LzEvSGh3alYtY0xsOUEtMXd3OWFJemxCOFoxalZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8slMA0G
CSqGSIb3DQEBCwUAA4IBAQA3/XvK3MG7++jwDiVZHxCKOaRVpiWPPStgLnL4hSOh
4XYTlW0NItjVtRvGz2++5J/XArzci/nNpPu4Bo4EzCdopO2WhbYAiaJ7p6Ak1PPP
Win/dHODPFqd4jtQ3q8tHCQIWe99UWx92d5Oou5y8Zy5m0egYHpFvUG7PkYSIKgz
Ccz+nAb1pXtxMUZ7w8uCtGz1I7Cyk+1dWo0PWAscVe9hlrxAKcF9PF37cgvddIo0
kv/1PiiYweTADjcJzoYkVDoEWQjnXMYSGgDXzjf7Nza8uhkm3K1VN64LgjxxGswX
s5xDeBi04iak3ZgPiOQ0nYP2m1t720NgUzWx8+PL8IxJ
-----END CERTIFICATE-----