Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A4nevXWVLl5vdfSO_m17bHDukbA.roa
File:                     A4nevXWVLl5vdfSO_m17bHDukbA.roa (raw, json)
Hash identifier:          QX/nCQkB1QHkZvD4R7eemwvmvQKwPODodhWHPVsSonY=
Subject key identifier:   03:89:DE:BD:75:95:2E:5E:6F:75:F4:8E:FE:6D:7B:6C:70:EE:91:B0
Certificate issuer:       /CN=03d8024188491a319c5276721f940efae7fc21af
Certificate serial:       019CE27652A02DEAB5F9BB404EE006F599A5
Authority key identifier: 03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A4nevXWVLl5vdfSO_m17bHDukbA.roa
Signing time:             Thu 12 Mar 2026 14:32:11 +0000
ROA not before:           Thu 12 Mar 2026 14:32:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212991
IP address blocks:        80.248.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:76:52:a0:2d:ea:b5:f9:bb:40:4e:e0:06:f5:99:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d8024188491a319c5276721f940efae7fc21af
        Validity
            Not Before: Mar 12 14:32:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0389debd75952e5e6f75f48efe6d7b6c70ee91b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bd:fc:26:f5:e2:65:85:3e:6a:82:f0:12:da:
                    3f:24:17:00:01:a6:18:ca:41:15:73:03:d7:14:be:
                    69:7d:f4:21:1f:da:9d:38:46:68:7a:a9:cb:52:a7:
                    1c:a1:48:68:1d:cb:56:63:85:36:e1:2e:6f:a7:e8:
                    ef:ec:74:12:08:e2:5d:7d:5c:57:9d:fb:d7:ee:91:
                    53:d4:a9:f0:31:b7:f2:f9:ef:c0:d6:19:e9:1b:17:
                    64:32:6d:3e:12:d0:c4:39:9c:28:b8:7b:9b:98:93:
                    bc:a5:25:44:e7:29:f3:20:58:6b:92:b8:14:31:80:
                    d3:9d:f1:bc:a7:7a:94:06:f5:5b:f6:ae:04:b0:e9:
                    6f:67:c0:9a:0d:4c:f7:e5:6e:18:27:8c:7a:20:6b:
                    44:00:d5:62:06:aa:3e:92:55:ee:fb:b0:af:53:df:
                    ce:0b:d5:03:80:07:3c:0f:30:9f:b6:fe:42:00:61:
                    10:7d:02:0a:3e:d1:98:dc:ad:7c:6c:9c:96:12:d7:
                    91:0a:22:3b:47:bf:14:26:73:1d:10:61:59:27:86:
                    e7:30:b4:55:f1:c2:f4:e6:36:4a:a3:00:3b:08:c1:
                    4e:3e:e0:31:6f:6b:9b:64:09:e8:6d:4e:03:a5:f4:
                    51:be:ad:32:8f:16:57:27:a5:8a:e1:ca:02:22:82:
                    1b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:89:DE:BD:75:95:2E:5E:6F:75:F4:8E:FE:6D:7B:6C:70:EE:91:B0
            X509v3 Authority Key Identifier:
                keyid:03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A4nevXWVLl5vdfSO_m17bHDukbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:19:ba:d1:21:56:e7:4e:8f:83:b5:e8:b1:8b:ed:10:7c:9e:
         74:af:81:f2:25:90:0c:a2:dd:74:8f:3d:a5:da:56:c9:3e:e9:
         a8:82:fa:31:6d:14:ac:2d:89:3e:9c:26:11:52:be:2a:04:53:
         da:a1:17:9a:bf:1f:80:dd:84:78:a0:86:5f:1f:94:93:fa:d9:
         54:b3:4b:10:e1:ad:3e:d5:2c:4b:66:27:de:5f:fa:92:26:28:
         9c:32:21:c1:e5:c1:47:6f:6c:f1:17:4a:8c:bf:cd:cc:bc:39:
         ae:84:45:dc:78:08:a2:3f:81:c1:00:84:af:b3:32:21:3f:c5:
         46:e9:f8:15:28:c7:e8:fe:34:3c:ad:a9:ed:0c:f3:66:2f:4a:
         82:43:73:91:da:49:f0:9c:08:05:e5:3c:5d:18:9b:3d:8a:b0:
         83:97:57:70:6e:72:25:d4:6c:e0:b3:34:98:c2:c9:ba:04:5c:
         ea:9d:47:c7:17:bd:f7:96:4b:7e:5c:5b:b5:75:64:37:03:a7:
         df:27:91:0e:a3:e5:82:53:55:f9:f5:10:6e:52:c3:f7:15:a5:
         2d:bf:e0:bf:5e:06:7b:99:a0:0d:2e:fc:7a:79:ff:1e:d7:58:
         fd:26:57:1e:bf:dd:09:0f:4f:75:d7:de:7f:3c:cb:6e:ee:d4:
         8f:d6:cd:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzidlKgLeq1+btATuAG9ZmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDgwMjQxODg0OTFhMzE5YzUyNzY3MjFmOTQwZWZhZTdm
YzIxYWYwHhcNMjYwMzEyMTQzMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg5ZGViZDc1OTUyZTVlNmY3NWY0OGVmZTZkN2I2YzcwZWU5MWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr738JvXiZYU+aoLwEto/JBcAAaYY
ykEVcwPXFL5pffQhH9qdOEZoeqnLUqccoUhoHctWY4U24S5vp+jv7HQSCOJdfVxX
nfvX7pFT1KnwMbfy+e/A1hnpGxdkMm0+EtDEOZwouHubmJO8pSVE5ynzIFhrkrgU
MYDTnfG8p3qUBvVb9q4EsOlvZ8CaDUz35W4YJ4x6IGtEANViBqo+klXu+7CvU9/O
C9UDgAc8DzCftv5CAGEQfQIKPtGY3K18bJyWEteRCiI7R78UJnMdEGFZJ4bnMLRV
8cL05jZKowA7CMFOPuAxb2ubZAnobU4DpfRRvq0yjxZXJ6WK4coCIoIbUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOJ3r11lS5eb3X0jv5te2xw7pGwMB8GA1UdIwQY
MBaAFAPYAkGISRoxnFJ2ch+UDvrn/CGvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODct
N2JiYWM4Y2MyNzgzLzEvQTRuZXZYV1ZMbDV2ZGZTT19tMTdiSER1a2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODctN2JiYWM4Y2MyNzgz
LzEvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPiIMA0G
CSqGSIb3DQEBCwUAA4IBAQCZGbrRIVbnTo+Dteixi+0QfJ50r4HyJZAMot10jz2l
2lbJPumogvoxbRSsLYk+nCYRUr4qBFPaoReavx+A3YR4oIZfH5ST+tlUs0sQ4a0+
1SxLZifeX/qSJiicMiHB5cFHb2zxF0qMv83MvDmuhEXceAiiP4HBAISvszIhP8VG
6fgVKMfo/jQ8rantDPNmL0qCQ3OR2knwnAgF5TxdGJs9irCDl1dwbnIl1GzgszSY
wsm6BFzqnUfHF733lkt+XFu1dWQ3A6ffJ5EOo+WCU1X59RBuUsP3FaUtv+C/XgZ7
maANLvx6ef8e11j9Jlcev90JD091195/PMtu7tSP1s0o
-----END CERTIFICATE-----