Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/4ukuhw_haW3v-UR3-X02vzRxEqk.roa
File:                     4ukuhw_haW3v-UR3-X02vzRxEqk.roa (raw, json)
Hash identifier:          3gPElwyP3zSQRwc7mfKfKqxLWNtv4Su9q6Qms+U6jpQ=
Subject key identifier:   E2:E9:2E:87:0F:E1:69:6D:EF:F9:44:77:F9:7D:36:BF:34:71:12:A9
Certificate issuer:       /CN=f7c6fa689adef2317229092ffa067c041e2a8fd1
Certificate serial:       019D43A8061E41665F12234DFABE408F5822
Authority key identifier: F7:C6:FA:68:9A:DE:F2:31:72:29:09:2F:FA:06:7C:04:1E:2A:8F:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98b6aJre8jFyKQkv-gZ8BB4qj9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/4ukuhw_haW3v-UR3-X02vzRxEqk.roa
Signing time:             Tue 31 Mar 2026 11:29:38 +0000
ROA not before:           Tue 31 Mar 2026 11:29:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200974
IP address blocks:        193.46.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/98b6aJre8jFyKQkv-gZ8BB4qj9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/98b6aJre8jFyKQkv-gZ8BB4qj9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98b6aJre8jFyKQkv-gZ8BB4qj9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:a8:06:1e:41:66:5f:12:23:4d:fa:be:40:8f:58:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7c6fa689adef2317229092ffa067c041e2a8fd1
        Validity
            Not Before: Mar 31 11:29:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2e92e870fe1696deff94477f97d36bf347112a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:97:47:17:2b:e9:da:2c:28:e1:25:e7:5e:56:
                    21:15:51:c0:dc:9c:d2:a1:a1:eb:a9:e7:2e:81:ea:
                    65:a4:40:85:16:28:59:e1:60:79:44:31:f1:67:38:
                    06:f2:db:6a:47:48:ee:ce:d8:5b:0d:07:f4:b9:b2:
                    69:70:73:77:5e:33:88:64:3d:3c:29:ff:0d:29:ef:
                    77:62:82:89:df:c9:e1:61:7d:cd:c9:a4:e1:7a:a3:
                    fe:92:ff:ca:64:84:db:75:11:d1:c1:fe:44:12:0d:
                    8f:db:23:d1:da:b8:67:21:7a:d2:a4:3e:99:06:28:
                    e4:14:98:a1:fb:4c:aa:a9:04:58:dc:a6:d0:7f:53:
                    99:ab:b6:7b:6a:95:84:fc:41:53:22:1e:8f:6f:72:
                    96:5e:50:48:8b:1e:3c:1d:cd:64:38:d9:cd:dc:0e:
                    5a:16:8d:44:00:1e:5e:dd:6e:fa:44:1f:4b:84:ff:
                    86:8f:6d:df:fe:1c:ce:f9:73:0f:39:17:d8:ea:18:
                    54:68:8a:8f:f4:63:e1:b9:a5:95:f5:27:3b:70:40:
                    b6:b9:e5:7a:f1:95:ef:c6:66:28:7c:b3:7b:bd:a7:
                    f6:cc:eb:c7:73:8d:fe:50:ec:1e:4f:1e:9a:4f:11:
                    0d:48:a4:75:30:19:f0:ab:cd:ff:78:08:88:bc:66:
                    63:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E9:2E:87:0F:E1:69:6D:EF:F9:44:77:F9:7D:36:BF:34:71:12:A9
            X509v3 Authority Key Identifier:
                keyid:F7:C6:FA:68:9A:DE:F2:31:72:29:09:2F:FA:06:7C:04:1E:2A:8F:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98b6aJre8jFyKQkv-gZ8BB4qj9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/4ukuhw_haW3v-UR3-X02vzRxEqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bd715b-4576-46ff-bc43-14f2fe8130a7/1/98b6aJre8jFyKQkv-gZ8BB4qj9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c9:d6:68:8d:63:97:74:f3:1c:5c:e3:f0:73:12:ce:c1:9a:
         9b:e3:ca:f9:0e:4c:44:d9:d2:ab:18:c5:99:b4:fa:37:f0:b5:
         78:fd:6d:93:a8:23:d7:52:24:0a:4d:cd:4b:07:af:44:34:41:
         f0:bb:20:13:57:e2:23:7d:7c:a3:1b:f7:15:4b:37:d6:5e:9c:
         17:80:5f:c3:ce:79:da:12:75:4a:78:e6:47:4b:ed:da:05:35:
         66:ca:93:50:70:f9:8c:cd:77:b6:7d:66:06:ff:c5:0b:94:6f:
         2d:eb:79:4d:a7:03:1e:82:01:13:0f:3d:c3:5a:94:6c:c8:4d:
         a5:6a:a2:42:54:8d:bb:92:a0:9f:f8:87:f1:51:ad:36:9f:55:
         82:89:68:11:ec:60:18:70:58:0f:0d:42:c8:0d:a1:f0:df:05:
         25:72:69:50:cb:db:ae:ce:53:54:75:77:2c:64:fb:29:6f:ec:
         a5:a4:dc:b1:9b:bd:f7:1f:4e:6f:bf:a6:2b:c0:6c:cb:6b:ca:
         e9:f7:48:0a:cf:4d:78:71:df:1d:9a:6d:bc:fc:2a:34:ef:5b:
         3c:97:ae:35:9c:6f:1e:00:7e:32:31:d8:04:1a:65:82:6c:6e:
         c6:1b:a9:39:06:3b:ce:96:35:cb:a0:69:ba:87:7a:76:2c:31:
         cf:f4:9a:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DqAYeQWZfEiNN+r5Aj1giMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YzZmYTY4OWFkZWYyMzE3MjI5MDkyZmZhMDY3YzA0MWUy
YThmZDEwHhcNMjYwMzMxMTEyOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU5MmU4NzBmZTE2OTZkZWZmOTQ0NzdmOTdkMzZiZjM0NzExMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5dHFyvp2iwo4SXnXlYhFVHA3JzS
oaHrqecugeplpECFFihZ4WB5RDHxZzgG8ttqR0juzthbDQf0ubJpcHN3XjOIZD08
Kf8NKe93YoKJ38nhYX3NyaTheqP+kv/KZITbdRHRwf5EEg2P2yPR2rhnIXrSpD6Z
BijkFJih+0yqqQRY3KbQf1OZq7Z7apWE/EFTIh6Pb3KWXlBIix48Hc1kONnN3A5a
Fo1EAB5e3W76RB9LhP+Gj23f/hzO+XMPORfY6hhUaIqP9GPhuaWV9Sc7cEC2ueV6
8ZXvxmYofLN7vaf2zOvHc43+UOweTx6aTxENSKR1MBnwq83/eAiIvGZjywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLpLocP4Wlt7/lEd/l9Nr80cRKpMB8GA1UdIwQY
MBaAFPfG+mia3vIxcikJL/oGfAQeKo/RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThiNmFKcmU4akZ5S1Frdi1nWjhCQjRxajlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9iZDcxNWItNDU3Ni00NmZmLWJjNDMt
MTRmMmZlODEzMGE3LzEvNHVrdWh3X2hhVzN2LVVSMy1YMDJ2elJ4RXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9iZDcxNWItNDU3Ni00NmZmLWJjNDMtMTRmMmZlODEzMGE3
LzEvOThiNmFKcmU4akZ5S1Frdi1nWjhCQjRxajlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS67MA0G
CSqGSIb3DQEBCwUAA4IBAQBTydZojWOXdPMcXOPwcxLOwZqb48r5DkxE2dKrGMWZ
tPo38LV4/W2TqCPXUiQKTc1LB69ENEHwuyATV+IjfXyjG/cVSzfWXpwXgF/Dznna
EnVKeOZHS+3aBTVmypNQcPmMzXe2fWYG/8ULlG8t63lNpwMeggETDz3DWpRsyE2l
aqJCVI27kqCf+IfxUa02n1WCiWgR7GAYcFgPDULIDaHw3wUlcmlQy9uuzlNUdXcs
ZPspb+ylpNyxm733H05vv6YrwGzLa8rp90gKz014cd8dmm28/Co071s8l641nG8e
AH4yMdgEGmWCbG7GG6k5BjvOljXLoGm6h3p2LDHP9Jqd
-----END CERTIFICATE-----