Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/fKZHM8j_DLlAFCaVoov-BV61SZA.roa
File:                     fKZHM8j_DLlAFCaVoov-BV61SZA.roa (raw, json)
Hash identifier:          CydkC9DK3cU8cMi962Mbgmd4ilxmpnOevkkyjxCtCpc=
Subject key identifier:   7C:A6:47:33:C8:FF:0C:B9:40:14:26:95:A2:8B:FE:05:5E:B5:49:90
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019DEE55BC58B938BF077B6AC4D2F6CA795D
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/fKZHM8j_DLlAFCaVoov-BV61SZA.roa
Signing time:             Sun 03 May 2026 14:54:49 +0000
ROA not before:           Sun 03 May 2026 14:54:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41717
IP address blocks:        95.181.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ee:55:bc:58:b9:38:bf:07:7b:6a:c4:d2:f6:ca:79:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: May  3 14:54:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ca64733c8ff0cb940142695a28bfe055eb54990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8f:33:5b:ea:4e:5c:8c:04:0b:4c:e7:ca:1c:
                    b2:09:43:3e:eb:93:92:f2:19:ed:36:dc:2f:55:54:
                    c8:e3:0e:d7:56:9c:01:29:5e:ed:c1:91:12:f3:3c:
                    b3:b9:85:30:af:1c:06:52:93:1d:0c:68:cb:88:1e:
                    3d:d5:88:cc:f5:38:f5:69:33:43:78:ea:92:77:12:
                    b6:53:59:5c:2c:ab:27:cb:e5:37:bd:a5:f2:c1:ed:
                    0c:f7:33:54:dd:bb:0f:cb:cf:fc:db:d9:71:11:1f:
                    c6:5d:09:88:b1:cc:f7:99:cf:e9:71:33:38:ae:83:
                    d8:9b:a2:21:7a:0b:6f:3c:2d:6b:d4:55:e2:a9:ea:
                    80:60:3c:39:61:8a:ee:82:4b:f9:22:56:2f:3b:ef:
                    d1:c3:d5:c5:3c:ad:0c:a3:21:3b:04:d8:f3:1f:2b:
                    ca:7d:c1:fe:e1:73:7b:e9:b7:f5:4f:6b:eb:27:8c:
                    6b:25:50:2d:33:2c:93:87:9f:ad:24:a0:41:99:82:
                    4a:dd:4f:e4:fc:99:c9:f2:e9:d8:c4:22:cb:74:ab:
                    11:bf:a1:90:8b:d1:40:e6:e5:52:5a:9d:f2:18:e2:
                    4c:2c:2a:78:93:a2:6d:7d:03:01:d1:3e:c8:ee:84:
                    cb:3f:27:96:7c:de:e3:37:1b:76:38:bd:0e:4d:be:
                    50:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A6:47:33:C8:FF:0C:B9:40:14:26:95:A2:8B:FE:05:5E:B5:49:90
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/fKZHM8j_DLlAFCaVoov-BV61SZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:4f:82:c2:38:27:c3:b2:c6:4f:c0:c8:1b:c9:79:fb:60:14:
         64:21:8b:92:ff:f1:db:00:3e:a8:82:a8:08:10:9b:9e:ab:f6:
         6d:e9:15:f8:96:98:11:32:ff:e2:6d:b7:af:a3:51:8d:59:a4:
         7d:65:f3:32:b0:84:3f:ba:8b:f8:a0:5d:24:56:91:be:77:11:
         72:ea:23:4e:34:c2:9c:bf:b6:41:25:c1:81:6b:68:8a:6b:00:
         1c:4f:2d:53:c0:4d:3d:bd:4f:32:0f:7e:8b:64:1f:f2:fe:51:
         3c:ce:5f:89:be:03:a8:9a:69:00:3d:47:07:73:2c:bf:96:94:
         15:20:de:81:b0:7e:0f:45:47:49:17:6c:5f:02:d4:dc:2b:cb:
         74:3c:ca:0d:38:91:3e:8e:12:f3:4b:a6:d0:b7:69:30:ea:98:
         7e:9e:40:b3:bc:fe:0b:89:1f:2e:7e:4d:69:af:4a:9c:91:41:
         64:7b:d5:a1:df:6a:94:77:75:c7:ea:9b:5e:5c:c2:58:2e:1b:
         4c:8d:f0:bb:6c:2c:e1:04:23:61:a3:32:c3:42:80:30:b1:97:
         44:3e:93:7a:95:f4:74:5e:22:aa:0d:27:4d:3b:39:13:5f:a1:
         d1:a6:5c:fb:fe:c0:f9:0d:5e:a1:f6:0a:98:36:74:88:2a:19:
         c1:26:c9:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3uVbxYuTi/B3tqxNL2ynldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjYwNTAzMTQ1NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E2NDczM2M4ZmYwY2I5NDAxNDI2OTVhMjhiZmUwNTVlYjU0OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y8zW+pOXIwEC0znyhyyCUM+65OS
8hntNtwvVVTI4w7XVpwBKV7twZES8zyzuYUwrxwGUpMdDGjLiB491YjM9Tj1aTND
eOqSdxK2U1lcLKsny+U3vaXywe0M9zNU3bsPy8/829lxER/GXQmIscz3mc/pcTM4
roPYm6IhegtvPC1r1FXiqeqAYDw5YYrugkv5IlYvO+/Rw9XFPK0MoyE7BNjzHyvK
fcH+4XN76bf1T2vrJ4xrJVAtMyyTh5+tJKBBmYJK3U/k/JnJ8unYxCLLdKsRv6GQ
i9FA5uVSWp3yGOJMLCp4k6JtfQMB0T7I7oTLPyeWfN7jNxt2OL0OTb5QIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHymRzPI/wy5QBQmlaKL/gVetUmQMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvZktaSE04al9ETGxBRkNhVm9vdi1CVjYxU1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WiMA0G
CSqGSIb3DQEBCwUAA4IBAQA3T4LCOCfDssZPwMgbyXn7YBRkIYuS//HbAD6ogqgI
EJueq/Zt6RX4lpgRMv/ibbevo1GNWaR9ZfMysIQ/uov4oF0kVpG+dxFy6iNONMKc
v7ZBJcGBa2iKawAcTy1TwE09vU8yD36LZB/y/lE8zl+JvgOommkAPUcHcyy/lpQV
IN6BsH4PRUdJF2xfAtTcK8t0PMoNOJE+jhLzS6bQt2kw6ph+nkCzvP4LiR8ufk1p
r0qckUFke9Wh32qUd3XH6pteXMJYLhtMjfC7bCzhBCNhozLDQoAwsZdEPpN6lfR0
XiKqDSdNOzkTX6HRplz7/sD5DV6h9gqYNnSIKhnBJskb
-----END CERTIFICATE-----