Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/akdVKtaJNtpQXyAerCIG-2nWYYE.roa
File:                     akdVKtaJNtpQXyAerCIG-2nWYYE.roa (raw, json)
Hash identifier:          X7gK7VTVNK7KTQ15k3Adb2wFKjIt4F0353CrY9TgvxA=
Subject key identifier:   6A:47:55:2A:D6:89:36:DA:50:5F:20:1E:AC:22:06:FB:69:D6:61:81
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019DF1FF3C77E6C92A152EC3BBD6527639AA
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/akdVKtaJNtpQXyAerCIG-2nWYYE.roa
Signing time:             Mon 04 May 2026 07:58:49 +0000
ROA not before:           Mon 04 May 2026 07:58:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210162
IP address blocks:        88.216.193.0/24 maxlen: 24
                          88.216.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:ff:3c:77:e6:c9:2a:15:2e:c3:bb:d6:52:76:39:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: May  4 07:58:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a47552ad68936da505f201eac2206fb69d66181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f0:bd:79:a0:f7:30:3c:ce:ab:6a:ed:ee:fd:
                    85:b4:60:02:47:5e:10:f7:ab:a7:60:28:d9:c5:6b:
                    5e:f7:e0:d9:96:1e:12:bd:d7:80:0b:8c:cc:fd:5c:
                    70:c7:91:c0:97:a3:d8:62:e4:74:b5:fa:52:76:b4:
                    bd:39:4f:42:22:15:70:4b:3b:fc:a2:2f:21:03:f4:
                    8a:bf:8d:ba:44:94:fc:82:cf:50:47:3b:c3:19:27:
                    dc:00:e8:9b:7f:a4:00:04:e6:83:66:91:8d:cc:a0:
                    09:8a:63:eb:93:be:d5:67:64:a5:c2:46:29:a5:5f:
                    95:cb:45:d5:1a:68:27:9e:e6:c3:e3:22:ff:76:08:
                    88:cc:3c:e1:7c:37:53:65:8a:ba:b5:7c:73:75:1e:
                    23:a7:35:70:68:61:a1:ed:dd:3d:73:41:aa:6e:bb:
                    bb:31:34:50:8b:0f:b1:ff:8c:b3:b2:f6:25:4d:4a:
                    99:29:97:f3:62:65:a4:e5:3f:52:9c:f7:d4:39:bc:
                    d2:b1:72:86:88:c3:bf:80:ca:fe:1e:27:60:4a:e9:
                    3b:be:eb:4a:4b:d4:1d:bf:b6:df:2f:11:85:23:bf:
                    9f:53:66:cf:1d:80:5b:45:0c:f4:dc:7f:f3:ae:95:
                    46:ed:30:c0:67:b1:cf:6f:08:4d:77:e3:11:a5:0b:
                    9b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:47:55:2A:D6:89:36:DA:50:5F:20:1E:AC:22:06:FB:69:D6:61:81
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/akdVKtaJNtpQXyAerCIG-2nWYYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.193.0-88.216.194.255

    Signature Algorithm: sha256WithRSAEncryption
         61:e1:47:9e:d7:67:7f:47:11:4f:2f:49:8c:47:3e:ea:e7:73:
         b9:89:af:c6:e4:77:f9:ce:96:20:cd:dc:cb:2a:02:e2:97:a0:
         0f:16:37:79:91:b2:38:e6:60:f1:fc:57:67:aa:b0:7d:e4:38:
         17:9b:80:41:69:57:a9:3f:18:cc:cd:26:13:54:c2:13:1a:0f:
         04:4b:10:e2:92:fd:ab:ac:94:76:17:29:ea:68:d8:32:11:96:
         e2:da:33:a7:c6:00:0f:ed:3d:fd:26:d2:32:52:13:50:ee:2e:
         85:8f:54:a1:4c:d3:cc:81:12:29:ba:e2:a0:2f:13:a7:eb:f3:
         2f:5e:23:15:5b:f3:60:bb:99:51:e5:8b:61:ab:49:f0:19:3a:
         cc:b7:a6:e8:38:02:3f:63:49:13:52:46:e6:ee:0a:4a:a1:b1:
         07:b0:5a:9f:36:a4:82:e3:ec:3a:a7:8d:e6:37:b9:b6:a3:53:
         53:4a:28:72:ca:72:66:37:9d:fb:ab:eb:83:82:60:02:be:17:
         82:e4:99:94:61:11:fe:e4:ad:04:8c:6e:07:f7:c5:87:5f:f6:
         31:7b:a5:b0:ff:49:e9:4c:86:17:c2:0d:63:f2:6f:a7:46:10:
         fc:72:c8:24:fb:10:29:28:31:dc:a1:a2:4f:4b:99:24:9b:bb:
         81:ce:03:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ3x/zx35skqFS7Du9ZSdjmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwNTA0MDc1ODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ3NTUyYWQ2ODkzNmRhNTA1ZjIwMWVhYzIyMDZmYjY5ZDY2MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vC9eaD3MDzOq2rt7v2FtGACR14Q
96unYCjZxWte9+DZlh4SvdeAC4zM/Vxwx5HAl6PYYuR0tfpSdrS9OU9CIhVwSzv8
oi8hA/SKv426RJT8gs9QRzvDGSfcAOibf6QABOaDZpGNzKAJimPrk77VZ2SlwkYp
pV+Vy0XVGmgnnubD4yL/dgiIzDzhfDdTZYq6tXxzdR4jpzVwaGGh7d09c0Gqbru7
MTRQiw+x/4yzsvYlTUqZKZfzYmWk5T9SnPfUObzSsXKGiMO/gMr+HidgSuk7vutK
S9Qdv7bfLxGFI7+fU2bPHYBbRQz03H/zrpVG7TDAZ7HPbwhNd+MRpQubwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGpHVSrWiTbaUF8gHqwiBvtp1mGBMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYWtkVkt0YUpOdHBRWHlBZXJDSUctMm5XWVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABY2MED
BABY2MIwDQYJKoZIhvcNAQELBQADggEBAGHhR57XZ39HEU8vSYxHPurnc7mJr8bk
d/nOliDN3MsqAuKXoA8WN3mRsjjmYPH8V2eqsH3kOBebgEFpV6k/GMzNJhNUwhMa
DwRLEOKS/auslHYXKepo2DIRluLaM6fGAA/tPf0m0jJSE1DuLoWPVKFM08yBEim6
4qAvE6fr8y9eIxVb82C7mVHli2GrSfAZOsy3pug4Aj9jSRNSRubuCkqhsQewWp82
pILj7DqnjeY3ubajU1NKKHLKcmY3nfur64OCYAK+F4LkmZRhEf7krQSMbgf3xYdf
9jF7pbD/SelMhhfCDWPyb6dGEPxyyCT7ECkoMdyhok9LmSSbu4HOA9g=
-----END CERTIFICATE-----