Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/c3hVC3AMElxQ2gQM00S6h3ot4Ps.roa
File:                     c3hVC3AMElxQ2gQM00S6h3ot4Ps.roa (raw, json)
Hash identifier:          6HgFrXl2jim8+KrnKQ6sq1jTwbkU8y1XtU8TNMvAGjM=
Subject key identifier:   73:78:55:0B:70:0C:12:5C:50:DA:04:0C:D3:44:BA:87:7A:2D:E0:FB
Certificate issuer:       /CN=4eedb8556a0cf1e82d8e7c79058f0efb50402ca6
Certificate serial:       019B77C762BCFAE1EE2BF28CDD2F008B8FF3
Authority key identifier: 4E:ED:B8:55:6A:0C:F1:E8:2D:8E:7C:79:05:8F:0E:FB:50:40:2C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/c3hVC3AMElxQ2gQM00S6h3ot4Ps.roa
Signing time:             Thu 01 Jan 2026 04:18:34 +0000
ROA not before:           Thu 01 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35706
IP address blocks:        217.10.96.0/19 maxlen: 19
                          2001:4db8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 22:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:62:bc:fa:e1:ee:2b:f2:8c:dd:2f:00:8b:8f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eedb8556a0cf1e82d8e7c79058f0efb50402ca6
        Validity
            Not Before: Jan  1 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7378550b700c125c50da040cd344ba877a2de0fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:53:b3:68:bf:28:b4:fa:7e:f9:fc:19:a4:
                    b1:ab:a2:1f:71:b4:f4:6b:1d:43:13:75:10:b9:e2:
                    2a:92:8a:24:37:86:54:9e:44:55:d5:95:aa:67:19:
                    57:c6:ee:57:55:16:f8:fa:64:e3:2f:43:8e:78:2c:
                    46:a8:0f:aa:7e:40:28:c1:1d:42:51:8c:59:85:db:
                    6d:94:f0:24:7f:b8:75:d9:49:a1:bd:1d:e7:60:4f:
                    55:14:27:15:df:60:87:3c:ae:ee:76:c4:94:5d:38:
                    89:ee:05:e9:b4:27:e9:3e:ae:f6:f9:85:88:51:c5:
                    00:cb:48:81:c9:30:98:24:44:30:ef:4a:1b:7d:39:
                    7c:a5:c0:ad:c0:b8:f1:11:0b:b8:a2:aa:aa:29:db:
                    84:b6:f2:63:6b:7c:1b:22:cb:f9:9d:10:a1:57:ac:
                    74:7d:3d:61:fe:c0:9c:b0:1c:0b:f9:62:c6:4b:d8:
                    31:96:3a:34:74:26:1f:b1:19:41:cd:a3:c9:55:97:
                    0e:21:1f:e2:b1:19:0b:1d:0f:5c:6b:1d:d0:cc:74:
                    a6:a8:40:ff:7f:d4:60:f1:e5:9f:2a:4f:fb:19:b6:
                    5c:07:c1:57:0b:ea:56:ac:18:02:eb:6a:ce:84:47:
                    6e:b6:cd:e7:7e:f8:6d:b7:e9:a2:6a:e1:b9:bf:ce:
                    cc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:78:55:0B:70:0C:12:5C:50:DA:04:0C:D3:44:BA:87:7A:2D:E0:FB
            X509v3 Authority Key Identifier:
                keyid:4E:ED:B8:55:6A:0C:F1:E8:2D:8E:7C:79:05:8F:0E:FB:50:40:2C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/c3hVC3AMElxQ2gQM00S6h3ot4Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.10.96.0/19
                IPv6:
                  2001:4db8::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:bf:e3:da:92:88:b1:4f:0e:e7:5a:6a:5c:d8:f3:61:80:75:
         ea:33:ce:a9:d8:5a:36:05:da:bf:ef:73:ff:95:1d:29:00:a3:
         4d:03:a8:8e:44:d6:3d:3d:56:bc:fb:9b:f8:bc:ba:b6:e7:93:
         2f:53:9f:02:e8:ed:a3:bd:ae:fe:9d:44:63:9b:84:18:30:0a:
         77:44:39:bb:3b:56:73:80:11:7e:48:f0:4c:0d:23:f3:0e:a2:
         e5:80:98:4c:ec:88:bd:c3:7e:d2:87:b0:9c:e7:1e:55:ce:60:
         00:0d:fd:fe:19:db:bd:a6:bb:e1:0a:8c:d2:c2:4d:40:33:4f:
         48:0b:08:ef:c0:96:9c:ff:52:4f:44:00:d8:b8:df:62:70:d2:
         63:98:24:cb:06:39:b0:fd:60:be:76:fa:35:4f:fb:42:f3:91:
         77:2a:48:42:e7:7f:80:6d:95:e7:ca:1a:e5:7f:6b:ab:fe:ab:
         d3:8d:e1:38:80:d0:db:87:69:3f:2b:a9:0e:3f:1b:7f:21:b9:
         1a:fc:7b:0d:4f:c0:41:fd:38:69:12:2c:1b:81:48:dd:27:49:
         92:27:f2:20:be:22:5c:c1:d2:d5:15:81:43:f4:0a:58:c1:89:
         db:7d:c6:eb:82:5c:83:f9:fd:71:97:b0:24:34:4b:0c:2d:30:
         d8:f6:33:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3x2K8+uHuK/KM3S8Ai4/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWRiODU1NmEwY2YxZTgyZDhlN2M3OTA1OGYwZWZiNTA0
MDJjYTYwHhcNMjYwMTAxMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc4NTUwYjcwMGMxMjVjNTBkYTA0MGNkMzQ0YmE4NzdhMmRlMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLRTs2i/KLT6fvn8GaSxq6IfcbT0
ax1DE3UQueIqkookN4ZUnkRV1ZWqZxlXxu5XVRb4+mTjL0OOeCxGqA+qfkAowR1C
UYxZhdttlPAkf7h12UmhvR3nYE9VFCcV32CHPK7udsSUXTiJ7gXptCfpPq72+YWI
UcUAy0iByTCYJEQw70obfTl8pcCtwLjxEQu4oqqqKduEtvJja3wbIsv5nRChV6x0
fT1h/sCcsBwL+WLGS9gxljo0dCYfsRlBzaPJVZcOIR/isRkLHQ9cax3QzHSmqED/
f9Rg8eWfKk/7GbZcB8FXC+pWrBgC62rOhEduts3nfvhtt+miauG5v87M1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHN4VQtwDBJcUNoEDNNEuod6LeD7MB8GA1UdIwQY
MBaAFE7tuFVqDPHoLY58eQWPDvtQQCymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHUyNFZXb004ZWd0am54NUJZOE8tMUJBTEtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84ODRhYWUtMjIwMy00ZjIxLTkxYTQt
OGYxZmYzODgwMTAyLzEvYzNoVkMzQU1FbHhRMmdRTTAwUzZoM290NFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84ODRhYWUtMjIwMy00ZjIxLTkxYTQtOGYxZmYzODgwMTAy
LzEvVHUyNFZXb004ZWd0am54NUJZOE8tMUJBTEtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF2QpgMA0E
AgACMAcDBQAgAU24MA0GCSqGSIb3DQEBCwUAA4IBAQCQv+PakoixTw7nWmpc2PNh
gHXqM86p2Fo2Bdq/73P/lR0pAKNNA6iORNY9PVa8+5v4vLq255MvU58C6O2jva7+
nURjm4QYMAp3RDm7O1ZzgBF+SPBMDSPzDqLlgJhM7Ii9w37Sh7Cc5x5VzmAADf3+
Gdu9prvhCozSwk1AM09ICwjvwJac/1JPRADYuN9icNJjmCTLBjmw/WC+dvo1T/tC
85F3KkhC53+AbZXnyhrlf2ur/qvTjeE4gNDbh2k/K6kOPxt/Ibka/HsNT8BB/Thp
EiwbgUjdJ0mSJ/IgviJcwdLVFYFD9ApYwYnbfcbrglyD+f1xl7AkNEsMLTDY9jOL
-----END CERTIFICATE-----