Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NRDXqH80IYUDZrydCPO1C4hb-Zw.roa
File:                     NRDXqH80IYUDZrydCPO1C4hb-Zw.roa (raw, json)
Hash identifier:          1Aui04lvZ+rro9k3NOr0lKI8gpQYwTiG29RXp6rCSUc=
Subject key identifier:   35:10:D7:A8:7F:34:21:85:03:66:BC:9D:08:F3:B5:0B:88:5B:F9:9C
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DD785977B7FEFB2C3083229B6226F1883
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NRDXqH80IYUDZrydCPO1C4hb-Zw.roa
Signing time:             Wed 29 Apr 2026 04:35:49 +0000
ROA not before:           Wed 29 Apr 2026 04:35:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        89.125.132.0/24 maxlen: 24
                          89.125.133.0/24 maxlen: 24
                          89.125.134.0/24 maxlen: 24
                          89.125.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d7:85:97:7b:7f:ef:b2:c3:08:32:29:b6:22:6f:18:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 29 04:35:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3510d7a87f3421850366bc9d08f3b50b885bf99c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:12:07:89:5e:d0:ca:c4:6d:64:5e:3b:ba:4b:
                    16:e2:5e:37:54:9b:48:03:e7:eb:80:14:b4:42:29:
                    f0:fa:bd:86:b8:5d:de:f8:89:69:f9:93:d3:98:da:
                    eb:96:af:88:58:79:ad:f6:97:fe:0d:d9:19:49:76:
                    80:fb:f9:b2:87:82:ec:bd:bf:96:28:a4:1f:21:68:
                    27:a1:e0:47:2a:e6:f5:f6:09:3d:8b:46:88:06:3f:
                    ac:64:87:4e:c7:51:89:97:3d:1f:4c:65:b2:a2:69:
                    41:8b:e1:38:d4:cf:3a:51:0c:30:9a:91:c3:d4:61:
                    37:b1:64:95:54:4b:92:9c:16:bb:28:06:9f:2d:2f:
                    c8:ac:ab:14:e0:02:40:b2:0d:b9:e8:51:be:1e:4d:
                    73:0d:49:74:3c:30:16:18:12:16:ef:b7:5c:6c:06:
                    09:4e:28:ba:f0:48:61:b7:3c:0c:71:0b:32:31:83:
                    aa:69:63:93:0a:c5:1f:a9:99:3d:cf:7e:aa:09:84:
                    1a:27:37:8d:92:06:7b:13:e0:7d:05:5d:c2:0e:e2:
                    6e:b3:dd:81:3c:ec:70:21:b0:58:90:0d:10:31:cd:
                    dd:66:e4:33:cd:99:e1:21:95:81:1d:48:2d:05:e9:
                    80:d0:6e:7a:5e:89:15:8c:00:48:4a:aa:81:10:50:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:10:D7:A8:7F:34:21:85:03:66:BC:9D:08:F3:B5:0B:88:5B:F9:9C
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NRDXqH80IYUDZrydCPO1C4hb-Zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:42:d8:fe:4d:60:39:49:cb:cf:a2:5c:87:b8:e3:ce:7a:21:
         43:7d:e4:a5:92:11:3d:35:da:16:1f:13:f4:79:24:fa:cf:23:
         a0:b7:5d:97:ae:2c:95:56:d4:e8:83:f6:1b:04:fd:f3:e1:87:
         59:e2:bc:95:3d:f7:59:6d:e2:16:ed:59:fd:e3:db:95:28:01:
         7e:3b:13:dd:07:ec:2c:59:0c:6e:9d:84:21:19:2f:5a:d3:b5:
         cc:ed:b7:08:d0:c3:01:27:f8:7a:40:b9:7a:87:fa:55:ca:b1:
         5c:2f:94:e5:16:36:bb:62:aa:aa:22:d2:cf:95:fa:1a:e9:3f:
         b4:e9:1c:82:3a:92:76:70:26:9c:5f:ff:9a:43:3d:d2:cd:10:
         d8:65:ee:a4:58:a7:d2:82:97:55:3d:41:3c:de:7a:39:90:0f:
         94:f3:80:1b:2d:4d:ba:ab:92:8c:7f:5a:36:f6:4a:98:39:5f:
         69:e1:9e:3b:b5:c8:d1:8b:ed:f1:57:91:b4:b4:c3:87:34:63:
         0a:4a:58:3a:87:c9:30:ee:29:39:bd:d6:3b:8c:01:66:ee:c5:
         0c:20:7a:2b:00:de:bc:6e:f1:97:7c:22:f2:ce:84:a0:00:0e:
         ac:a9:8b:2b:0b:53:4a:1b:6b:63:e6:50:53:1f:fd:b6:0b:47:
         96:ac:03:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3XhZd7f++ywwgyKbYibxiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDI5MDQzNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTEwZDdhODdmMzQyMTg1MDM2NmJjOWQwOGYzYjUwYjg4NWJmOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRIHiV7QysRtZF47uksW4l43VJtI
A+frgBS0Qinw+r2GuF3e+Ilp+ZPTmNrrlq+IWHmt9pf+DdkZSXaA+/myh4Lsvb+W
KKQfIWgnoeBHKub19gk9i0aIBj+sZIdOx1GJlz0fTGWyomlBi+E41M86UQwwmpHD
1GE3sWSVVEuSnBa7KAafLS/IrKsU4AJAsg256FG+Hk1zDUl0PDAWGBIW77dcbAYJ
Tii68EhhtzwMcQsyMYOqaWOTCsUfqZk9z36qCYQaJzeNkgZ7E+B9BV3CDuJus92B
POxwIbBYkA0QMc3dZuQzzZnhIZWBHUgtBemA0G56XokVjABISqqBEFDY9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUQ16h/NCGFA2a8nQjztQuIW/mcMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTlJEWHFIODBJWVVEWnJ5ZENQTzFDNGhiLVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWX2EMA0G
CSqGSIb3DQEBCwUAA4IBAQBmQtj+TWA5ScvPolyHuOPOeiFDfeSlkhE9NdoWHxP0
eST6zyOgt12XriyVVtTog/YbBP3z4YdZ4ryVPfdZbeIW7Vn949uVKAF+OxPdB+ws
WQxunYQhGS9a07XM7bcI0MMBJ/h6QLl6h/pVyrFcL5TlFja7YqqqItLPlfoa6T+0
6RyCOpJ2cCacX/+aQz3SzRDYZe6kWKfSgpdVPUE83no5kA+U84AbLU26q5KMf1o2
9kqYOV9p4Z47tcjRi+3xV5G0tMOHNGMKSlg6h8kw7ik5vdY7jAFm7sUMIHorAN68
bvGXfCLyzoSgAA6sqYsrC1NKG2tj5lBTH/22C0eWrAPK
-----END CERTIFICATE-----