Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PVRdjGdP2M8YI8iWcsF76VmnHqE.roa
File:                     PVRdjGdP2M8YI8iWcsF76VmnHqE.roa (raw, json)
Hash identifier:          i/zQVaVKj4FMohuFS3sq6kJbXGofRHJB1TuqMfCSnMA=
Subject key identifier:   3D:54:5D:8C:67:4F:D8:CF:18:23:C8:96:72:C1:7B:E9:59:A7:1E:A1
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E1CBD6DCD8E4AD9A88354730A02B8257A
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PVRdjGdP2M8YI8iWcsF76VmnHqE.roa
Signing time:             Tue 12 May 2026 15:10:36 +0000
ROA not before:           Tue 12 May 2026 15:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269800
IP address blocks:        94.131.218.0/24 maxlen: 24
                          185.121.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:bd:6d:cd:8e:4a:d9:a8:83:54:73:0a:02:b8:25:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: May 12 15:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d545d8c674fd8cf1823c89672c17be959a71ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:89:e5:64:0d:0c:96:24:89:15:87:6a:a0:8d:
                    13:c2:23:ad:b6:90:ca:7b:52:9f:90:0c:c6:64:bc:
                    05:12:f0:1b:05:04:97:31:59:ad:15:4a:e5:3d:b0:
                    11:92:f5:f8:bf:9c:88:67:4c:fd:bf:49:62:fa:ec:
                    ab:0b:f5:f1:c9:69:ce:8b:c8:09:4a:08:7e:cb:ef:
                    57:27:77:14:b5:43:de:78:ec:a2:07:d0:f5:e9:0f:
                    3b:6f:98:d2:41:43:92:09:e3:f5:96:54:7e:1f:6f:
                    85:64:24:37:82:87:ef:83:2f:b5:2f:40:43:3f:25:
                    42:39:a3:1f:f6:81:8e:58:56:77:3b:c4:d8:10:c0:
                    94:29:71:56:19:51:13:3c:36:6c:25:e4:3a:ae:f9:
                    91:7e:3f:d1:1d:a3:b2:c7:14:10:c0:0e:62:ab:83:
                    45:0d:22:8a:1e:f8:40:c9:97:17:ba:a6:4f:a3:b9:
                    ea:6b:c4:f0:2f:3a:b5:40:75:8b:dd:22:cf:fd:83:
                    b3:7b:59:7c:2f:3f:12:e7:b6:45:85:38:26:fa:f9:
                    69:2c:5d:a1:68:f6:fa:c9:73:41:bc:65:d2:d0:2d:
                    30:8d:90:64:d1:8e:c5:13:00:f4:7a:79:45:25:73:
                    fa:ef:34:11:5f:9d:09:6b:8d:09:9a:76:f1:ef:95:
                    cc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:54:5D:8C:67:4F:D8:CF:18:23:C8:96:72:C1:7B:E9:59:A7:1E:A1
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PVRdjGdP2M8YI8iWcsF76VmnHqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.218.0/24
                  185.121.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:e4:46:59:8a:81:03:b1:6b:b0:a0:12:c8:1c:dd:c4:af:28:
         28:d6:e7:2b:70:3c:c6:c6:70:2a:2e:62:71:2b:49:b8:92:6b:
         e9:cf:96:c8:2b:dd:3e:d3:1a:83:ac:9e:a4:96:34:b6:45:03:
         bd:ca:89:c5:ab:00:f8:c2:59:17:31:b5:a3:85:eb:b7:43:90:
         b8:28:75:d7:30:bf:1f:44:60:bf:e8:99:c7:bc:0c:10:2b:bd:
         6a:98:22:97:e9:e6:a4:b2:ea:5c:05:71:97:10:17:8a:8e:a5:
         0e:ed:e5:d0:30:5a:c6:92:70:96:fe:a6:f1:80:94:a3:b4:f0:
         e8:23:c8:27:3a:f8:65:5d:6d:c0:02:06:83:65:d3:f9:12:4c:
         f5:3e:c9:e7:1b:a9:ed:69:3a:41:3d:3d:4b:33:94:fa:15:36:
         32:e4:0a:25:6c:24:fd:6a:a7:74:93:bf:9c:ef:c5:97:d3:dd:
         11:28:4a:0c:6b:16:60:35:03:1b:56:fc:70:06:ba:31:98:ba:
         eb:b7:4f:cc:12:e5:a1:38:00:63:ef:44:cf:88:a5:e0:34:18:
         ae:80:b2:72:90:c6:fb:83:38:d6:a4:01:dd:36:a1:a5:3a:4c:
         15:0d:39:50:83:08:35:1a:71:6d:ae:25:03:f5:b9:1e:4e:d1:
         18:0e:6b:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4cvW3NjkrZqINUcwoCuCV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNTEyMTUxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDU0NWQ4YzY3NGZkOGNmMTgyM2M4OTY3MmMxN2JlOTU5YTcxZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqonlZA0MliSJFYdqoI0TwiOttpDK
e1KfkAzGZLwFEvAbBQSXMVmtFUrlPbARkvX4v5yIZ0z9v0li+uyrC/XxyWnOi8gJ
Sgh+y+9XJ3cUtUPeeOyiB9D16Q87b5jSQUOSCeP1llR+H2+FZCQ3gofvgy+1L0BD
PyVCOaMf9oGOWFZ3O8TYEMCUKXFWGVETPDZsJeQ6rvmRfj/RHaOyxxQQwA5iq4NF
DSKKHvhAyZcXuqZPo7nqa8TwLzq1QHWL3SLP/YOze1l8Lz8S57ZFhTgm+vlpLF2h
aPb6yXNBvGXS0C0wjZBk0Y7FEwD0enlFJXP67zQRX50Ja40Jmnbx75XMKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD1UXYxnT9jPGCPIlnLBe+lZpx6hMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvUFZSZGpHZFAyTThZSThpV2NzRjc2Vm1uSHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXoPaAwQA
uXlsMA0GCSqGSIb3DQEBCwUAA4IBAQCh5EZZioEDsWuwoBLIHN3Erygo1ucrcDzG
xnAqLmJxK0m4kmvpz5bIK90+0xqDrJ6kljS2RQO9yonFqwD4wlkXMbWjheu3Q5C4
KHXXML8fRGC/6JnHvAwQK71qmCKX6eaksupcBXGXEBeKjqUO7eXQMFrGknCW/qbx
gJSjtPDoI8gnOvhlXW3AAgaDZdP5Ekz1PsnnG6ntaTpBPT1LM5T6FTYy5AolbCT9
aqd0k7+c78WX090RKEoMaxZgNQMbVvxwBroxmLrrt0/MEuWhOABj70TPiKXgNBiu
gLJykMb7gzjWpAHdNqGlOkwVDTlQgwg1GnFtriUD9bkeTtEYDmst
-----END CERTIFICATE-----