Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/seCjwUfGeZdQIEL762INXIQGvuo.roa
File:                     seCjwUfGeZdQIEL762INXIQGvuo.roa (raw, json)
Hash identifier:          K/UAMD30hNnbAtpW3PPYRC2bTFBict6use4t0t2OfjY=
Subject key identifier:   B1:E0:A3:C1:47:C6:79:97:50:20:42:FB:EB:62:0D:5C:84:06:BE:EA
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019E05B1C690B56E78AD8C77F68988A17B2D
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/seCjwUfGeZdQIEL762INXIQGvuo.roa
Signing time:             Fri 08 May 2026 03:46:37 +0000
ROA not before:           Fri 08 May 2026 03:46:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198383
IP address blocks:        82.163.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:05:b1:c6:90:b5:6e:78:ad:8c:77:f6:89:88:a1:7b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May  8 03:46:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1e0a3c147c67997502042fbeb620d5c8406beea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:28:1d:4c:47:28:7a:1f:af:4f:c9:ba:12:1b:
                    86:df:25:7c:14:a6:8c:a3:b6:fa:74:64:99:6e:4b:
                    66:cd:78:75:d0:e8:a7:e0:94:94:81:ec:52:2b:bf:
                    a1:d0:4a:6b:9c:59:7f:7d:d6:e9:41:c6:10:e6:b9:
                    24:48:e6:9f:6d:56:75:8b:84:6c:26:49:e9:e9:33:
                    e3:25:5d:cd:18:6b:92:b7:59:0a:8d:88:aa:5e:ae:
                    10:aa:e5:3d:3e:10:b9:bc:cd:ab:2b:48:ce:72:f2:
                    a6:c3:6a:83:22:39:6a:75:39:c6:f5:1e:f6:65:18:
                    af:9e:bb:17:5c:9d:a5:ab:3a:2e:98:d1:26:d4:2b:
                    ce:18:5d:c7:87:a5:ae:7f:ea:ac:a2:36:65:fb:c0:
                    4b:dc:7b:c6:02:4d:15:c9:8d:24:61:64:a7:e9:57:
                    59:ff:55:82:44:27:a4:c6:3c:87:6c:8c:10:84:70:
                    82:da:34:40:1b:55:c4:7d:77:4c:04:16:9e:89:b3:
                    16:f0:5f:40:0c:fe:e8:fb:21:0b:f3:e8:b1:c7:5f:
                    01:70:09:4d:83:4b:98:79:90:75:fe:e4:05:64:65:
                    63:d1:2d:8a:bb:6f:76:54:8f:49:98:92:54:db:da:
                    d5:73:f1:b0:6e:be:a2:45:61:bf:8e:f6:72:52:bd:
                    93:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E0:A3:C1:47:C6:79:97:50:20:42:FB:EB:62:0D:5C:84:06:BE:EA
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/seCjwUfGeZdQIEL762INXIQGvuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:75:3c:56:35:aa:93:4f:ac:f4:87:16:09:24:82:3a:d1:e4:
         5d:f4:a6:8f:40:ba:e1:37:5d:38:a2:35:95:6c:59:1f:61:f0:
         4f:f0:d2:88:82:dc:6f:18:b3:41:64:32:cd:1f:81:82:5e:d1:
         a0:0c:97:1c:17:2d:66:cf:37:80:bb:0c:3f:79:45:80:d2:da:
         20:c6:01:be:4d:d1:ce:8e:21:36:bb:52:ba:36:eb:0d:3d:fa:
         2c:fc:b8:fb:55:26:bc:ee:ee:58:d3:67:43:05:72:20:c0:da:
         07:64:3c:7a:ad:b8:70:fa:c0:7d:25:a8:f8:d9:52:14:1e:78:
         6c:be:ed:a6:9e:a3:d2:59:9e:ea:fd:44:38:28:68:63:aa:9c:
         6e:be:c2:2f:30:6a:e3:7f:70:54:8e:b0:0c:01:44:7c:7d:54:
         fc:2c:9e:f3:4d:39:94:2e:2f:a8:c2:95:97:da:b1:cf:50:0e:
         42:55:bb:3c:c3:8d:b6:5b:af:36:63:f1:dc:40:97:81:90:fe:
         45:82:a3:ac:75:0c:ae:7c:9c:5c:90:cf:10:f9:04:cb:b7:b2:
         49:8b:2b:20:23:e0:6a:17:50:ec:2e:ee:75:7b:b4:4d:ea:09:
         9a:b0:da:8a:4f:1b:ea:8b:d7:57:56:40:26:02:4e:55:0b:32:
         bb:e5:72:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4FscaQtW54rYx39omIoXstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwNTA4MDM0NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUwYTNjMTQ3YzY3OTk3NTAyMDQyZmJlYjYyMGQ1Yzg0MDZiZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxigdTEcoeh+vT8m6EhuG3yV8FKaM
o7b6dGSZbktmzXh10Oin4JSUgexSK7+h0EprnFl/fdbpQcYQ5rkkSOafbVZ1i4Rs
Jknp6TPjJV3NGGuSt1kKjYiqXq4QquU9PhC5vM2rK0jOcvKmw2qDIjlqdTnG9R72
ZRivnrsXXJ2lqzoumNEm1CvOGF3Hh6Wuf+qsojZl+8BL3HvGAk0VyY0kYWSn6VdZ
/1WCRCekxjyHbIwQhHCC2jRAG1XEfXdMBBaeibMW8F9ADP7o+yEL8+ixx18BcAlN
g0uYeZB1/uQFZGVj0S2Ku292VI9JmJJU29rVc/Gwbr6iRWG/jvZyUr2TKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHgo8FHxnmXUCBC++tiDVyEBr7qMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvc2VDandVZkdlWmRRSUVMNzYySU5YSVFHdnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqPkMA0G
CSqGSIb3DQEBCwUAA4IBAQBSdTxWNaqTT6z0hxYJJII60eRd9KaPQLrhN104ojWV
bFkfYfBP8NKIgtxvGLNBZDLNH4GCXtGgDJccFy1mzzeAuww/eUWA0togxgG+TdHO
jiE2u1K6NusNPfos/Lj7VSa87u5Y02dDBXIgwNoHZDx6rbhw+sB9Jaj42VIUHnhs
vu2mnqPSWZ7q/UQ4KGhjqpxuvsIvMGrjf3BUjrAMAUR8fVT8LJ7zTTmULi+owpWX
2rHPUA5CVbs8w422W682Y/HcQJeBkP5FgqOsdQyufJxckM8Q+QTLt7JJiysgI+Bq
F1DsLu51e7RN6gmasNqKTxvqi9dXVkAmAk5VCzK75XIi
-----END CERTIFICATE-----