Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1beQ36qNRtMTExTSfMRtzOGjrs0.roa
File:                     1beQ36qNRtMTExTSfMRtzOGjrs0.roa (raw, json)
Hash identifier:          OozwR+NRyahnNsVZWNZj5EbSHsmn6r8eXDXWPGex9og=
Subject key identifier:   D5:B7:90:DF:AA:8D:46:D3:13:13:14:D2:7C:C4:6D:CC:E1:A3:AE:CD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E07A77E951AB62E6C1B5731B725FFE671
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1beQ36qNRtMTExTSfMRtzOGjrs0.roa
Signing time:             Fri 08 May 2026 12:54:37 +0000
ROA not before:           Fri 08 May 2026 12:54:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199030
IP address blocks:        81.168.116.0/24 maxlen: 24
                          82.152.9.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:a7:7e:95:1a:b6:2e:6c:1b:57:31:b7:25:ff:e6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 12:54:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5b790dfaa8d46d3131314d27cc46dcce1a3aecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9e:48:23:ae:2f:84:20:ea:41:00:9e:d3:34:
                    1a:41:92:22:7c:1f:dd:e7:7e:19:1c:bc:66:ce:47:
                    fa:da:90:d8:bf:ec:3c:96:a6:36:e5:43:f5:a6:bc:
                    0b:77:ae:8c:c0:33:4c:bf:27:ad:c5:ea:79:a1:7c:
                    a8:ad:f1:b4:48:31:43:48:0b:c1:f9:b7:7e:b6:c5:
                    62:e7:35:3d:52:88:78:90:2e:08:df:17:c7:09:4e:
                    bd:c5:5b:63:05:32:81:72:8c:71:aa:66:18:3f:7a:
                    02:97:9f:76:f8:a8:db:fc:98:64:5b:ae:79:72:83:
                    d4:8f:08:ef:7e:fb:0d:03:82:68:27:1c:77:f3:88:
                    8d:2d:b7:b2:c5:1c:55:0f:ce:ca:0b:a9:8b:93:a9:
                    99:05:60:c8:4b:ad:dc:e3:01:7d:47:06:41:8a:35:
                    96:1d:fa:a6:7e:2b:22:21:fe:fe:47:f2:87:1a:3a:
                    c1:e3:d3:84:16:f1:2b:18:4a:56:38:2a:88:b4:a5:
                    cc:2a:57:b4:85:96:2d:c3:1b:03:ce:9d:fe:e4:d6:
                    5e:e7:bc:79:30:86:2b:3d:eb:c6:f8:54:5d:de:26:
                    04:98:74:74:2e:9d:36:21:5e:70:20:9e:2e:17:a0:
                    52:4b:40:cc:0d:0a:9b:87:f9:2d:ff:93:d3:66:bc:
                    51:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B7:90:DF:AA:8D:46:D3:13:13:14:D2:7C:C4:6D:CC:E1:A3:AE:CD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1beQ36qNRtMTExTSfMRtzOGjrs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  82.152.9.0/24
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:44:85:44:30:0c:b2:be:82:0c:85:9f:20:98:4d:3e:1d:22:
         09:ca:12:b3:ca:51:2e:56:86:ef:a3:6e:f0:4b:e8:63:42:f0:
         1a:fe:4c:56:14:ca:3f:c4:fc:2c:b8:a2:4f:f6:6e:93:2c:de:
         48:22:e5:eb:57:c6:39:6f:64:16:b0:c2:9a:76:39:be:cb:f1:
         21:7c:e1:21:0a:67:93:68:ef:a4:ea:de:be:cf:0f:bd:37:3c:
         01:b2:e9:3e:6d:d3:d2:d3:ec:2f:41:20:15:89:d1:4e:c8:5b:
         8c:7e:9d:aa:d5:a3:c2:4c:9b:94:b3:5c:a4:a6:ab:aa:0a:e7:
         19:32:45:b7:60:9b:c7:88:2e:e9:49:61:ad:58:9a:03:24:2a:
         ac:7a:8d:08:3f:d2:f1:76:89:0c:33:f8:23:a6:76:c5:b1:d6:
         b2:24:de:4f:93:91:b9:ab:d0:9b:75:fe:4a:7b:a7:3f:6d:59:
         82:ba:5a:78:e8:b0:0f:66:c1:d9:d7:40:70:da:b6:ca:c6:db:
         fa:7e:5c:28:0c:92:98:d0:c4:fc:ab:1c:66:40:2a:05:a1:ee:
         1b:71:99:ff:d5:2e:e1:97:9a:f1:da:ac:e3:b5:7d:df:28:7f:
         7f:ec:c6:d2:dd:3c:11:99:6a:69:f7:a8:85:0c:75:77:98:4f:
         c0:01:b4:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4Hp36VGrYubBtXMbcl/+ZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA4MTI1NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWI3OTBkZmFhOGQ0NmQzMTMxMzE0ZDI3Y2M0NmRjY2UxYTNhZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ5II64vhCDqQQCe0zQaQZIifB/d
534ZHLxmzkf62pDYv+w8lqY25UP1prwLd66MwDNMvyetxep5oXyorfG0SDFDSAvB
+bd+tsVi5zU9Uoh4kC4I3xfHCU69xVtjBTKBcoxxqmYYP3oCl592+Kjb/JhkW655
coPUjwjvfvsNA4JoJxx384iNLbeyxRxVD87KC6mLk6mZBWDIS63c4wF9RwZBijWW
HfqmfisiIf7+R/KHGjrB49OEFvErGEpWOCqItKXMKle0hZYtwxsDzp3+5NZe57x5
MIYrPevG+FRd3iYEmHR0Lp02IV5wIJ4uF6BSS0DMDQqbh/kt/5PTZrxRqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNW3kN+qjUbTExMU0nzEbczho67NMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMWJlUTM2cU5SdE1URXhUU2ZNUnR6T0dqcnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUah0AwQA
UpgJAwQAUpnzMA0GCSqGSIb3DQEBCwUAA4IBAQBSRIVEMAyyvoIMhZ8gmE0+HSIJ
yhKzylEuVobvo27wS+hjQvAa/kxWFMo/xPwsuKJP9m6TLN5IIuXrV8Y5b2QWsMKa
djm+y/EhfOEhCmeTaO+k6t6+zw+9NzwBsuk+bdPS0+wvQSAVidFOyFuMfp2q1aPC
TJuUs1ykpquqCucZMkW3YJvHiC7pSWGtWJoDJCqseo0IP9LxdokMM/gjpnbFsday
JN5Pk5G5q9Cbdf5Ke6c/bVmCulp46LAPZsHZ10Bw2rbKxtv6flwoDJKY0MT8qxxm
QCoFoe4bcZn/1S7hl5rx2qzjtX3fKH9/7MbS3TwRmWpp96iFDHV3mE/AAbTt
-----END CERTIFICATE-----