Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K3L5_lGMZwJeyT9Kz7LdYZNJz0s.roa
File:                     K3L5_lGMZwJeyT9Kz7LdYZNJz0s.roa (raw, json)
Hash identifier:          rajqFvcDi773EKhH5DdMuKogElJjFCrGQOWXSR1dQlE=
Subject key identifier:   2B:72:F9:FE:51:8C:67:02:5E:C9:3F:4A:CF:B2:DD:61:93:49:CF:4B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DF762F66B05423576DF0B8E0AEE66215C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K3L5_lGMZwJeyT9Kz7LdYZNJz0s.roa
Signing time:             Tue 05 May 2026 09:05:51 +0000
ROA not before:           Tue 05 May 2026 09:05:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214720
IP address blocks:        89.213.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:62:f6:6b:05:42:35:76:df:0b:8e:0a:ee:66:21:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  5 09:05:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b72f9fe518c67025ec93f4acfb2dd619349cf4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2f:df:96:6f:a4:fb:01:aa:1e:4f:e9:29:a7:
                    b0:ff:e9:f8:af:4d:e9:41:fe:7a:f2:20:95:f0:9a:
                    97:fc:8a:2a:e6:54:d4:cc:22:ce:4c:71:b1:18:3a:
                    4c:f8:9a:f3:f5:90:e8:e2:2f:89:b7:93:c3:41:ef:
                    03:74:79:77:47:61:40:a2:f6:74:e3:47:ac:cd:b4:
                    c6:2b:b8:f8:99:df:9e:89:5e:ae:a7:ea:61:99:33:
                    21:d0:ae:77:6c:15:98:2e:4b:42:b2:26:81:29:b0:
                    30:c9:0e:c3:6a:6a:75:14:6f:6c:d8:eb:d3:ee:64:
                    83:22:d1:80:79:f3:7e:16:26:c3:de:96:2e:5d:2a:
                    8d:71:bf:c8:e2:be:83:bb:67:cb:a0:70:02:d0:99:
                    3f:c3:37:37:a6:21:4a:fc:c6:ff:e5:4e:a9:b3:8f:
                    af:82:55:d0:ac:5d:44:01:3e:26:07:06:6a:96:bf:
                    a1:ee:62:52:00:84:45:03:fb:dc:0d:8b:ca:6f:a8:
                    b4:2c:78:5f:15:d1:ab:9f:06:5e:05:db:fb:9f:46:
                    ce:f4:35:09:cb:a1:67:7e:1a:15:e1:6b:1c:e0:39:
                    bc:f9:87:f4:51:5d:dc:eb:5c:a6:8d:83:2e:1f:f1:
                    32:7e:c3:7c:0f:af:93:08:b6:d2:b1:55:8d:29:ea:
                    2a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:72:F9:FE:51:8C:67:02:5E:C9:3F:4A:CF:B2:DD:61:93:49:CF:4B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K3L5_lGMZwJeyT9Kz7LdYZNJz0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:76:e7:a1:d4:66:6a:6e:88:e5:03:6b:f5:6a:cd:a2:d2:fa:
         f0:e4:4d:b1:17:01:d7:6a:74:f9:b0:33:90:14:88:de:fc:0b:
         3e:39:c1:5f:27:18:ef:c5:80:e9:97:73:34:a5:f5:eb:03:76:
         4c:35:c4:1a:11:19:0b:dd:14:d6:90:fe:25:5d:52:36:81:0d:
         f0:86:4e:39:70:60:a0:6e:56:a5:ca:42:b9:f9:bd:e5:8e:0c:
         b6:be:06:74:72:9f:39:a8:02:a3:5c:7f:6f:4c:ba:53:8b:79:
         10:c5:4f:4c:38:f7:75:c0:14:19:39:a4:cf:3d:81:19:e1:35:
         ab:02:64:23:28:be:81:6a:46:03:0f:6b:62:de:3d:8c:0c:4e:
         96:f9:20:35:20:18:ae:59:9f:69:75:c1:1f:07:d1:08:09:63:
         10:93:20:ad:32:e2:04:da:c4:2e:15:01:69:40:18:a2:b7:ff:
         37:dd:8e:85:c0:9b:59:59:44:9a:f1:0c:98:c9:09:0c:5c:60:
         56:f2:a6:02:27:31:91:69:46:f5:be:f9:bd:8d:68:aa:6b:f5:
         22:c7:0b:c6:43:8d:1f:84:06:a0:a3:d8:80:b4:dd:16:ba:9e:
         a8:8a:00:16:84:6e:6c:c4:cb:d7:59:1c:ee:66:9f:d6:91:d1:
         3a:70:78:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ33YvZrBUI1dt8LjgruZiFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA1MDkwNTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjcyZjlmZTUxOGM2NzAyNWVjOTNmNGFjZmIyZGQ2MTkzNDljZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS/flm+k+wGqHk/pKaew/+n4r03p
Qf568iCV8JqX/Ioq5lTUzCLOTHGxGDpM+Jrz9ZDo4i+Jt5PDQe8DdHl3R2FAovZ0
40eszbTGK7j4md+eiV6up+phmTMh0K53bBWYLktCsiaBKbAwyQ7Damp1FG9s2OvT
7mSDItGAefN+FibD3pYuXSqNcb/I4r6Du2fLoHAC0Jk/wzc3piFK/Mb/5U6ps4+v
glXQrF1EAT4mBwZqlr+h7mJSAIRFA/vcDYvKb6i0LHhfFdGrnwZeBdv7n0bO9DUJ
y6FnfhoV4Wsc4Dm8+Yf0UV3c61ymjYMuH/EyfsN8D6+TCLbSsVWNKeoqnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCty+f5RjGcCXsk/Ss+y3WGTSc9LMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSzNMNV9sR01ad0pleVQ5S3o3TGRZWk5KejBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCqdueh1GZqbojlA2v1as2i0vrw5E2xFwHXanT5sDOQ
FIje/As+OcFfJxjvxYDpl3M0pfXrA3ZMNcQaERkL3RTWkP4lXVI2gQ3whk45cGCg
blalykK5+b3ljgy2vgZ0cp85qAKjXH9vTLpTi3kQxU9MOPd1wBQZOaTPPYEZ4TWr
AmQjKL6BakYDD2ti3j2MDE6W+SA1IBiuWZ9pdcEfB9EICWMQkyCtMuIE2sQuFQFp
QBiit/833Y6FwJtZWUSa8QyYyQkMXGBW8qYCJzGRaUb1vvm9jWiqa/UixwvGQ40f
hAago9iAtN0Wup6oigAWhG5sxMvXWRzuZp/WkdE6cHgY
-----END CERTIFICATE-----