Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TucmjR6KAjIKyK_aKeiiedsrlt8.roa
File:                     TucmjR6KAjIKyK_aKeiiedsrlt8.roa (raw, json)
Hash identifier:          cRG/uketM//yVd5CYtPZv+VWtALpRgPg2D8ikm4CZUc=
Subject key identifier:   4E:E7:26:8D:1E:8A:02:32:0A:C8:AF:DA:29:E8:A2:79:DB:2B:96:DF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DDDAA7A4EB7AEC75F0E08A0FEAEEA43E1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TucmjR6KAjIKyK_aKeiiedsrlt8.roa
Signing time:             Thu 30 Apr 2026 09:13:50 +0000
ROA not before:           Thu 30 Apr 2026 09:13:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        212.38.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:aa:7a:4e:b7:ae:c7:5f:0e:08:a0:fe:ae:ea:43:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 30 09:13:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ee7268d1e8a02320ac8afda29e8a279db2b96df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ec:b5:19:29:bd:5c:bd:37:df:af:07:6e:52:
                    34:b8:e8:9b:b0:4d:9f:8b:59:b9:e5:b0:e6:09:5c:
                    88:85:28:24:09:91:c0:b9:d9:a2:0c:55:f5:12:92:
                    63:29:cc:be:42:6f:e1:f9:f2:05:e4:2d:14:1b:c4:
                    d3:0b:82:88:32:01:9b:b7:72:d6:92:28:cb:83:c3:
                    d0:0d:1d:74:13:d4:2b:3b:96:26:d7:87:4d:56:4f:
                    dd:44:f3:b7:3f:25:1f:46:89:ac:2a:d5:62:54:a8:
                    1b:7a:6c:94:57:c5:95:a5:0a:5d:98:b5:b9:7c:18:
                    1f:41:6a:e5:0b:7e:00:ea:00:a1:7c:03:15:a1:da:
                    e0:1d:f4:f7:fd:82:f4:3a:fb:50:ec:63:30:c1:9d:
                    cb:f1:76:66:50:57:97:fa:34:2a:e7:c3:e6:cd:a4:
                    3a:6c:3b:6d:a5:48:29:7c:91:70:de:cb:39:8a:a5:
                    cd:a9:02:b0:7a:54:8e:ec:8d:49:0e:df:50:72:da:
                    85:79:d7:18:06:ed:87:3e:e5:fe:2d:54:e9:48:ab:
                    4a:54:a2:74:9a:a9:d0:18:79:43:3d:57:35:70:4c:
                    71:47:69:02:62:07:a7:c4:95:22:f4:c5:19:04:83:
                    96:07:ec:b6:e4:a3:cd:42:1c:74:d3:4c:a1:33:60:
                    2a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E7:26:8D:1E:8A:02:32:0A:C8:AF:DA:29:E8:A2:79:DB:2B:96:DF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TucmjR6KAjIKyK_aKeiiedsrlt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:cc:30:7c:00:fd:23:9e:12:08:ac:74:d4:5c:a7:18:c6:e1:
         6f:7c:a1:90:21:80:da:d5:ce:88:2d:c1:85:6a:e0:8f:29:af:
         7f:ba:5a:03:d8:74:c4:f3:d7:57:2e:2b:8f:4f:7e:78:c0:bf:
         a3:2b:7b:2e:bd:c8:e3:36:be:1c:33:a7:cf:a6:80:cd:8e:8b:
         93:13:68:c7:a9:0a:b9:e9:4f:db:c2:7f:a6:bb:16:82:66:be:
         dd:52:c2:a3:d2:f9:f9:6c:38:94:ee:ba:7a:01:8d:40:c9:9b:
         5d:ea:0a:62:be:85:77:40:24:41:db:41:2a:a1:82:a1:3e:7d:
         3e:8c:6b:35:32:ac:3d:3e:00:c1:90:59:37:36:65:f7:88:a8:
         fe:98:78:0a:9b:3f:d1:fa:3e:c2:34:c9:68:89:2c:47:57:5f:
         c3:78:6d:9b:2a:f8:6a:01:3b:05:73:ab:db:05:63:9c:2e:ae:
         70:ab:44:a7:2a:f0:e2:03:37:69:e3:6c:73:b3:ee:ca:c3:ec:
         fb:41:57:24:23:4e:60:fd:da:dc:e3:42:b6:50:c6:68:29:11:
         e5:1f:b7:61:07:df:88:66:71:5f:69:f1:ed:e8:40:f6:4c:b2:
         ea:00:9f:fc:28:bd:56:6d:ba:5d:1e:1d:a7:da:33:b0:fd:d0:
         3b:d6:ef:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3dqnpOt67HXw4IoP6u6kPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDMwMDkxMzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWU3MjY4ZDFlOGEwMjMyMGFjOGFmZGEyOWU4YTI3OWRiMmI5NmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOy1GSm9XL03368HblI0uOibsE2f
i1m55bDmCVyIhSgkCZHAudmiDFX1EpJjKcy+Qm/h+fIF5C0UG8TTC4KIMgGbt3LW
kijLg8PQDR10E9QrO5Ym14dNVk/dRPO3PyUfRomsKtViVKgbemyUV8WVpQpdmLW5
fBgfQWrlC34A6gChfAMVodrgHfT3/YL0OvtQ7GMwwZ3L8XZmUFeX+jQq58PmzaQ6
bDttpUgpfJFw3ss5iqXNqQKwelSO7I1JDt9QctqFedcYBu2HPuX+LVTpSKtKVKJ0
mqnQGHlDPVc1cExxR2kCYgenxJUi9MUZBIOWB+y25KPNQhx000yhM2AqQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7nJo0eigIyCsiv2inoonnbK5bfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVHVjbWpSNktBaklLeUtfYUtlaWllZHNybHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZPMA0G
CSqGSIb3DQEBCwUAA4IBAQCFzDB8AP0jnhIIrHTUXKcYxuFvfKGQIYDa1c6ILcGF
auCPKa9/uloD2HTE89dXLiuPT354wL+jK3suvcjjNr4cM6fPpoDNjouTE2jHqQq5
6U/bwn+muxaCZr7dUsKj0vn5bDiU7rp6AY1AyZtd6gpivoV3QCRB20EqoYKhPn0+
jGs1Mqw9PgDBkFk3NmX3iKj+mHgKmz/R+j7CNMloiSxHV1/DeG2bKvhqATsFc6vb
BWOcLq5wq0SnKvDiAzdp42xzs+7Kw+z7QVckI05g/drc40K2UMZoKRHlH7dhB9+I
ZnFfafHt6ED2TLLqAJ/8KL1WbbpdHh2n2jOw/dA71u8Q
-----END CERTIFICATE-----