Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cG4Ds7lrSkIr0n0c0ycL1nutlfQ.roa
File:                     cG4Ds7lrSkIr0n0c0ycL1nutlfQ.roa (raw, json)
Hash identifier:          RY5IQvZ1hPMOR9g/58zQaJf0rmbum5OiVOBukQSh6Pw=
Subject key identifier:   70:6E:03:B3:B9:6B:4A:42:2B:D2:7D:1C:D3:27:0B:D6:7B:AD:95:F4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DCE29526AD2E17AC413B441106DE3776F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cG4Ds7lrSkIr0n0c0ycL1nutlfQ.roa
Signing time:             Mon 27 Apr 2026 08:58:27 +0000
ROA not before:           Mon 27 Apr 2026 08:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61112
IP address blocks:        82.152.90.0/23 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:29:52:6a:d2:e1:7a:c4:13:b4:41:10:6d:e3:77:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 27 08:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=706e03b3b96b4a422bd27d1cd3270bd67bad95f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e1:a2:bc:0b:5d:3e:bf:33:85:9e:8e:33:f3:
                    dd:2d:c2:29:ea:1c:46:d6:27:79:87:84:20:6a:0d:
                    7f:3e:a1:70:b9:d4:0a:9a:21:25:94:e1:04:68:c4:
                    46:ec:df:e0:b5:f4:b7:d9:11:82:b7:48:42:cc:4f:
                    dd:87:e1:5b:aa:8e:aa:ed:a2:8b:19:31:b9:bf:09:
                    57:bc:18:69:83:66:0c:9c:c7:a6:21:4c:71:ac:ca:
                    ac:6c:73:4b:1f:15:d9:b4:8a:4e:a0:f1:55:1b:cb:
                    cc:e0:fb:e3:d9:17:e8:21:b5:a6:00:de:a3:93:d5:
                    e0:9c:97:09:af:db:f3:c5:ce:46:96:0f:db:3b:f0:
                    2a:e5:5f:85:f4:9d:b7:ed:e0:d9:95:c3:dc:89:94:
                    be:2a:20:f4:a7:d1:47:ee:78:94:3a:be:95:43:f5:
                    d5:5f:51:b7:3f:bf:c4:82:cc:b3:2b:31:42:38:99:
                    d4:d9:30:9e:79:d9:2e:aa:de:16:cb:1b:19:9e:4e:
                    98:3c:d6:16:5a:de:95:3d:68:96:34:a1:8f:f5:22:
                    90:8b:ff:41:ef:e1:88:f5:a2:7c:24:62:11:06:3a:
                    ff:2d:93:47:1e:d2:0f:ef:dd:a4:66:1e:93:ba:c7:
                    82:bf:8b:e6:8c:12:49:f1:25:0a:1d:d6:67:f6:0b:
                    24:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6E:03:B3:B9:6B:4A:42:2B:D2:7D:1C:D3:27:0B:D6:7B:AD:95:F4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cG4Ds7lrSkIr0n0c0ycL1nutlfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.90.0/23
                  82.153.65.0/24
                  82.153.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:6b:b8:47:66:04:cd:6e:e1:35:76:6c:aa:3c:1b:62:a6:91:
         eb:d5:75:97:21:a6:76:3d:93:5f:f5:25:fb:fb:18:79:2b:f9:
         0e:48:d7:e0:da:f5:ac:80:c2:99:2f:e6:32:d0:62:f0:87:19:
         58:79:d6:36:c1:1e:4b:ac:01:e8:d8:b0:db:21:79:a3:7d:8b:
         86:2c:99:60:51:e5:4f:5f:a5:c3:17:e5:bb:9a:40:fc:b5:02:
         bd:1e:3a:ae:89:9c:e4:fa:4f:1e:b1:6c:86:92:18:38:f8:5b:
         7d:24:46:83:93:e6:f5:a8:89:ac:d6:28:eb:b5:71:71:60:cb:
         cc:89:c8:48:58:66:57:04:b9:2a:8e:09:69:ab:73:f0:a4:0f:
         a3:e2:ca:75:c7:dc:b4:ce:75:6c:d8:30:4a:3b:cb:bc:fa:fb:
         aa:f4:d5:34:44:d5:48:28:81:18:e6:9f:37:94:5a:00:32:15:
         63:2f:20:cd:7b:6e:78:48:bc:d1:ba:2d:d8:1b:65:12:b6:12:
         77:d3:69:4d:d7:82:e9:63:00:66:12:98:8b:24:97:2a:a0:14:
         53:03:fe:07:74:bd:f9:43:d2:a2:5a:0c:d1:a6:34:4c:0e:3f:
         8b:b9:df:1c:47:78:86:8e:8f:08:03:48:b2:2a:74:d9:75:9f:
         93:18:aa:56
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3OKVJq0uF6xBO0QRBt43dvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDI3MDg1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDZlMDNiM2I5NmI0YTQyMmJkMjdkMWNkMzI3MGJkNjdiYWQ5NWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOGivAtdPr8zhZ6OM/PdLcIp6hxG
1id5h4Qgag1/PqFwudQKmiEllOEEaMRG7N/gtfS32RGCt0hCzE/dh+Fbqo6q7aKL
GTG5vwlXvBhpg2YMnMemIUxxrMqsbHNLHxXZtIpOoPFVG8vM4Pvj2RfoIbWmAN6j
k9XgnJcJr9vzxc5Glg/bO/Aq5V+F9J237eDZlcPciZS+KiD0p9FH7niUOr6VQ/XV
X1G3P7/EgsyzKzFCOJnU2TCeedkuqt4WyxsZnk6YPNYWWt6VPWiWNKGP9SKQi/9B
7+GI9aJ8JGIRBjr/LZNHHtIP792kZh6TuseCv4vmjBJJ8SUKHdZn9gsk1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHBuA7O5a0pCK9J9HNMnC9Z7rZX0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0c0RHM3bHJTa0lyMG4wYzB5Y0wxbnV0bGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUphaAwQA
UplBAwQAUpmHMA0GCSqGSIb3DQEBCwUAA4IBAQAda7hHZgTNbuE1dmyqPBtippHr
1XWXIaZ2PZNf9SX7+xh5K/kOSNfg2vWsgMKZL+Yy0GLwhxlYedY2wR5LrAHo2LDb
IXmjfYuGLJlgUeVPX6XDF+W7mkD8tQK9HjquiZzk+k8esWyGkhg4+Ft9JEaDk+b1
qIms1ijrtXFxYMvMichIWGZXBLkqjglpq3PwpA+j4sp1x9y0znVs2DBKO8u8+vuq
9NU0RNVIKIEY5p83lFoAMhVjLyDNe254SLzRui3YG2USthJ302lN14LpYwBmEpiL
JJcqoBRTA/4HdL35Q9KiWgzRpjRMDj+Lud8cR3iGjo8IA0iyKnTZdZ+TGKpW
-----END CERTIFICATE-----