Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/A3lVBLx0tfXqu8Z1p69hC72YSag.roa
File:                     A3lVBLx0tfXqu8Z1p69hC72YSag.roa (raw, json)
Hash identifier:          jjAjeAWWLQ7XK9pNf9wldiLMOA+vzwkIFXt7EDHljaY=
Subject key identifier:   03:79:55:04:BC:74:B5:F5:EA:BB:C6:75:A7:AF:61:0B:BD:98:49:A8
Certificate issuer:       /CN=31e6591d1a04d6afe1ed5f4ed01d394ae5148589
Certificate serial:       019B78A21D2A1D7611B314B6FD3B70BB488F
Authority key identifier: 31:E6:59:1D:1A:04:D6:AF:E1:ED:5F:4E:D0:1D:39:4A:E5:14:85:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/A3lVBLx0tfXqu8Z1p69hC72YSag.roa
Signing time:             Thu 01 Jan 2026 08:17:28 +0000
ROA not before:           Thu 01 Jan 2026 08:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211020
IP address blocks:        185.222.212.0/24 maxlen: 24
                          212.23.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:1d:2a:1d:76:11:b3:14:b6:fd:3b:70:bb:48:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31e6591d1a04d6afe1ed5f4ed01d394ae5148589
        Validity
            Not Before: Jan  1 08:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03795504bc74b5f5eabbc675a7af610bbd9849a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c6:23:a8:65:2f:13:7a:b8:23:7d:7b:d0:3d:
                    af:fd:d6:91:bf:54:a2:0e:22:4a:a8:7e:83:1e:a7:
                    8a:f9:0c:61:ab:cb:21:29:09:66:c6:d0:56:1e:24:
                    87:a7:20:dd:65:b2:92:05:e1:82:8a:2c:75:bf:21:
                    ca:58:2c:75:a7:9d:d3:e8:9a:3d:24:da:79:35:6b:
                    5b:61:5e:10:2a:1f:cc:47:e0:0a:65:83:89:98:cf:
                    b4:d0:70:d1:9b:8e:6a:6a:f5:ac:50:10:68:9a:18:
                    4a:92:c0:fe:53:be:b4:9f:12:70:ec:07:33:5a:9c:
                    5c:d7:7e:a4:fa:3b:70:09:bf:c2:f0:fd:d3:45:43:
                    6c:ca:0b:45:94:84:4a:06:8b:f5:4c:b9:47:10:12:
                    cb:0e:08:20:47:3e:1c:0f:2e:b0:f1:1f:ef:b9:eb:
                    1e:4b:59:ca:67:9b:e5:70:9f:de:45:44:29:3f:55:
                    73:37:ea:f2:5c:e2:17:a0:6f:e1:a3:9c:f6:50:72:
                    42:64:48:a7:80:f8:1c:70:e7:ac:33:67:a9:5a:d9:
                    ee:40:b6:d9:39:c7:4e:fb:37:5e:2b:b7:4e:a2:73:
                    09:51:9f:60:73:24:98:f5:5d:ad:13:cc:25:e3:b4:
                    c0:85:4d:9c:0f:20:3e:67:6b:8b:99:cd:25:08:23:
                    b8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:79:55:04:BC:74:B5:F5:EA:BB:C6:75:A7:AF:61:0B:BD:98:49:A8
            X509v3 Authority Key Identifier:
                keyid:31:E6:59:1D:1A:04:D6:AF:E1:ED:5F:4E:D0:1D:39:4A:E5:14:85:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/A3lVBLx0tfXqu8Z1p69hC72YSag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.212.0/24
                  212.23.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:74:a4:73:3a:af:03:41:c0:79:14:18:90:54:94:ad:06:68:
         87:58:f5:35:26:1d:2e:6f:8c:46:7b:b3:0e:d7:8a:23:16:fc:
         47:b1:b0:bc:4e:fa:b0:db:49:ac:d4:38:4e:7a:b6:2e:52:e1:
         5a:6d:21:4c:7e:13:4c:76:3e:4e:11:0c:5b:6d:af:53:26:81:
         18:88:03:b3:44:35:86:fb:49:4c:87:54:ff:bf:ff:3e:94:91:
         ab:31:06:c4:70:3e:31:ee:3c:34:81:76:05:c2:e0:cb:10:ff:
         fb:23:fb:ae:fb:4c:ae:22:09:f8:e9:ef:83:28:30:7d:27:b8:
         47:a1:9c:7c:18:55:04:44:de:56:4d:02:62:32:ba:0d:5e:8a:
         e6:2c:47:2c:26:27:5f:7a:78:76:18:6d:f6:fe:0e:f2:a3:e8:
         2f:ed:de:4e:7c:03:e7:ab:e3:dd:54:f3:a6:fa:8a:c6:7b:aa:
         c2:06:1c:cd:fe:25:a4:61:53:ca:cd:06:5e:05:f9:88:cc:c9:
         51:49:ed:64:56:88:bd:89:a0:a0:7a:e9:70:9f:0e:fc:5a:b9:
         e3:f1:d9:71:f1:df:60:91:bd:83:60:3f:24:e0:e3:67:23:19:
         96:6e:1d:18:fd:70:ff:45:cf:8c:4a:04:d2:8f:43:9d:ee:9f:
         c4:9a:db:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4oh0qHXYRsxS2/Ttwu0iPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZTY1OTFkMWEwNGQ2YWZlMWVkNWY0ZWQwMWQzOTRhZTUx
NDg1ODkwHhcNMjYwMTAxMDgxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzc5NTUwNGJjNzRiNWY1ZWFiYmM2NzVhN2FmNjEwYmJkOTg0OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsYjqGUvE3q4I3170D2v/daRv1Si
DiJKqH6DHqeK+Qxhq8shKQlmxtBWHiSHpyDdZbKSBeGCiix1vyHKWCx1p53T6Jo9
JNp5NWtbYV4QKh/MR+AKZYOJmM+00HDRm45qavWsUBBomhhKksD+U760nxJw7Acz
Wpxc136k+jtwCb/C8P3TRUNsygtFlIRKBov1TLlHEBLLDgggRz4cDy6w8R/vuese
S1nKZ5vlcJ/eRUQpP1VzN+ryXOIXoG/ho5z2UHJCZEingPgccOesM2epWtnuQLbZ
OcdO+zdeK7dOonMJUZ9gcySY9V2tE8wl47TAhU2cDyA+Z2uLmc0lCCO4BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAN5VQS8dLX16rvGdaevYQu9mEmoMB8GA1UdIwQY
MBaAFDHmWR0aBNav4e1fTtAdOUrlFIWJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWVaWkhSb0UxcV9oN1Y5TzBCMDVTdVVVaFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NGE4NWUtYWQ0OS00YzYzLWFiNTkt
YWI3YjBhYTFjM2Q0LzEvQTNsVkJMeDB0ZlhxdThaMXA2OWhDNzJZU2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NGE4NWUtYWQ0OS00YzYzLWFiNTktYWI3YjBhYTFjM2Q0
LzEvTWVaWkhSb0UxcV9oN1Y5TzBCMDVTdVVVaFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud7UAwQA
1BfPMA0GCSqGSIb3DQEBCwUAA4IBAQBNdKRzOq8DQcB5FBiQVJStBmiHWPU1Jh0u
b4xGe7MO14ojFvxHsbC8Tvqw20ms1DhOerYuUuFabSFMfhNMdj5OEQxbba9TJoEY
iAOzRDWG+0lMh1T/v/8+lJGrMQbEcD4x7jw0gXYFwuDLEP/7I/uu+0yuIgn46e+D
KDB9J7hHoZx8GFUERN5WTQJiMroNXormLEcsJidfenh2GG32/g7yo+gv7d5OfAPn
q+PdVPOm+orGe6rCBhzN/iWkYVPKzQZeBfmIzMlRSe1kVoi9iaCgeulwnw78Wrnj
8dlx8d9gkb2DYD8k4ONnIxmWbh0Y/XD/Rc+MSgTSj0Od7p/EmtuZ
-----END CERTIFICATE-----