Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/3DSxcK9BYX9k5tvNNrwWZ7kYjz4.roa
File:                     3DSxcK9BYX9k5tvNNrwWZ7kYjz4.roa (raw, json)
Hash identifier:          LlbtQ15mDycazVoOyoBxW8uz2UEgpVUqP+tEU+6Dy34=
Subject key identifier:   DC:34:B1:70:AF:41:61:7F:64:E6:DB:CD:36:BC:16:67:B9:18:8F:3E
Certificate issuer:       /CN=c1c9088f5b4438a4348c805eebcbf4a80e07ff54
Certificate serial:       019DDDC15934621F3AC89C9C086256A8EECE
Authority key identifier: C1:C9:08:8F:5B:44:38:A4:34:8C:80:5E:EB:CB:F4:A8:0E:07:FF:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wckIj1tEOKQ0jIBe68v0qA4H_1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/3DSxcK9BYX9k5tvNNrwWZ7kYjz4.roa
Signing time:             Thu 30 Apr 2026 09:38:49 +0000
ROA not before:           Thu 30 Apr 2026 09:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3209
IP address blocks:        151.189.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/wckIj1tEOKQ0jIBe68v0qA4H_1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/wckIj1tEOKQ0jIBe68v0qA4H_1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wckIj1tEOKQ0jIBe68v0qA4H_1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:c1:59:34:62:1f:3a:c8:9c:9c:08:62:56:a8:ee:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c9088f5b4438a4348c805eebcbf4a80e07ff54
        Validity
            Not Before: Apr 30 09:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc34b170af41617f64e6dbcd36bc1667b9188f3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5f:6d:23:11:54:46:4b:e5:09:4d:a2:bf:2a:
                    dc:5b:06:b1:41:35:4d:f5:d4:06:74:dc:d0:c4:32:
                    d4:0d:dd:6d:9d:5d:23:1c:77:fb:3e:2c:f0:aa:ba:
                    5d:ad:00:33:e5:d3:29:dc:74:d1:97:2f:a7:d3:25:
                    63:f6:99:c4:a6:00:32:22:c5:d7:44:12:bd:04:c4:
                    d6:3a:eb:49:3a:14:01:e3:68:1a:15:94:27:18:bc:
                    d3:92:c0:21:ef:5a:3c:bb:b9:c7:c7:35:75:cb:2a:
                    09:99:ab:f1:9b:eb:39:a3:33:35:31:6d:e2:db:6c:
                    02:fe:81:9f:62:7d:b0:2e:7a:1b:c7:a6:30:96:0a:
                    44:62:51:7a:bd:63:76:98:9e:26:3d:84:77:da:e3:
                    50:49:0e:a7:5d:2d:6c:e0:8f:70:b3:5f:9d:d8:12:
                    45:21:a6:b0:e9:d7:4b:63:71:ef:40:af:f2:70:93:
                    b1:ac:fa:25:36:6e:50:92:e8:cd:db:dc:30:f4:bd:
                    4b:3f:56:7b:f1:16:47:98:fd:e6:fd:d5:af:6b:68:
                    5f:9f:3b:a8:59:4b:b9:97:43:77:41:d9:4b:92:1c:
                    2d:61:dc:f1:71:ea:bb:89:36:27:ec:53:83:36:89:
                    34:2b:d0:06:5f:73:7e:fa:d8:da:85:d9:0b:e2:43:
                    a0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:34:B1:70:AF:41:61:7F:64:E6:DB:CD:36:BC:16:67:B9:18:8F:3E
            X509v3 Authority Key Identifier:
                keyid:C1:C9:08:8F:5B:44:38:A4:34:8C:80:5E:EB:CB:F4:A8:0E:07:FF:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wckIj1tEOKQ0jIBe68v0qA4H_1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/3DSxcK9BYX9k5tvNNrwWZ7kYjz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/d662a6-0af5-459f-a77b-6ad533df0d24/1/wckIj1tEOKQ0jIBe68v0qA4H_1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.189.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:d1:fa:c6:74:ea:80:12:c6:fd:f6:55:8c:51:72:56:98:97:
         d4:b1:18:46:c7:f6:20:e9:3a:2a:81:a7:c4:32:04:79:7b:69:
         d6:1b:5b:4a:9e:5c:ab:b2:03:2f:6a:f3:89:89:b3:f2:64:3b:
         a5:28:ac:dd:be:02:03:2d:5e:17:25:eb:c3:b2:97:d8:e8:54:
         07:8c:68:a4:5c:28:4e:ca:9d:d2:08:79:a0:12:ba:88:f6:10:
         35:63:22:ce:fc:9f:01:d8:10:18:49:1d:cf:db:a1:f8:c4:53:
         8b:fe:ff:77:f0:14:d9:92:dd:56:9f:42:e3:d1:ff:a8:ea:8e:
         05:c6:8d:ae:4b:a5:6d:01:0b:b3:27:43:67:eb:65:76:09:85:
         29:8e:5f:68:b5:dc:df:56:47:4b:6f:1f:65:9c:3b:40:72:ca:
         02:c0:88:b6:92:52:57:02:1c:42:4c:9a:44:52:24:48:75:c2:
         7c:f7:3e:28:47:09:8c:bc:ba:55:f0:75:2c:e9:15:89:03:b8:
         9f:13:25:6e:bc:99:70:0c:02:26:f6:b9:4f:e6:ee:87:c8:03:
         ce:32:09:10:c7:cc:a6:92:e2:b6:1b:cc:ad:f4:0d:1f:59:4d:
         63:75:8a:45:11:f1:04:59:19:ea:99:b6:98:41:55:ec:ac:55:
         76:d9:b4:9e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZ3dwVk0Yh86yJycCGJWqO7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzkwODhmNWI0NDM4YTQzNDhjODA1ZWViY2JmNGE4MGUw
N2ZmNTQwHhcNMjYwNDMwMDkzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM0YjE3MGFmNDE2MTdmNjRlNmRiY2QzNmJjMTY2N2I5MTg4ZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2V9tIxFURkvlCU2ivyrcWwaxQTVN
9dQGdNzQxDLUDd1tnV0jHHf7PizwqrpdrQAz5dMp3HTRly+n0yVj9pnEpgAyIsXX
RBK9BMTWOutJOhQB42gaFZQnGLzTksAh71o8u7nHxzV1yyoJmavxm+s5ozM1MW3i
22wC/oGfYn2wLnobx6YwlgpEYlF6vWN2mJ4mPYR32uNQSQ6nXS1s4I9ws1+d2BJF
Iaaw6ddLY3HvQK/ycJOxrPolNm5QkujN29ww9L1LP1Z78RZHmP3m/dWva2hfnzuo
WUu5l0N3QdlLkhwtYdzxceq7iTYn7FODNok0K9AGX3N++tjahdkL4kOgOQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNw0sXCvQWF/ZObbzTa8Fme5GI8+MB8GA1UdIwQY
MBaAFMHJCI9bRDikNIyAXuvL9KgOB/9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NrSWoxdEVPS1EwaklCZTY4djBxQTRIXzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9kNjYyYTYtMGFmNS00NTlmLWE3N2It
NmFkNTMzZGYwZDI0LzEvM0RTeGNLOUJZWDlrNXR2Tk5yd1daN2tZano0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9kNjYyYTYtMGFmNS00NTlmLWE3N2ItNmFkNTMzZGYwZDI0
LzEvd2NrSWoxdEVPS1EwaklCZTY4djBxQTRIXzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAl70wDQYJ
KoZIhvcNAQELBQADggEBAH3R+sZ06oASxv32VYxRclaYl9SxGEbH9iDpOiqBp8Qy
BHl7adYbW0qeXKuyAy9q84mJs/JkO6UorN2+AgMtXhcl68Oyl9joVAeMaKRcKE7K
ndIIeaASuoj2EDVjIs78nwHYEBhJHc/bofjEU4v+/3fwFNmS3VafQuPR/6jqjgXG
ja5LpW0BC7MnQ2frZXYJhSmOX2i13N9WR0tvH2WcO0ByygLAiLaSUlcCHEJMmkRS
JEh1wnz3PihHCYy8ulXwdSzpFYkDuJ8TJW68mXAMAib2uU/m7ofIA84yCRDHzKaS
4rYbzK30DR9ZTWN1ikUR8QRZGeqZtphBVeysVXbZtJ4=
-----END CERTIFICATE-----