Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/3liIOmA8_MzwHDRpOza76XYxGX8.roa
File:                     3liIOmA8_MzwHDRpOza76XYxGX8.roa (raw, json)
Hash identifier:          0VbtTlqN/zF8S2L93cBspReEtFE2jCwwwra00rCr4eA=
Subject key identifier:   DE:58:88:3A:60:3C:FC:CC:F0:1C:34:69:3B:36:BB:E9:76:31:19:7F
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019DD8329E8826AD650B31E64001BA70B228
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/3liIOmA8_MzwHDRpOza76XYxGX8.roa
Signing time:             Wed 29 Apr 2026 07:44:49 +0000
ROA not before:           Wed 29 Apr 2026 07:44:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        185.112.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:32:9e:88:26:ad:65:0b:31:e6:40:01:ba:70:b2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Apr 29 07:44:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de58883a603cfcccf01c34693b36bbe97631197f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1b:5e:dc:79:e7:d8:2d:a6:a2:e5:cc:12:9c:
                    80:61:04:77:75:a3:bb:ae:e1:3f:40:c0:59:6d:aa:
                    c8:b1:f6:8c:2c:dd:5e:6d:53:8a:ea:35:3c:dc:0b:
                    0d:ce:32:5c:11:f7:55:52:83:f8:e0:ec:85:de:03:
                    3a:74:2b:02:24:08:5b:5c:fc:c0:fb:34:aa:89:1e:
                    99:c7:4b:f5:2e:7d:12:f0:72:6d:fc:0d:12:22:f1:
                    b4:8c:3a:41:b1:d3:89:d3:2e:6a:df:1f:ba:93:62:
                    21:21:55:3a:c6:fe:18:5a:91:2e:4f:5e:5d:b2:97:
                    6b:12:0b:51:c2:26:3b:ba:1e:d5:e9:96:7a:6d:3d:
                    e1:77:a1:96:0f:66:92:86:91:c7:77:2e:c7:c4:b4:
                    73:fd:e5:5b:af:dd:3a:df:4c:75:58:d1:64:d0:9f:
                    60:09:2a:b0:9a:c6:0a:5f:73:1b:1c:f9:36:46:e9:
                    16:e7:59:d8:70:76:cb:4a:3a:e1:c3:16:49:61:12:
                    b2:68:de:3f:e1:b9:1b:26:25:c7:56:c3:3b:82:8d:
                    21:3f:5c:a5:90:01:28:d5:2c:32:95:2f:7d:89:b9:
                    ae:67:62:6a:c9:3b:a7:a0:77:fd:df:c6:ac:92:a9:
                    58:cd:87:26:bd:73:65:85:02:8c:8e:65:a9:00:ad:
                    9b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:58:88:3A:60:3C:FC:CC:F0:1C:34:69:3B:36:BB:E9:76:31:19:7F
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/3liIOmA8_MzwHDRpOza76XYxGX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:70:52:db:76:8d:d7:ed:97:1f:cb:85:78:cb:a9:f9:42:e9:
         9e:ea:02:2e:d6:cb:c6:b6:d6:42:d2:d9:fe:fe:48:03:83:99:
         7e:d4:54:77:7c:8b:37:07:2c:a0:fc:32:cd:af:5d:86:c1:26:
         0a:b4:c6:24:ca:d0:ce:6d:e3:b7:22:da:03:f2:3e:80:6c:1a:
         5c:51:5f:2b:a6:7a:5f:c0:cd:cb:8f:b9:1c:2a:2c:cd:e7:17:
         95:af:74:0f:fd:b5:3f:bd:bb:b8:45:f2:a5:05:71:ef:6c:47:
         14:c3:9f:9a:52:42:46:67:02:6f:3e:8d:3e:b0:c2:35:9c:d3:
         18:75:01:90:61:08:45:fd:04:85:28:0a:a6:df:e3:69:cc:88:
         f3:bf:b8:2f:6e:18:14:22:3f:1c:e1:c0:6d:03:13:85:40:a9:
         ad:fb:fd:f6:70:b1:89:19:2f:ae:f1:ab:36:20:45:66:a9:62:
         e3:87:59:63:6e:5e:b8:bb:6a:55:7b:60:5a:d5:4f:54:c4:96:
         d1:30:b9:ed:58:c4:6a:b6:2b:ff:22:76:d6:8d:ef:5b:32:7d:
         c3:1d:09:7f:af:12:97:f7:95:c3:d2:b3:93:f7:33:22:18:8b:
         b7:54:17:22:8d:8f:f3:3a:03:61:af:43:b2:80:56:fe:a4:a2:
         a8:52:78:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3YMp6IJq1lCzHmQAG6cLIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwNDI5MDc0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTU4ODgzYTYwM2NmY2NjZjAxYzM0NjkzYjM2YmJlOTc2MzExOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBte3Hnn2C2mouXMEpyAYQR3daO7
ruE/QMBZbarIsfaMLN1ebVOK6jU83AsNzjJcEfdVUoP44OyF3gM6dCsCJAhbXPzA
+zSqiR6Zx0v1Ln0S8HJt/A0SIvG0jDpBsdOJ0y5q3x+6k2IhIVU6xv4YWpEuT15d
spdrEgtRwiY7uh7V6ZZ6bT3hd6GWD2aShpHHdy7HxLRz/eVbr90630x1WNFk0J9g
CSqwmsYKX3MbHPk2RukW51nYcHbLSjrhwxZJYRKyaN4/4bkbJiXHVsM7go0hP1yl
kAEo1SwylS99ibmuZ2JqyTunoHf938askqlYzYcmvXNlhQKMjmWpAK2b5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5YiDpgPPzM8Bw0aTs2u+l2MRl/MB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvM2xpSU9tQThfTXp3SERScE96YTc2WFl4R1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXDwMA0G
CSqGSIb3DQEBCwUAA4IBAQB6cFLbdo3X7Zcfy4V4y6n5Qume6gIu1svGttZC0tn+
/kgDg5l+1FR3fIs3Byyg/DLNr12GwSYKtMYkytDObeO3ItoD8j6AbBpcUV8rpnpf
wM3Lj7kcKizN5xeVr3QP/bU/vbu4RfKlBXHvbEcUw5+aUkJGZwJvPo0+sMI1nNMY
dQGQYQhF/QSFKAqm3+NpzIjzv7gvbhgUIj8c4cBtAxOFQKmt+/32cLGJGS+u8as2
IEVmqWLjh1ljbl64u2pVe2Ba1U9UxJbRMLntWMRqtiv/InbWje9bMn3DHQl/rxKX
95XD0rOT9zMiGIu3VBcijY/zOgNhr0OygFb+pKKoUnh2
-----END CERTIFICATE-----