Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/SRIEH_ip-JAC8FRBxZOXC-V6_Rc.roa
File:                     SRIEH_ip-JAC8FRBxZOXC-V6_Rc.roa (raw, json)
Hash identifier:          P09SRGvyFJXlrrkyat3yhBb/KjpwODT4F8eDAR8AnFI=
Subject key identifier:   49:12:04:1F:F8:A9:F8:90:02:F0:54:41:C5:93:97:0B:E5:7A:FD:17
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       019D0057537897CC9E87DFE905E51634A6E0
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/SRIEH_ip-JAC8FRBxZOXC-V6_Rc.roa
Signing time:             Wed 18 Mar 2026 09:46:56 +0000
ROA not before:           Wed 18 Mar 2026 09:46:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199522
IP address blocks:        83.98.216.0/24 maxlen: 24
                          89.30.156.0/24 maxlen: 24
                          89.30.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:57:53:78:97:cc:9e:87:df:e9:05:e5:16:34:a6:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Mar 18 09:46:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4912041ff8a9f89002f05441c593970be57afd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:20:72:4c:14:96:c3:88:50:11:7e:12:18:e9:
                    89:53:a9:60:40:92:5c:4d:ec:7d:ea:02:6c:e1:55:
                    7d:54:2f:ea:6d:6c:26:c9:c1:b7:b5:84:c5:12:b1:
                    15:c7:43:25:16:51:24:b5:e8:4d:83:aa:97:fa:3c:
                    4b:a6:63:ed:50:30:fe:dd:44:c7:b0:da:6a:2a:42:
                    1b:28:0a:f8:cd:3a:d7:35:14:67:97:27:88:48:d0:
                    9b:be:bd:98:74:e3:8d:6f:cb:5a:88:56:a4:75:de:
                    04:d3:0e:34:39:e5:a4:f3:09:f4:23:f2:bc:ea:2d:
                    ed:f0:c0:76:1d:6e:12:37:c9:d5:c1:9d:13:a0:5a:
                    eb:c7:d5:f8:72:9b:6b:3f:3a:3d:ce:5a:41:dd:e8:
                    c2:0f:14:46:32:4b:23:83:62:a8:1a:e0:c8:87:61:
                    f3:09:dd:70:67:b3:8d:a6:43:ef:ba:9b:b8:34:c2:
                    e7:a0:23:3f:13:62:d2:d3:16:cc:ae:13:3d:99:3b:
                    90:49:57:b4:79:fc:0a:3c:ad:3f:50:50:82:5d:8a:
                    ff:92:20:5c:11:b3:f1:45:44:63:16:7d:d4:10:08:
                    05:e3:af:2c:0f:17:42:69:a1:97:7f:04:d0:73:30:
                    0e:c0:85:da:ed:b8:40:f3:af:b1:b6:24:49:84:1b:
                    db:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:12:04:1F:F8:A9:F8:90:02:F0:54:41:C5:93:97:0B:E5:7A:FD:17
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/SRIEH_ip-JAC8FRBxZOXC-V6_Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.98.216.0/24
                  89.30.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:e3:24:17:0d:31:ef:4a:c8:71:64:e1:b9:73:1f:cb:5a:c0:
         81:4a:eb:d1:e4:0f:a3:91:08:ff:7b:e2:45:0e:c7:d2:6d:37:
         f6:59:67:b6:ad:a2:10:62:76:30:2c:6e:4f:ee:26:ab:8e:ed:
         df:99:98:54:e9:9d:72:f5:a7:42:2b:76:c9:44:ac:7e:00:fc:
         c6:2b:35:36:9d:32:1b:6a:b6:58:66:50:89:c7:ce:0c:f0:2b:
         67:b2:4b:37:bc:2c:b1:e4:f0:74:3d:6b:ec:5e:fd:e8:65:29:
         ba:72:e3:e8:b8:ca:e2:96:d0:07:1c:d1:a5:bd:eb:33:e9:fc:
         17:34:80:fc:67:6d:6d:e3:7f:cf:2e:34:68:18:a0:ab:f8:36:
         38:52:8c:4a:57:e6:1f:4c:b6:0c:13:7b:b1:52:5a:94:fb:c2:
         b9:ec:45:37:38:f0:34:28:bf:f5:2c:40:59:d7:6b:e4:2e:b6:
         21:ac:8f:29:b3:3c:3c:27:34:fc:22:c6:79:2f:8e:6f:d3:00:
         df:19:7d:b4:87:cd:66:91:ef:1c:9a:b1:f7:c8:9a:c4:57:31:
         b1:ae:d1:9d:80:93:96:27:53:48:e0:86:63:64:47:1b:47:75:
         81:3b:00:2a:2a:30:ca:c3:8a:fd:04:04:16:d8:ee:5a:aa:f9:
         d5:1c:1e:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0AV1N4l8yeh9/pBeUWNKbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjYwMzE4MDk0NjU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTEyMDQxZmY4YTlmODkwMDJmMDU0NDFjNTkzOTcwYmU1N2FmZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSByTBSWw4hQEX4SGOmJU6lgQJJc
Tex96gJs4VV9VC/qbWwmycG3tYTFErEVx0MlFlEktehNg6qX+jxLpmPtUDD+3UTH
sNpqKkIbKAr4zTrXNRRnlyeISNCbvr2YdOONb8taiFakdd4E0w40OeWk8wn0I/K8
6i3t8MB2HW4SN8nVwZ0ToFrrx9X4cptrPzo9zlpB3ejCDxRGMksjg2KoGuDIh2Hz
Cd1wZ7ONpkPvupu4NMLnoCM/E2LS0xbMrhM9mTuQSVe0efwKPK0/UFCCXYr/kiBc
EbPxRURjFn3UEAgF468sDxdCaaGXfwTQczAOwIXa7bhA86+xtiRJhBvb9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEkSBB/4qfiQAvBUQcWTlwvlev0XMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvU1JJRUhfaXAtSkFDOEZSQnhaT1hDLVY2X1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU2LYAwQB
WR6cMA0GCSqGSIb3DQEBCwUAA4IBAQAN4yQXDTHvSshxZOG5cx/LWsCBSuvR5A+j
kQj/e+JFDsfSbTf2WWe2raIQYnYwLG5P7iarju3fmZhU6Z1y9adCK3bJRKx+APzG
KzU2nTIbarZYZlCJx84M8Ctnsks3vCyx5PB0PWvsXv3oZSm6cuPouMriltAHHNGl
vesz6fwXNID8Z21t43/PLjRoGKCr+DY4UoxKV+YfTLYME3uxUlqU+8K57EU3OPA0
KL/1LEBZ12vkLrYhrI8pszw8JzT8IsZ5L45v0wDfGX20h81mke8cmrH3yJrEVzGx
rtGdgJOWJ1NI4IZjZEcbR3WBOwAqKjDKw4r9BAQW2O5aqvnVHB5a
-----END CERTIFICATE-----