Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KSLIxYSIqTVWZKYEwezmH4gtYmU.roa
File:                     KSLIxYSIqTVWZKYEwezmH4gtYmU.roa (raw, json)
Hash identifier:          i1CSNkYvfpjZ/fL0ivl5Z1F7fWatO4xVFTJpOK1U6MM=
Subject key identifier:   29:22:C8:C5:84:88:A9:35:56:64:A6:04:C1:EC:E6:1F:88:2D:62:65
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019DF878153D6267D6AB04B15798D3B39598
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KSLIxYSIqTVWZKYEwezmH4gtYmU.roa
Signing time:             Tue 05 May 2026 14:08:32 +0000
ROA not before:           Tue 05 May 2026 14:08:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29403
IP address blocks:        217.30.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:78:15:3d:62:67:d6:ab:04:b1:57:98:d3:b3:95:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: May  5 14:08:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2922c8c58488a9355664a604c1ece61f882d6265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dc:e6:5f:be:b5:da:ef:67:a0:ac:50:4f:0f:
                    3d:1e:c1:55:db:bc:3c:b7:1d:a5:7f:1e:35:72:24:
                    6f:a2:f2:cb:f3:11:f7:df:e3:91:ff:c6:d2:ab:f9:
                    15:ea:7a:90:6c:db:a7:7b:8f:41:7a:24:82:55:e9:
                    22:2d:11:4a:5a:35:14:a9:f8:8b:6a:19:c9:fa:35:
                    b0:04:5a:c8:75:ce:f8:8d:ad:01:26:60:4b:10:93:
                    04:b4:3e:9b:00:03:d0:a5:71:36:61:14:a7:30:24:
                    5f:2c:cd:73:cb:21:60:ff:82:08:2e:b9:3f:d0:67:
                    04:ad:33:bd:89:ea:29:11:15:a2:c4:38:d5:12:d5:
                    6b:94:57:b4:02:94:fb:fc:ee:d4:0f:d5:78:7c:ef:
                    f7:9b:24:f6:f2:f3:1a:7d:1e:f3:7f:bf:d3:f8:15:
                    1e:86:0f:f3:b5:89:d0:e8:d6:9f:e9:f8:78:f5:6f:
                    72:f8:61:45:de:27:c2:5d:b3:7a:ee:0c:46:87:d0:
                    b1:de:9a:83:56:f6:74:70:83:45:75:df:a2:8a:39:
                    e8:2a:19:04:6a:19:4d:9b:59:e2:97:3f:a9:47:6f:
                    82:c6:11:cd:eb:43:29:23:36:e7:b8:ef:45:36:59:
                    9b:f6:b7:30:a6:1b:0d:62:b7:34:0d:db:26:36:18:
                    b3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:22:C8:C5:84:88:A9:35:56:64:A6:04:C1:EC:E6:1F:88:2D:62:65
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KSLIxYSIqTVWZKYEwezmH4gtYmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.30.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b7:c1:e3:57:83:97:08:d7:53:0e:4d:85:f2:9b:c5:67:6f:
         a8:18:a5:fb:f1:76:c1:7a:83:cf:9f:48:b9:4e:26:78:0d:c5:
         9d:a0:8d:20:3e:b9:3c:3a:ca:ae:ba:2c:e5:44:d6:b3:1a:f4:
         84:98:05:d5:4d:89:e9:04:d0:de:f3:42:11:17:de:36:fe:6a:
         17:85:4f:70:ac:ae:e5:2c:8d:58:b4:81:59:83:7d:ee:dc:56:
         46:08:a8:2f:1d:13:71:db:24:75:3b:c7:6e:b7:96:a2:d1:7c:
         21:1b:a7:44:0c:f4:cc:b0:42:43:ba:46:d8:2c:d4:47:ff:f5:
         2e:e6:eb:53:48:f9:ab:c7:af:f1:fa:77:8a:a7:b7:e6:76:d4:
         0c:a1:d7:fa:72:e4:4d:99:be:b3:72:14:97:65:6e:3f:aa:f3:
         31:28:bd:77:64:2b:bd:3a:f8:46:21:5b:67:25:0d:91:56:1d:
         d2:4f:bd:64:ff:ce:5c:1d:b8:99:54:9e:36:82:e4:05:7b:90:
         4b:e0:e4:61:eb:ea:4b:03:b6:3b:c9:24:7b:46:6c:31:7b:1d:
         fa:37:37:20:56:28:f1:30:77:34:8e:f6:d4:66:c5:b6:f2:e0:
         24:d0:86:bb:a8:aa:df:02:64:ac:dc:27:a9:45:40:83:d2:b3:
         cb:04:cd:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34eBU9YmfWqwSxV5jTs5WYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNTA1MTQwODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTIyYzhjNTg0ODhhOTM1NTY2NGE2MDRjMWVjZTYxZjg4MmQ2MjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdzmX7612u9noKxQTw89HsFV27w8
tx2lfx41ciRvovLL8xH33+OR/8bSq/kV6nqQbNune49BeiSCVekiLRFKWjUUqfiL
ahnJ+jWwBFrIdc74ja0BJmBLEJMEtD6bAAPQpXE2YRSnMCRfLM1zyyFg/4IILrk/
0GcErTO9ieopERWixDjVEtVrlFe0ApT7/O7UD9V4fO/3myT28vMafR7zf7/T+BUe
hg/ztYnQ6Naf6fh49W9y+GFF3ifCXbN67gxGh9Cx3pqDVvZ0cINFdd+iijnoKhkE
ahlNm1nilz+pR2+CxhHN60MpIzbnuO9FNlmb9rcwphsNYrc0DdsmNhizpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkiyMWEiKk1VmSmBMHs5h+ILWJlMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvS1NMSXhZU0lxVFZXWktZRXdlem1INGd0WW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2R5YMA0G
CSqGSIb3DQEBCwUAA4IBAQAnt8HjV4OXCNdTDk2F8pvFZ2+oGKX78XbBeoPPn0i5
TiZ4DcWdoI0gPrk8OsquuizlRNazGvSEmAXVTYnpBNDe80IRF942/moXhU9wrK7l
LI1YtIFZg33u3FZGCKgvHRNx2yR1O8dut5ai0XwhG6dEDPTMsEJDukbYLNRH//Uu
5utTSPmrx6/x+neKp7fmdtQModf6cuRNmb6zchSXZW4/qvMxKL13ZCu9OvhGIVtn
JQ2RVh3ST71k/85cHbiZVJ42guQFe5BL4ORh6+pLA7Y7ySR7Rmwxex36NzcgVijx
MHc0jvbUZsW28uAk0Ia7qKrfAmSs3CepRUCD0rPLBM18
-----END CERTIFICATE-----