Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/t3UkDqm89BXYugxzek3H_T2xsnk.roa
File:                     t3UkDqm89BXYugxzek3H_T2xsnk.roa (raw, json)
Hash identifier:          0v05Mtv3fk+yrXhgZl5Oqsbm1YuaJuYan3rzgXnAwAA=
Subject key identifier:   B7:75:24:0E:A9:BC:F4:15:D8:BA:0C:73:7A:4D:C7:FD:3D:B1:B2:79
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       019E82A9E15446320F7433F97356557014C7
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/t3UkDqm89BXYugxzek3H_T2xsnk.roa
Signing time:             Mon 01 Jun 2026 10:10:31 +0000
ROA not before:           Mon 01 Jun 2026 10:10:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15020
IP address blocks:        91.235.168.0/24 maxlen: 24
                          2a09:8400:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:a9:e1:54:46:32:0f:74:33:f9:73:56:55:70:14:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jun  1 10:10:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b775240ea9bcf415d8ba0c737a4dc7fd3db1b279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c4:45:1a:81:11:54:5f:06:7d:39:ca:0d:81:
                    77:ad:d2:4b:a5:2c:33:06:e8:d6:2e:65:79:30:8c:
                    61:f9:2b:c3:09:f8:09:ea:e1:4a:f4:54:1d:83:45:
                    63:77:88:2e:2b:28:1b:bd:ac:2a:0b:8f:1b:de:ff:
                    0d:99:31:eb:a8:b4:eb:de:9c:28:36:57:f8:8d:bc:
                    98:96:9c:ed:ca:5c:5a:e3:8e:cc:25:db:25:10:14:
                    21:f1:e9:45:ab:93:1b:41:4f:46:c0:50:84:16:e9:
                    2a:0e:06:26:96:f9:47:3c:d6:2c:aa:e4:8a:de:16:
                    39:0d:80:74:8f:37:a3:e1:7a:19:9e:9f:5d:bd:3e:
                    48:73:e7:51:25:76:6e:d3:0a:91:c3:b5:0a:84:f1:
                    83:db:91:9f:5f:2c:d3:b6:97:9e:32:51:1e:0d:59:
                    5c:7e:45:4a:d7:15:55:a6:74:c7:29:8e:6d:ee:ba:
                    f3:3f:df:d6:73:34:ec:38:1d:ed:19:7d:81:28:68:
                    6a:1f:63:65:83:16:81:1b:1d:b6:b5:59:4b:09:71:
                    7a:c4:11:21:4d:c6:72:87:c1:81:1c:39:5e:81:f2:
                    63:69:e9:fd:16:a4:8b:cc:23:c9:4d:b6:5d:12:e9:
                    5e:47:06:d2:13:9f:3e:ba:89:75:9c:95:23:5d:94:
                    12:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:75:24:0E:A9:BC:F4:15:D8:BA:0C:73:7A:4D:C7:FD:3D:B1:B2:79
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/t3UkDqm89BXYugxzek3H_T2xsnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.168.0/24
                IPv6:
                  2a09:8400:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:b9:c6:3d:cb:3d:3b:da:12:a2:47:e9:99:d1:7c:a6:5c:a5:
         3e:83:53:1b:44:1e:61:80:ee:87:d2:f9:5e:01:5a:69:b3:a4:
         e8:82:b7:b8:fe:85:28:70:2b:6c:d8:34:a3:50:a4:10:d8:7b:
         e1:6b:70:a8:cf:44:5f:c1:c0:b4:7b:95:f0:c6:3c:5d:9c:83:
         2f:6f:9c:25:80:89:14:f8:9f:11:e1:33:53:35:e4:c8:d6:39:
         61:46:aa:a7:52:e3:09:77:2e:80:b9:ab:eb:bd:49:31:ee:59:
         84:a2:e5:33:cb:82:26:c9:c3:04:2a:38:ce:20:75:ee:60:05:
         47:c2:d3:eb:e7:ec:0c:2e:a6:f5:1e:c5:25:69:df:30:e9:d9:
         56:a2:0f:d0:83:e3:fa:93:a5:ab:0b:d9:09:b2:3a:54:4b:44:
         fd:ea:cb:39:67:a1:dc:a0:82:f2:a3:fa:d5:0a:d5:91:5f:cf:
         be:f2:92:f9:df:2f:29:73:96:cc:7a:bb:d4:83:99:50:fa:4c:
         50:11:0e:13:95:c1:94:f4:6f:7b:e0:e7:22:97:ec:ec:26:79:
         33:8f:0f:3f:80:7d:47:d2:43:5a:57:4c:1e:a7:bc:29:97:2a:
         50:38:b1:1c:81:b4:cc:bd:16:0b:6a:63:47:ed:2f:31:36:fb:
         5f:61:a1:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ6CqeFURjIPdDP5c1ZVcBTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjYwNjAxMTAxMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzc1MjQwZWE5YmNmNDE1ZDhiYTBjNzM3YTRkYzdmZDNkYjFiMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58RFGoERVF8GfTnKDYF3rdJLpSwz
BujWLmV5MIxh+SvDCfgJ6uFK9FQdg0Vjd4guKygbvawqC48b3v8NmTHrqLTr3pwo
Nlf4jbyYlpztylxa447MJdslEBQh8elFq5MbQU9GwFCEFukqDgYmlvlHPNYsquSK
3hY5DYB0jzej4XoZnp9dvT5Ic+dRJXZu0wqRw7UKhPGD25GfXyzTtpeeMlEeDVlc
fkVK1xVVpnTHKY5t7rrzP9/WczTsOB3tGX2BKGhqH2NlgxaBGx22tVlLCXF6xBEh
TcZyh8GBHDlegfJjaen9FqSLzCPJTbZdEuleRwbSE58+uol1nJUjXZQSEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLd1JA6pvPQV2LoMc3pNx/09sbJ5MB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvdDNVa0RxbTg5QlhZdWd4emVrM0hfVDJ4c25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+uoMA8E
AgACMAkDBwAqCYQAAAMwDQYJKoZIhvcNAQELBQADggEBAIC5xj3LPTvaEqJH6ZnR
fKZcpT6DUxtEHmGA7ofS+V4BWmmzpOiCt7j+hShwK2zYNKNQpBDYe+FrcKjPRF/B
wLR7lfDGPF2cgy9vnCWAiRT4nxHhM1M15MjWOWFGqqdS4wl3LoC5q+u9STHuWYSi
5TPLgibJwwQqOM4gde5gBUfC0+vn7AwupvUexSVp3zDp2VaiD9CD4/qTpasL2Qmy
OlRLRP3qyzlnodyggvKj+tUK1ZFfz77ykvnfLylzlsx6u9SDmVD6TFARDhOVwZT0
b3vg5yKX7OwmeTOPDz+AfUfSQ1pXTB6nvCmXKlA4sRyBtMy9FgtqY0ftLzE2+19h
oWo=
-----END CERTIFICATE-----