Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DRDlBzcfvpD1SMkssnntnc47ZQU.roa
File:                     DRDlBzcfvpD1SMkssnntnc47ZQU.roa (raw, json)
Hash identifier:          p7gcyUlLm7wM6zpazHxW8Ss6G1BpxygHV8ud9xPUpRY=
Subject key identifier:   0D:10:E5:07:37:1F:BE:90:F5:48:C9:2C:B2:79:ED:9D:CE:3B:65:05
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019EFFC5D9E06371238A8ECCE0B86ADEE009
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DRDlBzcfvpD1SMkssnntnc47ZQU.roa
Signing time:             Thu 25 Jun 2026 17:13:36 +0000
ROA not before:           Thu 25 Jun 2026 17:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219478
IP address blocks:        94.249.200.0/24 maxlen: 24
                          94.249.229.0/24 maxlen: 24
                          94.249.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:c5:d9:e0:63:71:23:8a:8e:cc:e0:b8:6a:de:e0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun 25 17:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d10e507371fbe90f548c92cb279ed9dce3b6505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7a:da:9c:d1:a9:b1:58:f7:b8:91:e2:57:dd:
                    9d:9d:44:63:8f:d3:de:69:c1:67:07:5f:12:e1:db:
                    e9:64:76:1a:3e:1f:ee:6b:b5:d7:94:a2:b6:f2:12:
                    be:90:24:25:7c:8a:f5:84:00:ad:9f:6c:b5:ab:d7:
                    8d:63:35:d6:8b:5b:ac:1d:e2:e4:d8:80:97:4a:a3:
                    21:82:57:e0:1a:d3:38:dd:dd:1a:f7:12:81:6f:79:
                    b6:a9:66:32:38:74:df:7e:9b:ec:d5:95:5c:2c:98:
                    12:17:09:d4:b8:9f:2f:32:f3:12:1d:28:8e:71:44:
                    a7:4d:1a:f7:56:da:b8:ba:8c:90:aa:ce:f4:e5:2b:
                    7c:00:2f:32:5c:30:e9:6f:ff:82:82:13:41:00:5d:
                    47:18:53:5d:22:42:2f:c1:37:c3:f3:67:96:7e:28:
                    0b:13:9d:92:2f:d9:76:37:0c:9d:db:c3:51:9d:f0:
                    f8:ec:07:31:e9:fe:ad:f7:01:2d:8b:24:31:24:e5:
                    01:af:9e:64:f6:bf:c7:6f:63:c8:96:cc:55:fd:6a:
                    bf:f4:6f:f8:4c:d9:21:8e:86:0c:82:e1:c3:9a:88:
                    bc:6e:b0:12:5b:a9:fa:3d:8f:0b:8a:32:e4:90:e8:
                    79:bf:fe:07:b7:60:24:cc:25:95:ce:8d:3f:93:67:
                    74:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:10:E5:07:37:1F:BE:90:F5:48:C9:2C:B2:79:ED:9D:CE:3B:65:05
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DRDlBzcfvpD1SMkssnntnc47ZQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.200.0/24
                  94.249.229.0/24
                  94.249.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:97:e8:1d:a7:c5:23:2e:dd:97:47:a5:26:cb:a0:57:23:a9:
         ca:02:a4:05:78:ef:7c:0e:a1:33:16:95:d1:27:2d:c9:af:ff:
         2d:3d:1b:e2:06:c8:0f:4f:07:75:c7:3e:7e:43:b9:b3:4b:8b:
         6f:a9:3a:02:00:6d:18:0e:70:fa:ee:57:37:4b:7f:12:f4:52:
         83:6c:43:02:34:96:d5:50:49:af:1a:5c:c2:30:46:6f:9f:88:
         b5:b2:71:3f:db:90:03:5b:8b:d4:b3:b0:57:60:87:82:f7:bd:
         0f:a7:bd:b5:20:3c:50:bb:eb:a3:d8:8f:52:89:38:91:8d:59:
         da:ca:5d:df:15:3b:d4:6a:e8:b2:4e:fa:a7:0c:12:b8:a9:b1:
         a8:5b:ce:34:41:b2:cf:c6:c8:96:33:51:cf:1b:c8:a3:44:1b:
         8e:81:aa:c8:c9:d9:4a:e4:9c:6f:4e:47:ae:a5:6e:c7:bf:36:
         33:db:79:98:0a:e2:04:81:0c:2b:f7:8c:01:c7:97:eb:ce:00:
         98:2a:6a:81:db:0d:64:5c:64:37:70:a5:5a:a4:ca:f6:3f:e4:
         44:61:5b:81:16:b0:c0:e7:45:cc:bc:0a:15:82:53:12:82:97:
         13:c1:e4:3f:a4:0c:07:0c:9e:7d:dc:d3:c8:2a:7c:61:57:04:
         f4:29:ff:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7/xdngY3Ejio7M4Lhq3uAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNjI1MTcxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDEwZTUwNzM3MWZiZTkwZjU0OGM5MmNiMjc5ZWQ5ZGNlM2I2NTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXranNGpsVj3uJHiV92dnURjj9Pe
acFnB18S4dvpZHYaPh/ua7XXlKK28hK+kCQlfIr1hACtn2y1q9eNYzXWi1usHeLk
2ICXSqMhglfgGtM43d0a9xKBb3m2qWYyOHTffpvs1ZVcLJgSFwnUuJ8vMvMSHSiO
cUSnTRr3Vtq4uoyQqs705St8AC8yXDDpb/+CghNBAF1HGFNdIkIvwTfD82eWfigL
E52SL9l2Nwyd28NRnfD47Acx6f6t9wEtiyQxJOUBr55k9r/Hb2PIlsxV/Wq/9G/4
TNkhjoYMguHDmoi8brASW6n6PY8LijLkkOh5v/4Ht2AkzCWVzo0/k2d09QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA0Q5Qc3H76Q9UjJLLJ57Z3OO2UFMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRFJEbEJ6Y2Z2cEQxU01rc3NubnRuYzQ3WlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXvnIAwQA
XvnlAwQAXvn+MA0GCSqGSIb3DQEBCwUAA4IBAQAZl+gdp8UjLt2XR6Umy6BXI6nK
AqQFeO98DqEzFpXRJy3Jr/8tPRviBsgPTwd1xz5+Q7mzS4tvqToCAG0YDnD67lc3
S38S9FKDbEMCNJbVUEmvGlzCMEZvn4i1snE/25ADW4vUs7BXYIeC970Pp721IDxQ
u+uj2I9SiTiRjVnayl3fFTvUauiyTvqnDBK4qbGoW840QbLPxsiWM1HPG8ijRBuO
garIydlK5JxvTkeupW7HvzYz23mYCuIEgQwr94wBx5frzgCYKmqB2w1kXGQ3cKVa
pMr2P+REYVuBFrDA50XMvAoVglMSgpcTweQ/pAwHDJ593NPIKnxhVwT0Kf+7
-----END CERTIFICATE-----