Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/kXOd5jH86JLvfXHemqDhfdfDdlg.roa
File:                     kXOd5jH86JLvfXHemqDhfdfDdlg.roa (raw, json)
Hash identifier:          Y1aEFrTSyZUJC/4uUI51ki9mieJNB1Uh1UY/fpEVapk=
Subject key identifier:   91:73:9D:E6:31:FC:E8:92:EF:7D:71:DE:9A:A0:E1:7D:D7:C3:76:58
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       019DD3107E81CAC9806AE09C393C4C73DFF9
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/kXOd5jH86JLvfXHemqDhfdfDdlg.roa
Signing time:             Tue 28 Apr 2026 07:49:26 +0000
ROA not before:           Tue 28 Apr 2026 07:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212280
IP address blocks:        194.39.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:10:7e:81:ca:c9:80:6a:e0:9c:39:3c:4c:73:df:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Apr 28 07:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91739de631fce892ef7d71de9aa0e17dd7c37658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:26:94:38:c9:88:ff:c5:0e:ac:5b:5f:d2:59:
                    84:45:ff:0f:b9:c2:df:c5:53:fa:fb:9b:37:aa:2f:
                    3a:9a:42:49:9f:f8:97:21:84:c1:2a:45:e6:aa:e3:
                    35:b3:c4:09:8f:2f:d6:51:23:59:33:0d:5e:e9:95:
                    b7:4a:b1:5a:df:78:b1:49:33:e3:eb:40:57:81:53:
                    ad:6f:9b:93:8c:13:39:60:19:c9:83:49:2c:c3:62:
                    82:d1:8f:85:cd:62:7e:d0:8a:66:11:a7:fd:7c:11:
                    ec:36:ba:32:69:dd:38:61:c5:c8:ca:a6:78:11:dd:
                    1f:7d:5e:0f:c0:1f:c9:b2:98:67:c5:b4:ed:fb:5e:
                    dd:f1:c1:80:9a:09:92:1d:82:83:8f:ea:36:79:48:
                    48:5a:ae:0e:84:bd:74:4d:0c:78:2f:b8:1a:3d:1e:
                    f0:24:6e:22:9e:dd:f0:93:52:a2:99:0b:45:ca:dd:
                    2c:2e:54:3f:90:b2:9d:0a:e6:6c:fe:06:6b:62:bf:
                    f1:72:6f:4d:fd:31:43:86:53:b1:81:77:89:09:8f:
                    e1:56:38:47:ac:a0:69:69:fd:83:92:44:f2:e8:f0:
                    b3:07:17:d5:50:04:67:32:62:ed:26:bc:fc:ce:85:
                    4f:86:ac:a5:66:7f:a6:83:49:64:f8:6a:62:54:2b:
                    bc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:73:9D:E6:31:FC:E8:92:EF:7D:71:DE:9A:A0:E1:7D:D7:C3:76:58
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/kXOd5jH86JLvfXHemqDhfdfDdlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a8:57:f7:4e:4e:6f:a8:8a:7f:f0:ca:fb:77:3c:b5:d1:ea:
         cc:b3:80:ea:f1:07:08:ce:b4:de:29:1b:45:87:93:26:92:cc:
         58:e6:32:bf:06:8b:10:2d:33:6b:2f:36:f5:9e:54:be:91:b6:
         73:16:6f:50:7e:c8:38:6a:c1:80:e8:71:e4:dc:1d:65:72:07:
         ad:8b:94:f1:43:37:16:d7:ef:87:ac:ff:f2:a8:14:4a:4a:36:
         ae:25:47:1a:96:93:bf:c0:b4:a9:de:eb:b0:a9:41:9c:41:e7:
         d6:d4:02:1b:5e:de:d6:11:cf:de:62:9b:00:16:de:7a:8e:d7:
         5d:04:75:4f:d0:1f:d5:56:43:ca:42:71:37:38:64:8c:e3:17:
         29:f3:6a:b2:c5:d2:38:57:82:50:6d:eb:93:3f:09:b7:cd:53:
         f9:dd:af:74:ee:b8:ab:2a:1a:73:52:ca:fd:a8:8d:55:38:6e:
         f9:0c:5d:c9:c3:ed:cf:b9:fa:ad:92:ff:d1:88:88:b2:2c:fc:
         5a:7a:4e:1f:26:f0:cc:56:85:83:02:aa:7e:00:84:08:d4:25:
         af:d8:43:8f:30:b4:70:65:dd:4e:77:4e:e1:0a:71:a5:71:03:
         61:c2:32:1a:3b:3a:1f:fc:0c:65:66:8e:c5:a2:0b:71:a1:e8:
         a3:d6:50:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TEH6BysmAauCcOTxMc9/5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjYwNDI4MDc0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTczOWRlNjMxZmNlODkyZWY3ZDcxZGU5YWEwZTE3ZGQ3YzM3NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCaUOMmI/8UOrFtf0lmERf8PucLf
xVP6+5s3qi86mkJJn/iXIYTBKkXmquM1s8QJjy/WUSNZMw1e6ZW3SrFa33ixSTPj
60BXgVOtb5uTjBM5YBnJg0ksw2KC0Y+FzWJ+0IpmEaf9fBHsNroyad04YcXIyqZ4
Ed0ffV4PwB/JsphnxbTt+17d8cGAmgmSHYKDj+o2eUhIWq4OhL10TQx4L7gaPR7w
JG4int3wk1KimQtFyt0sLlQ/kLKdCuZs/gZrYr/xcm9N/TFDhlOxgXeJCY/hVjhH
rKBpaf2DkkTy6PCzBxfVUARnMmLtJrz8zoVPhqylZn+mg0lk+GpiVCu8vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFzneYx/OiS731x3pqg4X3Xw3ZYMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEva1hPZDVqSDg2Skx2ZlhIZW1xRGhmZGZEZGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifmMA0G
CSqGSIb3DQEBCwUAA4IBAQADqFf3Tk5vqIp/8Mr7dzy10erMs4Dq8QcIzrTeKRtF
h5MmksxY5jK/BosQLTNrLzb1nlS+kbZzFm9Qfsg4asGA6HHk3B1lcgeti5TxQzcW
1++HrP/yqBRKSjauJUcalpO/wLSp3uuwqUGcQefW1AIbXt7WEc/eYpsAFt56jtdd
BHVP0B/VVkPKQnE3OGSM4xcp82qyxdI4V4JQbeuTPwm3zVP53a907rirKhpzUsr9
qI1VOG75DF3Jw+3Pufqtkv/RiIiyLPxaek4fJvDMVoWDAqp+AIQI1CWv2EOPMLRw
Zd1Od07hCnGlcQNhwjIaOzof/AxlZo7Fogtxoeij1lC0
-----END CERTIFICATE-----