Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/dBxy388q1dvBYiTy917wTS3Dirk.roa
File:                     dBxy388q1dvBYiTy917wTS3Dirk.roa (raw, json)
Hash identifier:          JS0CaEYgLAPFsBeod/+BE8NPxsAgIuRUOjq43mRDMwY=
Subject key identifier:   74:1C:72:DF:CF:2A:D5:DB:C1:62:24:F2:F7:5E:F0:4D:2D:C3:8A:B9
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       019E3766AF61EECD144C133F47A52E26B772
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/dBxy388q1dvBYiTy917wTS3Dirk.roa
Signing time:             Sun 17 May 2026 19:25:36 +0000
ROA not before:           Sun 17 May 2026 19:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        91.201.87.0/24 maxlen: 24
                          2a01:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:37:66:af:61:ee:cd:14:4c:13:3f:47:a5:2e:26:b7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: May 17 19:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=741c72dfcf2ad5dbc16224f2f75ef04d2dc38ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:30:8d:ab:fb:f7:5c:b3:d6:d2:97:d6:df:
                    1a:d9:bd:73:0b:f2:1e:cd:12:96:d5:df:3a:d2:ab:
                    bc:64:8d:3d:c6:66:a1:d6:65:f7:ab:b9:75:66:55:
                    82:96:1d:08:cd:bd:54:20:2d:2f:ec:cd:a8:e1:b3:
                    47:8a:4d:49:8e:b3:a8:85:93:ca:90:a9:81:10:b5:
                    41:fb:59:0a:db:e3:e6:f6:af:ad:e4:d0:50:4f:78:
                    ac:48:bd:fb:f1:80:b5:8d:15:29:8b:31:d3:18:cd:
                    dd:37:f8:59:03:1a:ce:db:48:74:3b:5e:c2:5e:37:
                    57:38:80:d2:23:8c:c1:22:37:39:b4:38:c4:74:2f:
                    c3:5b:4b:e7:1f:05:d3:99:19:5b:20:9d:d0:a4:39:
                    41:b8:60:fd:29:f6:7e:cc:fc:7d:04:df:cd:bd:8a:
                    4e:ff:7b:f0:a5:67:b9:9f:b8:62:cb:2b:e3:75:e9:
                    29:66:5c:c5:9b:5a:9c:53:e8:75:26:69:a8:b8:b5:
                    55:90:11:69:9b:ea:49:83:8d:9b:8d:8b:f1:a6:d6:
                    02:a6:e0:47:c9:a3:d8:96:c0:0b:66:4b:f3:b6:b3:
                    e0:94:ab:e6:30:f2:91:20:57:67:69:89:de:5c:32:
                    6b:b7:b3:2f:cc:26:cb:38:89:0c:c7:35:d0:6b:cc:
                    bc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1C:72:DF:CF:2A:D5:DB:C1:62:24:F2:F7:5E:F0:4D:2D:C3:8A:B9
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/dBxy388q1dvBYiTy917wTS3Dirk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.87.0/24
                IPv6:
                  2a01:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:41:d1:27:ea:45:58:53:ba:7d:2f:d2:23:64:73:37:bc:4e:
         c9:12:3b:50:2d:4d:39:a8:14:f5:8d:f3:95:74:8b:05:64:73:
         40:18:ea:1f:f8:5b:22:a9:9c:fe:68:a3:d6:6f:c5:75:9b:0d:
         a6:10:7f:ee:3d:d3:0e:4f:c7:26:c8:b2:25:e0:a9:b6:d6:c5:
         0c:f1:ee:f1:af:a9:ef:a9:a2:97:dd:cc:f0:58:b7:be:0c:cd:
         fd:e6:f6:72:02:37:7f:c1:e4:98:ea:58:72:77:a9:51:55:c8:
         5e:39:41:44:e3:e5:7e:88:6d:24:e9:4b:45:5a:d8:54:d8:3d:
         39:1e:22:36:01:ee:75:e8:1f:35:e9:de:52:aa:77:a0:a2:9b:
         ed:7e:47:2b:ef:ff:c0:8f:8f:c6:ca:88:88:2b:be:c2:4a:3c:
         1f:cf:9e:86:4b:77:1c:89:55:a9:69:78:9f:f2:4a:91:81:b0:
         ae:85:d3:dc:72:c9:be:c0:80:0f:f2:20:07:59:76:ff:c5:96:
         72:3d:1c:b1:9a:65:f6:f0:a3:e7:56:7a:45:5a:c4:41:f3:ec:
         1c:ee:ca:6c:90:b7:f9:99:e5:7a:8f:63:6b:f2:06:0a:79:ed:
         4c:5b:b4:60:2b:22:20:62:fb:98:30:2e:3d:5d:89:1c:17:e5:
         e6:21:ab:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ43Zq9h7s0UTBM/R6UuJrdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjYwNTE3MTkyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFjNzJkZmNmMmFkNWRiYzE2MjI0ZjJmNzVlZjA0ZDJkYzM4YWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTAwjav791yz1tKX1t8a2b1zC/Ie
zRKW1d860qu8ZI09xmah1mX3q7l1ZlWClh0Izb1UIC0v7M2o4bNHik1JjrOohZPK
kKmBELVB+1kK2+Pm9q+t5NBQT3isSL378YC1jRUpizHTGM3dN/hZAxrO20h0O17C
XjdXOIDSI4zBIjc5tDjEdC/DW0vnHwXTmRlbIJ3QpDlBuGD9KfZ+zPx9BN/NvYpO
/3vwpWe5n7hiyyvjdekpZlzFm1qcU+h1JmmouLVVkBFpm+pJg42bjYvxptYCpuBH
yaPYlsALZkvztrPglKvmMPKRIFdnaYneXDJrt7MvzCbLOIkMxzXQa8y8aQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHQcct/PKtXbwWIk8vde8E0tw4q5MB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEvZEJ4eTM4OHExZHZCWWlUeTkxN3dUUzNEaXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8lXMA0E
AgACMAcDBQMqAfBAMA0GCSqGSIb3DQEBCwUAA4IBAQCqQdEn6kVYU7p9L9IjZHM3
vE7JEjtQLU05qBT1jfOVdIsFZHNAGOof+FsiqZz+aKPWb8V1mw2mEH/uPdMOT8cm
yLIl4Km21sUM8e7xr6nvqaKX3czwWLe+DM395vZyAjd/weSY6lhyd6lRVcheOUFE
4+V+iG0k6UtFWthU2D05HiI2Ae516B816d5Sqnegopvtfkcr7//Aj4/GyoiIK77C
Sjwfz56GS3cciVWpaXif8kqRgbCuhdPccsm+wIAP8iAHWXb/xZZyPRyxmmX28KPn
VnpFWsRB8+wc7spskLf5meV6j2Nr8gYKee1MW7RgKyIgYvuYMC49XYkcF+XmIavL
-----END CERTIFICATE-----