Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/pBnqzIAytKpHQhX8QDpU_OY1RKw.roa
File:                     pBnqzIAytKpHQhX8QDpU_OY1RKw.roa (raw, json)
Hash identifier:          pra/+hq5WQ/StXcBlep+m5KO06sTkTgn3LjOqqbBjzA=
Subject key identifier:   A4:19:EA:CC:80:32:B4:AA:47:42:15:FC:40:3A:54:FC:E6:35:44:AC
Certificate issuer:       /CN=4d3a71a77f4ca9ba536f98612a9c56d40c0c3b9d
Certificate serial:       019DBF28AAC27C19B6FE77AD541C753E4998
Authority key identifier: 4D:3A:71:A7:7F:4C:A9:BA:53:6F:98:61:2A:9C:56:D4:0C:0C:3B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TTpxp39MqbpTb5hhKpxW1AwMO50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/pBnqzIAytKpHQhX8QDpU_OY1RKw.roa
Signing time:             Fri 24 Apr 2026 11:03:26 +0000
ROA not before:           Fri 24 Apr 2026 11:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31477
IP address blocks:        45.82.188.0/22 maxlen: 24
                          2a0e:7280::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/TTpxp39MqbpTb5hhKpxW1AwMO50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/TTpxp39MqbpTb5hhKpxW1AwMO50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TTpxp39MqbpTb5hhKpxW1AwMO50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 02:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:28:aa:c2:7c:19:b6:fe:77:ad:54:1c:75:3e:49:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d3a71a77f4ca9ba536f98612a9c56d40c0c3b9d
        Validity
            Not Before: Apr 24 11:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a419eacc8032b4aa474215fc403a54fce63544ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:75:67:fb:b1:cf:14:4e:73:3a:dd:9d:f3:e1:
                    63:d6:4d:d9:ed:b3:ee:11:48:29:6e:b3:86:bf:a0:
                    ad:56:35:36:b5:9a:50:03:7a:fa:7c:ce:db:b6:59:
                    ec:d4:3f:af:02:c0:8c:d3:22:21:71:37:c3:a9:45:
                    d6:a6:8d:4c:f9:5e:99:2d:38:f8:d8:6c:d5:c7:b4:
                    37:19:4b:23:ff:8d:a8:35:52:46:03:e5:1d:1b:07:
                    fd:91:9f:b8:47:93:fe:22:ab:fd:48:80:f3:60:65:
                    9b:20:f4:0c:0c:71:32:9f:25:d9:ac:47:2e:1c:e0:
                    46:31:d2:08:ec:2d:9a:92:97:a4:6c:df:9c:2c:d6:
                    a9:10:3e:74:78:76:22:5d:27:1d:02:9b:4b:5a:f7:
                    39:7e:82:3e:2e:04:6e:4a:b5:4a:c5:69:39:18:84:
                    56:4d:4a:06:73:ec:79:43:95:cd:77:6a:7d:ce:e9:
                    0b:4d:10:a1:da:4d:83:6b:2c:92:f3:a5:7e:81:08:
                    dc:f3:e2:45:b8:92:9d:a2:7a:bb:78:a5:60:5e:cd:
                    70:ad:0f:21:6d:d1:66:a3:f5:d7:aa:6a:c6:b3:7a:
                    92:f1:2e:10:52:36:8c:8e:56:9a:68:05:da:f4:80:
                    cb:01:27:63:3a:0e:85:4d:5f:93:f0:17:07:25:29:
                    ce:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:19:EA:CC:80:32:B4:AA:47:42:15:FC:40:3A:54:FC:E6:35:44:AC
            X509v3 Authority Key Identifier:
                keyid:4D:3A:71:A7:7F:4C:A9:BA:53:6F:98:61:2A:9C:56:D4:0C:0C:3B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTpxp39MqbpTb5hhKpxW1AwMO50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/pBnqzIAytKpHQhX8QDpU_OY1RKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/887501-4d8e-4beb-9590-65079b75868a/1/TTpxp39MqbpTb5hhKpxW1AwMO50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.188.0/22
                IPv6:
                  2a0e:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:bd:76:ab:5b:ce:0b:0f:c1:41:4a:ee:6b:e2:8e:28:ff:c6:
         13:b5:df:c4:e9:8e:9d:68:02:01:53:32:77:0e:b1:18:8f:17:
         1d:d7:66:e9:50:ea:05:33:af:bd:a8:e5:7a:d2:17:41:25:18:
         78:7d:1e:76:a2:08:7d:b8:b2:60:9d:e7:1f:80:c3:bf:2a:88:
         ff:b3:6b:f8:83:4a:e9:fa:9c:a8:8e:a1:8c:4b:65:b5:44:b9:
         c1:7d:38:62:1c:6d:c2:7a:1f:65:14:a1:70:c7:08:63:5a:e9:
         40:1e:b1:1a:fe:fe:cf:51:0e:be:5e:88:77:8d:e7:ec:c1:73:
         fb:a5:75:f1:a6:6b:e6:62:23:04:ee:d8:9a:d5:83:7e:d3:02:
         1a:32:f6:ae:68:cf:86:7e:9f:74:8d:86:18:3c:20:61:6f:be:
         a6:49:77:33:57:39:5f:67:f6:51:39:fe:73:03:97:9c:9e:a6:
         0c:d6:3b:eb:2e:c9:81:da:71:0c:f3:94:a9:2e:3a:ee:aa:2a:
         7f:b8:2d:ee:78:d6:85:e8:32:36:84:58:91:b4:7b:4e:0f:ee:
         dd:02:29:a0:e3:0d:98:d1:c5:70:60:ad:be:a2:90:d7:a1:44:
         d6:e2:d3:a3:64:ca:e6:f0:48:2a:41:59:37:de:d5:d7:e6:cd:
         22:50:f4:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2/KKrCfBm2/netVBx1PkmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkM2E3MWE3N2Y0Y2E5YmE1MzZmOTg2MTJhOWM1NmQ0MGMw
YzNiOWQwHhcNMjYwNDI0MTEwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE5ZWFjYzgwMzJiNGFhNDc0MjE1ZmM0MDNhNTRmY2U2MzU0NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3Vn+7HPFE5zOt2d8+Fj1k3Z7bPu
EUgpbrOGv6CtVjU2tZpQA3r6fM7btlns1D+vAsCM0yIhcTfDqUXWpo1M+V6ZLTj4
2GzVx7Q3GUsj/42oNVJGA+UdGwf9kZ+4R5P+Iqv9SIDzYGWbIPQMDHEynyXZrEcu
HOBGMdII7C2akpekbN+cLNapED50eHYiXScdAptLWvc5foI+LgRuSrVKxWk5GIRW
TUoGc+x5Q5XNd2p9zukLTRCh2k2DayyS86V+gQjc8+JFuJKdonq7eKVgXs1wrQ8h
bdFmo/XXqmrGs3qS8S4QUjaMjlaaaAXa9IDLASdjOg6FTV+T8BcHJSnO2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKQZ6syAMrSqR0IV/EA6VPzmNUSsMB8GA1UdIwQY
MBaAFE06cad/TKm6U2+YYSqcVtQMDDudMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFRweHAzOU1xYnBUYjVoaEtweFcxQXdNTzUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny84ODc1MDEtNGQ4ZS00YmViLTk1OTAt
NjUwNzliNzU4NjhhLzEvcEJucXpJQXl0S3BIUWhYOFFEcFVfT1kxUkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny84ODc1MDEtNGQ4ZS00YmViLTk1OTAtNjUwNzliNzU4Njhh
LzEvVFRweHAzOU1xYnBUYjVoaEtweFcxQXdNTzUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVK8MA0E
AgACMAcDBQMqDnKAMA0GCSqGSIb3DQEBCwUAA4IBAQA9vXarW84LD8FBSu5r4o4o
/8YTtd/E6Y6daAIBUzJ3DrEYjxcd12bpUOoFM6+9qOV60hdBJRh4fR52ogh9uLJg
necfgMO/Koj/s2v4g0rp+pyojqGMS2W1RLnBfThiHG3Ceh9lFKFwxwhjWulAHrEa
/v7PUQ6+Xoh3jefswXP7pXXxpmvmYiME7tia1YN+0wIaMvauaM+Gfp90jYYYPCBh
b76mSXczVzlfZ/ZROf5zA5ecnqYM1jvrLsmB2nEM85SpLjruqip/uC3ueNaF6DI2
hFiRtHtOD+7dAimg4w2Y0cVwYK2+opDXoUTW4tOjZMrm8EgqQVk33tXX5s0iUPTh
-----END CERTIFICATE-----