Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6rCe6YUvS00EgrkFnptwAy4Nuc4.roa
File:                     6rCe6YUvS00EgrkFnptwAy4Nuc4.roa (raw, json)
Hash identifier:          7U5BYIAwE2eSPAOkiO7sorhzidQA3+teGW7ly2yAT+8=
Subject key identifier:   EA:B0:9E:E9:85:2F:4B:4D:04:82:B9:05:9E:9B:70:03:2E:0D:B9:CE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E264C3B608C1996D04AF7F8B6BD75
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6rCe6YUvS00EgrkFnptwAy4Nuc4.roa
Signing time:             Tue 26 May 2026 07:44:37 +0000
ROA not before:           Tue 26 May 2026 07:44:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63793
IP address blocks:        82.153.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:26:4c:3b:60:8c:19:96:d0:4a:f7:f8:b6:bd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eab09ee9852f4b4d0482b9059e9b70032e0db9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f8:0f:74:a6:13:ad:ab:86:8a:9f:df:88:e6:
                    95:7f:bc:ec:8f:b1:d9:39:8f:bc:65:d6:ba:10:81:
                    fd:4e:d2:64:62:8d:f2:f3:0f:e5:6c:80:4b:11:ae:
                    dc:00:1f:00:7f:a5:96:96:83:21:39:d6:5e:48:aa:
                    f8:22:05:0f:91:7f:ef:da:4d:a6:4a:08:26:38:06:
                    8b:3b:98:81:f6:9e:2b:58:35:bc:39:d7:06:4f:35:
                    84:55:f9:1a:49:0a:7a:e2:a5:3b:eb:9f:df:ed:de:
                    46:20:fd:4b:36:41:49:a0:ba:bc:62:34:4e:bf:13:
                    b0:e9:dd:e8:e2:8c:8b:b5:33:be:0e:e5:f2:25:76:
                    0f:16:0f:c4:57:bb:3a:8c:65:5e:04:5a:a6:71:b7:
                    41:21:b0:97:b8:56:5e:74:0c:d9:1e:68:f9:64:8f:
                    df:c9:56:2e:11:32:18:9f:50:6c:a0:24:90:82:e1:
                    30:eb:23:c5:32:b3:b6:80:73:9f:a5:9c:d4:82:ae:
                    58:e1:ee:5f:92:f9:81:88:c6:e3:cf:e8:21:8c:77:
                    92:e3:9b:1c:72:96:1f:20:22:2a:a4:be:64:dd:35:
                    e0:a9:bf:b8:15:65:ee:38:fe:da:1a:ea:3c:8f:03:
                    40:e4:6a:97:3a:dc:66:e7:66:0b:12:58:c4:5d:ab:
                    bf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B0:9E:E9:85:2F:4B:4D:04:82:B9:05:9E:9B:70:03:2E:0D:B9:CE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6rCe6YUvS00EgrkFnptwAy4Nuc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:8e:bd:8d:c3:59:f0:b3:b8:d9:ef:d7:b9:a7:95:c5:c2:5f:
         81:54:b8:95:5c:1a:6a:1e:c2:5f:64:97:42:38:90:e2:e4:86:
         1b:ab:1d:22:0e:28:63:72:16:ad:45:f4:41:2f:e8:ac:aa:6a:
         16:fa:fa:00:77:68:91:34:43:90:eb:9b:3e:0f:ad:2c:5e:e8:
         49:67:44:9e:f0:63:6d:a4:a5:e3:4b:dd:d7:bb:f7:5b:17:00:
         0a:4d:4b:a7:8f:a5:45:6b:18:02:27:23:5d:46:9f:59:a4:35:
         08:5c:b3:ba:ca:a0:53:54:c0:22:18:ac:74:48:07:4f:22:c9:
         32:c2:2b:ae:5f:27:fa:8c:89:c4:bf:76:18:fd:05:dc:b3:af:
         90:4e:de:83:0d:ce:5e:af:fc:6b:29:95:f6:d7:34:54:a5:3e:
         70:bd:4f:34:fa:b4:e6:eb:39:2d:d5:05:60:a2:bb:b5:2d:c9:
         a7:98:61:9b:96:31:78:fc:c6:5f:a2:6e:0c:6f:ec:15:d6:55:
         eb:db:da:78:e5:60:e1:a6:b6:03:23:cb:37:35:13:69:20:f7:
         61:69:bc:ff:25:a2:e4:39:f5:6f:ff:fe:7f:36:4a:27:e4:3e:
         04:f8:06:c8:57:53:19:08:d4:ab:56:51:ee:2d:e2:a1:1f:20:
         a4:88:9d:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPiZMO2CMGZbQSvf4tr11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWIwOWVlOTg1MmY0YjRkMDQ4MmI5MDU5ZTliNzAwMzJlMGRiOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfgPdKYTrauGip/fiOaVf7zsj7HZ
OY+8Zda6EIH9TtJkYo3y8w/lbIBLEa7cAB8Af6WWloMhOdZeSKr4IgUPkX/v2k2m
SggmOAaLO5iB9p4rWDW8OdcGTzWEVfkaSQp64qU765/f7d5GIP1LNkFJoLq8YjRO
vxOw6d3o4oyLtTO+DuXyJXYPFg/EV7s6jGVeBFqmcbdBIbCXuFZedAzZHmj5ZI/f
yVYuETIYn1BsoCSQguEw6yPFMrO2gHOfpZzUgq5Y4e5fkvmBiMbjz+ghjHeS45sc
cpYfICIqpL5k3TXgqb+4FWXuOP7aGuo8jwNA5GqXOtxm52YLEljEXau/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqwnumFL0tNBIK5BZ6bcAMuDbnOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNnJDZTZZVXZTMDBFZ3JrRm5wdHdBeTROdWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpm7MA0G
CSqGSIb3DQEBCwUAA4IBAQARjr2Nw1nws7jZ79e5p5XFwl+BVLiVXBpqHsJfZJdC
OJDi5IYbqx0iDihjchatRfRBL+isqmoW+voAd2iRNEOQ65s+D60sXuhJZ0Se8GNt
pKXjS93Xu/dbFwAKTUunj6VFaxgCJyNdRp9ZpDUIXLO6yqBTVMAiGKx0SAdPIsky
wiuuXyf6jInEv3YY/QXcs6+QTt6DDc5er/xrKZX21zRUpT5wvU80+rTm6zkt1QVg
oru1LcmnmGGbljF4/MZfom4Mb+wV1lXr29p45WDhprYDI8s3NRNpIPdhabz/JaLk
OfVv//5/Nkon5D4E+AbIV1MZCNSrVlHuLeKhHyCkiJ0P
-----END CERTIFICATE-----