Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DiEYceNZYETS_qUWnAiepztS6ZM.roa
File:                     DiEYceNZYETS_qUWnAiepztS6ZM.roa (raw, json)
Hash identifier:          aH6iTi/W98Yj/05ZmgY6kT0Aa0PIi3E0ULvjXJRt1F0=
Subject key identifier:   0E:21:18:71:E3:59:60:44:D2:FE:A5:16:9C:08:9E:A7:3B:52:E9:93
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E297614798ACFC2351BFAA0F66D85
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DiEYceNZYETS_qUWnAiepztS6ZM.roa
Signing time:             Tue 26 May 2026 07:44:38 +0000
ROA not before:           Tue 26 May 2026 07:44:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207343
IP address blocks:        213.130.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:29:76:14:79:8a:cf:c2:35:1b:fa:a0:f6:6d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e211871e3596044d2fea5169c089ea73b52e993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:68:ce:20:5c:3a:70:76:71:06:55:b6:d0:78:
                    47:95:81:96:97:31:60:43:72:20:66:6f:27:65:36:
                    19:34:1f:1c:75:87:be:67:ba:42:04:5a:6a:c8:30:
                    60:ed:57:e1:1c:64:89:04:3e:18:38:e9:24:d2:e3:
                    ec:3e:17:4d:f5:f5:63:3b:ff:6c:4a:6c:d6:a5:f5:
                    ab:6b:aa:eb:20:48:6a:51:f7:68:e6:3e:43:c6:02:
                    94:c0:e1:b3:93:c6:3a:a7:d2:75:40:0d:94:28:8a:
                    48:4b:2f:a3:68:f2:0a:84:f9:82:81:0c:01:7b:7f:
                    19:05:fa:fe:0a:3f:ff:64:9a:2e:bd:7c:82:4c:8f:
                    a8:fa:80:59:bb:93:df:12:1d:1a:27:c8:d3:cc:25:
                    dd:dd:56:8d:5d:ac:89:59:c7:c3:08:9a:80:70:d6:
                    a1:4a:33:a4:22:8a:61:8c:6c:3a:0d:f6:68:e8:96:
                    12:fe:2a:31:0a:82:59:95:b7:d3:b8:8a:e1:50:e2:
                    55:c0:71:d3:dd:97:3d:77:b0:bf:4c:ad:20:65:55:
                    9c:6d:9d:d9:0d:24:94:c5:c8:fb:c8:c3:1b:c7:4d:
                    bd:95:c4:9e:c8:e2:78:93:8f:28:4f:4d:fe:22:78:
                    95:a2:e9:7d:75:d9:d4:2a:04:e7:f9:aa:2e:b0:2f:
                    c3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:21:18:71:E3:59:60:44:D2:FE:A5:16:9C:08:9E:A7:3B:52:E9:93
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DiEYceNZYETS_qUWnAiepztS6ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:8b:0e:c3:74:8c:97:0d:a8:c0:43:74:3b:d8:35:af:c4:92:
         a9:9a:82:67:4e:68:b7:ca:71:57:54:6a:0e:75:6d:ed:b6:29:
         b8:ca:97:48:af:33:0d:0c:5e:35:d5:9b:35:11:16:92:e2:6e:
         31:9c:93:36:9b:75:0f:07:80:97:57:04:f0:64:b1:68:65:75:
         87:af:27:04:43:ca:b7:dc:a6:31:6d:cc:bf:31:db:8e:31:ab:
         57:0f:1d:0d:de:75:99:73:5e:dc:f6:46:48:b1:06:a0:07:18:
         73:71:c6:53:a5:73:73:17:0e:0f:bb:3e:f0:1e:30:fc:9a:65:
         72:46:01:ca:dc:e8:ad:98:0a:4a:5d:de:8d:b0:e2:bd:a5:27:
         92:70:b7:ba:8a:b6:a0:1d:5a:00:a3:70:20:5d:aa:a8:6f:ce:
         da:71:45:6f:27:c0:53:35:53:59:b2:28:b7:b9:4c:13:bc:73:
         f6:47:2a:84:1e:85:75:9c:5d:be:3d:51:04:44:39:3b:ec:2c:
         14:42:5f:5c:ef:79:f3:21:13:02:df:10:be:8d:6a:49:d5:86:
         01:7b:5a:10:83:8b:88:f3:48:ff:90:db:44:6d:46:0a:24:b1:
         dc:d6:f3:25:3e:a4:a9:fb:ed:ff:4c:b7:f0:15:ca:73:a0:89:
         67:1c:a8:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPil2FHmKz8I1G/qg9m2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTIxMTg3MWUzNTk2MDQ0ZDJmZWE1MTY5YzA4OWVhNzNiNTJlOTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2jOIFw6cHZxBlW20HhHlYGWlzFg
Q3IgZm8nZTYZNB8cdYe+Z7pCBFpqyDBg7VfhHGSJBD4YOOkk0uPsPhdN9fVjO/9s
SmzWpfWra6rrIEhqUfdo5j5DxgKUwOGzk8Y6p9J1QA2UKIpISy+jaPIKhPmCgQwB
e38ZBfr+Cj//ZJouvXyCTI+o+oBZu5PfEh0aJ8jTzCXd3VaNXayJWcfDCJqAcNah
SjOkIophjGw6DfZo6JYS/ioxCoJZlbfTuIrhUOJVwHHT3Zc9d7C/TK0gZVWcbZ3Z
DSSUxcj7yMMbx029lcSeyOJ4k48oT03+IniVoul9ddnUKgTn+aousC/DGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4hGHHjWWBE0v6lFpwInqc7UumTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRGlFWWNlTlpZRVRTX3FVV25BaWVwenRTNlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKOMA0G
CSqGSIb3DQEBCwUAA4IBAQA5iw7DdIyXDajAQ3Q72DWvxJKpmoJnTmi3ynFXVGoO
dW3ttim4ypdIrzMNDF411Zs1ERaS4m4xnJM2m3UPB4CXVwTwZLFoZXWHrycEQ8q3
3KYxbcy/MduOMatXDx0N3nWZc17c9kZIsQagBxhzccZTpXNzFw4Puz7wHjD8mmVy
RgHK3OitmApKXd6NsOK9pSeScLe6iragHVoAo3AgXaqob87acUVvJ8BTNVNZsii3
uUwTvHP2RyqEHoV1nF2+PVEERDk77CwUQl9c73nzIRMC3xC+jWpJ1YYBe1oQg4uI
80j/kNtEbUYKJLHc1vMlPqSp++3/TLfwFcpzoIlnHKgN
-----END CERTIFICATE-----