Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FIDXiiLDUGhNuH7UpCZMaMIA0Bk.roa
File:                     FIDXiiLDUGhNuH7UpCZMaMIA0Bk.roa (raw, json)
Hash identifier:          ejaxJewY/BDIRD3IHxBesr6aCepuFhEKgjxZfx7bEB8=
Subject key identifier:   14:80:D7:8A:22:C3:50:68:4D:B8:7E:D4:A4:26:4C:68:C2:00:D0:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E49F1B5C80F8CC055FB34BA6C545CD0F4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FIDXiiLDUGhNuH7UpCZMaMIA0Bk.roa
Signing time:             Thu 21 May 2026 09:50:37 +0000
ROA not before:           Thu 21 May 2026 09:50:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208504
IP address blocks:        82.152.9.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:f1:b5:c8:0f:8c:c0:55:fb:34:ba:6c:54:5c:d0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 09:50:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1480d78a22c350684db87ed4a4264c68c200d019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e2:65:bd:24:7c:e2:d6:37:c8:49:de:9f:cc:
                    c1:aa:94:a1:f2:1d:ab:74:a3:5d:8b:2f:a6:7c:ed:
                    be:69:1d:90:75:14:f7:02:f0:1a:6d:06:d5:a0:37:
                    dc:d1:0e:e6:11:3e:86:db:41:73:d8:a5:e6:b3:a7:
                    a6:c0:87:0b:c8:f3:56:bb:be:b6:a7:1b:47:34:bf:
                    24:3a:17:01:82:db:1e:f9:1f:3b:ed:b3:82:ef:d8:
                    ef:91:cc:f6:3f:36:dc:9a:e4:7e:09:98:a1:7e:74:
                    5d:d6:2d:dd:42:c4:c6:c2:2c:5e:5e:2d:11:36:4f:
                    f9:f3:4b:30:19:ad:b1:ad:e2:89:4f:3c:d0:23:f1:
                    3e:3b:9a:a6:9e:fa:29:f5:60:fa:0f:5f:79:bf:fe:
                    ce:e8:5f:35:f8:4a:4d:d7:95:6c:7f:fe:06:0d:28:
                    c2:fb:c5:43:ea:29:35:df:b0:b3:4a:ce:ba:de:08:
                    08:2a:0c:96:4d:ea:18:04:42:33:bf:d8:5f:2d:fb:
                    39:f7:13:fc:f6:0f:60:b7:a6:f4:16:5f:8c:c3:3c:
                    87:6a:df:c5:1d:0c:07:58:7d:77:69:f9:20:5b:66:
                    e8:ff:2c:25:d2:80:a7:d1:2e:f2:19:55:22:3d:5a:
                    85:fc:e2:5b:1d:50:fd:39:08:1b:ee:e1:2f:c4:a4:
                    7d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:80:D7:8A:22:C3:50:68:4D:B8:7E:D4:A4:26:4C:68:C2:00:D0:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FIDXiiLDUGhNuH7UpCZMaMIA0Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.9.0/24
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:34:ef:e1:b4:be:06:2b:88:1f:7f:3f:77:ee:f2:f4:75:19:
         50:ea:ab:69:8e:3a:1d:3e:04:70:fa:06:d3:bb:ec:5d:ee:b6:
         f3:04:ac:29:74:b4:16:1c:be:76:0b:c9:27:a0:bb:3b:a6:b2:
         ba:60:73:00:73:a8:dd:7a:9e:d6:7f:7c:e1:37:6d:6a:bf:56:
         31:02:91:ad:73:d8:63:62:49:40:7d:da:3b:dd:23:c0:3d:35:
         55:fc:f0:97:5f:19:0c:d3:f4:3c:9f:e0:b4:55:ff:73:ac:64:
         d5:ec:00:c1:19:09:94:02:2c:f4:b9:28:d9:9b:78:64:9c:5a:
         0b:02:08:7e:4a:e6:00:be:c8:87:b1:1c:46:f5:74:62:31:05:
         74:1f:e9:91:d3:7b:b8:46:e5:de:c3:ba:56:22:31:c9:b8:fb:
         bf:28:ff:33:ae:ce:b8:e0:d8:27:40:79:05:9f:82:9b:88:c5:
         2f:b7:59:56:f6:46:68:fe:79:01:14:7a:d1:f5:90:2b:39:db:
         bb:cd:a6:e2:40:cf:d8:55:6c:fa:e8:d1:46:d3:10:1f:28:11:
         03:65:89:08:93:10:8e:7f:e3:a8:a0:d6:95:db:b4:d1:9a:13:
         fc:a1:ac:9c:fe:13:c2:02:47:b3:b1:ac:0c:78:37:20:6d:4b:
         72:0c:23:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5J8bXID4zAVfs0umxUXND0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIxMDk1MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDgwZDc4YTIyYzM1MDY4NGRiODdlZDRhNDI2NGM2OGMyMDBkMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuJlvSR84tY3yEnen8zBqpSh8h2r
dKNdiy+mfO2+aR2QdRT3AvAabQbVoDfc0Q7mET6G20Fz2KXms6emwIcLyPNWu762
pxtHNL8kOhcBgtse+R877bOC79jvkcz2PzbcmuR+CZihfnRd1i3dQsTGwixeXi0R
Nk/580swGa2xreKJTzzQI/E+O5qmnvop9WD6D195v/7O6F81+EpN15Vsf/4GDSjC
+8VD6ik137CzSs663ggIKgyWTeoYBEIzv9hfLfs59xP89g9gt6b0Fl+MwzyHat/F
HQwHWH13afkgW2bo/ywl0oCn0S7yGVUiPVqF/OJbHVD9OQgb7uEvxKR9XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBSA14oiw1BoTbh+1KQmTGjCANAZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRklEWGlpTERVR2hOdUg3VXBDWk1hTUlBMEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgJAwQA
UpnzMA0GCSqGSIb3DQEBCwUAA4IBAQBSNO/htL4GK4gffz937vL0dRlQ6qtpjjod
PgRw+gbTu+xd7rbzBKwpdLQWHL52C8knoLs7prK6YHMAc6jdep7Wf3zhN21qv1Yx
ApGtc9hjYklAfdo73SPAPTVV/PCXXxkM0/Q8n+C0Vf9zrGTV7ADBGQmUAiz0uSjZ
m3hknFoLAgh+SuYAvsiHsRxG9XRiMQV0H+mR03u4RuXew7pWIjHJuPu/KP8zrs64
4NgnQHkFn4KbiMUvt1lW9kZo/nkBFHrR9ZArOdu7zabiQM/YVWz66NFG0xAfKBED
ZYkIkxCOf+OooNaV27TRmhP8oayc/hPCAkezsawMeDcgbUtyDCMV
-----END CERTIFICATE-----