Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JZaSl82StH7nb7siWsSx8_L7CL8.roa
File:                     JZaSl82StH7nb7siWsSx8_L7CL8.roa (raw, json)
Hash identifier:          hY59VseIWbv2VZSCL6t1KNuIt2BX+5cgdPFq8SJu+Lg=
Subject key identifier:   25:96:92:97:CD:92:B4:7E:E7:6F:BB:22:5A:C4:B1:F3:F2:FB:08:BF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4A432EA5E2F17E2B691F4A0A451259D8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JZaSl82StH7nb7siWsSx8_L7CL8.roa
Signing time:             Thu 21 May 2026 11:19:37 +0000
ROA not before:           Thu 21 May 2026 11:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402508
IP address blocks:        82.152.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:43:2e:a5:e2:f1:7e:2b:69:1f:4a:0a:45:12:59:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 11:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25969297cd92b47ee76fbb225ac4b1f3f2fb08bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1c:4b:2d:82:9e:bb:b8:8a:c5:96:a2:80:3b:
                    78:31:86:45:78:58:21:81:11:45:bc:be:51:29:0b:
                    d9:c1:1e:f8:71:7a:d0:2c:bc:6e:e5:eb:b5:58:75:
                    dd:42:64:cf:dd:69:42:5f:07:0d:f2:7a:6c:8f:82:
                    78:9f:7e:c6:04:ba:42:0e:06:f9:da:33:1f:0e:dc:
                    3d:df:b7:b5:d5:fc:3f:aa:27:a4:bd:7b:fb:cb:6e:
                    18:65:82:8e:b2:7f:8e:3f:c9:d9:99:86:c2:91:2d:
                    2f:7b:d6:d6:00:bd:f1:53:36:73:24:1b:fb:a7:5f:
                    03:c2:55:db:a7:2d:3c:46:1b:d4:28:bd:d4:d6:23:
                    87:bd:bd:2b:bf:ad:25:70:09:4f:61:44:40:31:67:
                    0d:37:ec:ca:b5:5b:7d:f0:2b:14:df:7d:62:5f:f2:
                    02:c1:a7:7d:d2:66:47:26:e4:bb:3c:a7:9f:70:84:
                    7c:f4:a6:eb:6c:1d:12:d9:03:b8:63:5b:2e:9c:56:
                    ed:ab:49:b6:4c:7d:27:58:89:59:af:73:07:d8:77:
                    29:b3:86:9e:fa:56:9a:00:16:0e:b5:e4:5e:e6:46:
                    98:d1:e9:e0:b2:82:f7:38:57:28:e2:43:0c:d7:b8:
                    43:d5:22:a5:8c:3e:66:fa:ea:ad:23:7e:66:31:b5:
                    f8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:96:92:97:CD:92:B4:7E:E7:6F:BB:22:5A:C4:B1:F3:F2:FB:08:BF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JZaSl82StH7nb7siWsSx8_L7CL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:72:9a:88:0b:c1:96:50:eb:9c:5e:d2:b4:b2:4d:81:c7:67:
         54:f5:19:b0:ad:34:25:f6:75:fe:07:f2:40:d5:a7:71:83:81:
         25:34:c7:4d:04:db:55:8a:d2:ba:32:38:f1:b4:84:a8:fe:76:
         dd:42:9c:81:bb:94:e7:cd:3d:80:46:44:bb:11:09:0b:bf:c3:
         ed:77:89:80:52:80:d8:db:b6:37:9d:1a:6e:a1:f7:d8:d5:99:
         95:d7:93:a6:aa:0c:3b:6a:cc:12:ac:03:ae:b4:5c:bc:d3:c1:
         d5:07:90:4d:e8:84:c0:60:cd:95:d8:78:88:16:ac:26:74:b5:
         7e:27:0c:1a:5f:f1:de:3c:ad:46:24:18:ae:32:1c:91:cb:07:
         1d:cb:c0:64:d6:1d:a1:dd:f1:58:cd:c1:3f:d0:52:50:f9:92:
         4e:27:d6:09:06:3c:0b:43:ba:e6:d6:6a:8f:59:a3:92:7c:e4:
         d7:5d:6e:69:80:20:ff:dc:db:81:1f:9b:41:12:47:f2:42:1f:
         d5:c3:65:3e:6d:0b:f2:ac:9a:30:67:57:8a:c2:e3:b2:33:ee:
         8c:90:b5:40:ef:19:7e:27:80:a2:08:5e:8e:fe:be:d7:b0:c5:
         82:55:ed:59:9b:e5:d5:7f:76:6d:0c:e1:f5:88:75:01:04:2a:
         a4:37:0f:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KQy6l4vF+K2kfSgpFElnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIxMTExOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTk2OTI5N2NkOTJiNDdlZTc2ZmJiMjI1YWM0YjFmM2YyZmIwOGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxxLLYKeu7iKxZaigDt4MYZFeFgh
gRFFvL5RKQvZwR74cXrQLLxu5eu1WHXdQmTP3WlCXwcN8npsj4J4n37GBLpCDgb5
2jMfDtw937e11fw/qiekvXv7y24YZYKOsn+OP8nZmYbCkS0ve9bWAL3xUzZzJBv7
p18DwlXbpy08RhvUKL3U1iOHvb0rv60lcAlPYURAMWcNN+zKtVt98CsU331iX/IC
wad90mZHJuS7PKefcIR89KbrbB0S2QO4Y1sunFbtq0m2TH0nWIlZr3MH2Hcps4ae
+laaABYOteRe5kaY0engsoL3OFco4kMM17hD1SKljD5m+uqtI35mMbX45wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWWkpfNkrR+52+7IlrEsfPy+wi/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlphU2w4MlN0SDduYjdzaVdzU3g4X0w3Q0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUphzMA0G
CSqGSIb3DQEBCwUAA4IBAQBZcpqIC8GWUOucXtK0sk2Bx2dU9RmwrTQl9nX+B/JA
1adxg4ElNMdNBNtVitK6MjjxtISo/nbdQpyBu5TnzT2ARkS7EQkLv8Ptd4mAUoDY
27Y3nRpuoffY1ZmV15Omqgw7aswSrAOutFy808HVB5BN6ITAYM2V2HiIFqwmdLV+
JwwaX/HePK1GJBiuMhyRywcdy8Bk1h2h3fFYzcE/0FJQ+ZJOJ9YJBjwLQ7rm1mqP
WaOSfOTXXW5pgCD/3NuBH5tBEkfyQh/Vw2U+bQvyrJowZ1eKwuOyM+6MkLVA7xl+
J4CiCF6O/r7XsMWCVe1Zm+XVf3ZtDOH1iHUBBCqkNw+c
-----END CERTIFICATE-----