Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUrpUpnpPfRZfULQjZ6XEjLZjK0.roa
File:                     LUrpUpnpPfRZfULQjZ6XEjLZjK0.roa (raw, json)
Hash identifier:          4qmdvuyhARfGaK9xouyppskyRIt7yc4HQLWNzBaQHSE=
Subject key identifier:   2D:4A:E9:52:99:E9:3D:F4:59:7D:42:D0:8D:9E:97:12:32:D9:8C:AD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E83DAB1EBA0CADC7D491F7C273B7DC4E5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUrpUpnpPfRZfULQjZ6XEjLZjK0.roa
Signing time:             Mon 01 Jun 2026 15:43:28 +0000
ROA not before:           Mon 01 Jun 2026 15:43:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203771
IP address blocks:        82.152.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:da:b1:eb:a0:ca:dc:7d:49:1f:7c:27:3b:7d:c4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  1 15:43:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d4ae95299e93df4597d42d08d9e971232d98cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ad:6a:90:0b:94:c3:35:19:bf:15:02:d2:96:
                    9d:ed:18:10:59:e1:4c:fc:d5:e7:93:cd:d5:87:91:
                    9e:6e:5d:90:98:d1:29:c0:53:99:c8:10:97:63:af:
                    ff:0f:5f:de:ac:c2:9a:37:f2:91:fe:e5:53:7c:aa:
                    69:cb:28:e4:26:00:a6:38:9e:40:bb:91:13:ce:31:
                    3d:76:db:20:b1:f8:61:bf:ce:54:da:2a:11:ce:9b:
                    44:9c:96:32:3a:92:54:1c:d4:c8:9b:6b:9c:13:05:
                    48:27:29:0a:9f:3b:47:2d:e7:4f:18:11:87:c4:b0:
                    1e:63:12:85:74:14:3c:97:ff:c2:3e:43:a8:e1:64:
                    05:fd:9f:2a:18:f7:78:e1:5d:c1:5d:24:75:75:a2:
                    f7:75:2f:24:40:3d:95:31:52:6e:f6:13:41:a0:32:
                    74:db:e1:86:68:bc:f4:9f:a0:80:f7:3e:74:16:9e:
                    b2:5a:2a:de:79:c1:69:d1:8c:d4:4a:99:f2:1c:60:
                    c6:10:fb:33:4b:ad:02:3b:b0:fb:19:d2:67:8a:82:
                    86:7e:f9:f9:14:bf:5f:b5:56:92:2f:4c:d2:01:6f:
                    8c:ab:39:fd:d6:17:e3:9f:8e:86:3e:ee:4a:7a:1a:
                    50:18:aa:92:db:9e:4d:9c:6b:5a:d5:cb:f6:21:cb:
                    c6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:4A:E9:52:99:E9:3D:F4:59:7D:42:D0:8D:9E:97:12:32:D9:8C:AD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUrpUpnpPfRZfULQjZ6XEjLZjK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1a:6a:18:30:f2:c7:80:fd:65:e7:87:5f:51:94:98:80:a4:
         80:cd:f6:56:03:0b:71:48:63:8c:08:b3:3e:23:37:d0:ba:18:
         cc:3c:71:11:fc:43:c8:7c:09:eb:9a:ea:67:e5:81:d2:93:7d:
         5f:48:17:ea:e8:21:0c:fa:fd:35:b9:94:25:7f:0a:aa:93:23:
         d8:8b:3a:ac:eb:05:d6:12:6d:95:0a:a7:a9:1f:5e:b6:7e:ce:
         6e:d3:72:10:cd:5f:ec:ae:f0:b0:b2:b5:5f:19:56:1d:22:9b:
         0a:2c:8e:f3:02:1b:61:2c:2b:75:f5:16:33:00:06:ac:85:6c:
         57:8d:4f:a7:42:df:c9:b8:54:63:b3:16:88:b7:82:af:37:12:
         8a:36:2d:74:2f:6c:11:72:91:a4:f7:2f:f9:28:61:15:1b:2e:
         f8:ce:fe:c7:f4:cb:22:98:21:df:5e:24:0f:5a:2c:b9:f5:d3:
         0e:8e:d1:50:61:3c:b1:c5:65:38:4b:6b:70:d1:81:61:71:47:
         d9:37:87:70:5b:51:4e:64:65:00:b8:48:a1:31:58:2b:cb:10:
         35:be:76:e7:dd:93:59:ae:9c:59:09:67:57:b2:8e:a9:a4:91:
         99:3b:e1:38:b2:d3:86:11:09:d0:70:42:3b:57:dc:51:87:7a:
         8a:1a:0f:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6D2rHroMrcfUkffCc7fcTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMTU0MzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDRhZTk1Mjk5ZTkzZGY0NTk3ZDQyZDA4ZDllOTcxMjMyZDk4Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs61qkAuUwzUZvxUC0pad7RgQWeFM
/NXnk83Vh5Gebl2QmNEpwFOZyBCXY6//D1/erMKaN/KR/uVTfKppyyjkJgCmOJ5A
u5ETzjE9dtsgsfhhv85U2ioRzptEnJYyOpJUHNTIm2ucEwVIJykKnztHLedPGBGH
xLAeYxKFdBQ8l//CPkOo4WQF/Z8qGPd44V3BXSR1daL3dS8kQD2VMVJu9hNBoDJ0
2+GGaLz0n6CA9z50Fp6yWireecFp0YzUSpnyHGDGEPszS60CO7D7GdJnioKGfvn5
FL9ftVaSL0zSAW+Mqzn91hfjn46GPu5KehpQGKqS255NnGta1cv2IcvGBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1K6VKZ6T30WX1C0I2elxIy2YytMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTFVycFVwbnBQZlJaZlVMUWpaNlhFakxaakswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgLMA0G
CSqGSIb3DQEBCwUAA4IBAQBHGmoYMPLHgP1l54dfUZSYgKSAzfZWAwtxSGOMCLM+
IzfQuhjMPHER/EPIfAnrmupn5YHSk31fSBfq6CEM+v01uZQlfwqqkyPYizqs6wXW
Em2VCqepH162fs5u03IQzV/srvCwsrVfGVYdIpsKLI7zAhthLCt19RYzAAashWxX
jU+nQt/JuFRjsxaIt4KvNxKKNi10L2wRcpGk9y/5KGEVGy74zv7H9MsimCHfXiQP
Wiy59dMOjtFQYTyxxWU4S2tw0YFhcUfZN4dwW1FOZGUAuEihMVgryxA1vnbn3ZNZ
rpxZCWdXso6ppJGZO+E4stOGEQnQcEI7V9xRh3qKGg89
-----END CERTIFICATE-----