Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MRee3tj3pejqElvrfbmJDmHid4U.roa
File:                     MRee3tj3pejqElvrfbmJDmHid4U.roa (raw, json)
Hash identifier:          aEY0PwYFomr2v/jRRkwjKInUbjWLmoGArR1E1MCnUDI=
Subject key identifier:   31:17:9E:DE:D8:F7:A5:E8:EA:12:5B:EB:7D:B9:89:0E:61:E2:77:85
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D4D01F40E1B7637561F8C1898BB14F4B3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MRee3tj3pejqElvrfbmJDmHid4U.roa
Signing time:             Thu 02 Apr 2026 07:04:26 +0000
ROA not before:           Thu 02 Apr 2026 07:04:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31715
IP address blocks:        213.218.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:01:f4:0e:1b:76:37:56:1f:8c:18:98:bb:14:f4:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  2 07:04:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31179eded8f7a5e8ea125beb7db9890e61e27785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0c:4b:42:1c:4a:6a:e1:47:73:eb:3b:81:57:
                    56:dc:d7:b8:79:b8:91:6f:a3:cc:7c:fd:d3:32:a6:
                    48:bc:e3:f3:82:66:19:ae:f2:b8:bd:c4:62:cd:11:
                    3f:dc:6e:d1:1e:be:c0:7d:1f:76:e6:e8:b8:fa:ec:
                    a9:ef:1b:a0:c3:fa:4b:78:96:fd:d2:bf:f1:14:dd:
                    63:c5:2c:6e:0b:30:20:35:ad:19:bc:8c:d4:a1:77:
                    41:dd:97:36:0f:b7:88:99:39:10:76:cf:e5:e5:8c:
                    0a:18:0d:d2:90:bf:4f:65:ee:b0:e7:18:f6:85:43:
                    27:a5:23:4a:1f:44:db:54:a9:13:f8:e3:35:0b:bc:
                    01:65:f2:97:a9:cd:7e:82:c6:ab:34:aa:21:9c:e4:
                    eb:a7:00:50:b8:b7:cd:a5:7b:70:93:87:ba:a3:94:
                    38:cc:fd:c3:fb:19:eb:13:57:c8:e0:a6:96:bb:98:
                    c2:cc:75:71:48:a6:1f:ea:6d:27:da:33:f9:37:95:
                    56:06:25:9d:54:c4:f6:7c:0f:e6:70:03:27:92:0a:
                    67:87:0c:dc:8e:4b:a6:a0:43:49:c8:c6:66:71:0d:
                    e6:7b:85:b8:69:50:0a:99:a7:5a:09:3a:e7:cd:01:
                    1f:47:b8:0f:96:d5:59:bb:f6:d1:c6:1b:86:98:86:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:17:9E:DE:D8:F7:A5:E8:EA:12:5B:EB:7D:B9:89:0E:61:E2:77:85
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MRee3tj3pejqElvrfbmJDmHid4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:d9:a2:b2:d5:de:14:88:5c:22:81:15:30:92:6d:c1:f1:41:
         c5:48:f4:5a:b1:a4:8c:41:d0:d0:43:0b:d6:ce:2f:8b:28:0a:
         e3:a2:89:a6:c3:60:02:be:96:a3:d1:8e:60:c6:e0:d5:80:6e:
         56:c5:e1:57:34:0d:3a:9d:18:5a:73:8f:58:5e:7d:f6:eb:c9:
         f7:42:f6:66:70:b6:3c:a2:a8:6c:dc:95:50:c9:a9:76:cf:ba:
         e8:72:3f:27:14:eb:78:2e:89:15:2f:8a:b4:03:9c:f8:63:92:
         07:a3:35:e6:ec:7d:89:d7:c4:c4:5f:76:bf:89:ce:99:d1:31:
         d9:47:b1:84:d8:5e:fa:0e:ec:f1:08:b9:ee:8a:c3:2f:a5:52:
         1f:3a:3b:19:a5:4a:a7:6d:2d:71:e7:e0:e1:36:53:f1:f7:93:
         a4:5f:db:71:fc:58:81:6f:05:d8:2d:cf:ea:b1:8d:46:e2:3d:
         c1:aa:e6:4f:2e:81:0d:33:fb:b6:51:ff:b2:d4:3e:cb:af:a2:
         e6:95:a6:97:be:bc:90:6a:31:0b:cf:da:3c:68:c2:f2:89:7c:
         ee:c6:d2:36:d5:ca:ea:61:bf:85:90:e6:55:29:4c:19:da:1f:
         10:4e:6e:8d:22:81:fe:31:d4:3a:ac:72:1b:84:f6:96:63:54:
         87:4e:b4:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NAfQOG3Y3Vh+MGJi7FPSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDAyMDcwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTE3OWVkZWQ4ZjdhNWU4ZWExMjViZWI3ZGI5ODkwZTYxZTI3Nzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAxLQhxKauFHc+s7gVdW3Ne4ebiR
b6PMfP3TMqZIvOPzgmYZrvK4vcRizRE/3G7RHr7AfR925ui4+uyp7xugw/pLeJb9
0r/xFN1jxSxuCzAgNa0ZvIzUoXdB3Zc2D7eImTkQds/l5YwKGA3SkL9PZe6w5xj2
hUMnpSNKH0TbVKkT+OM1C7wBZfKXqc1+gsarNKohnOTrpwBQuLfNpXtwk4e6o5Q4
zP3D+xnrE1fI4KaWu5jCzHVxSKYf6m0n2jP5N5VWBiWdVMT2fA/mcAMnkgpnhwzc
jkumoENJyMZmcQ3me4W4aVAKmadaCTrnzQEfR7gPltVZu/bRxhuGmIa3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEXnt7Y96Xo6hJb6325iQ5h4neFMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTVJlZTN0ajNwZWpxRWx2cmZibUpEbUhpZDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drQMA0G
CSqGSIb3DQEBCwUAA4IBAQA52aKy1d4UiFwigRUwkm3B8UHFSPRasaSMQdDQQwvW
zi+LKArjoommw2ACvpaj0Y5gxuDVgG5WxeFXNA06nRhac49YXn3268n3QvZmcLY8
oqhs3JVQyal2z7rocj8nFOt4LokVL4q0A5z4Y5IHozXm7H2J18TEX3a/ic6Z0THZ
R7GE2F76DuzxCLnuisMvpVIfOjsZpUqnbS1x5+DhNlPx95OkX9tx/FiBbwXYLc/q
sY1G4j3BquZPLoENM/u2Uf+y1D7Lr6LmlaaXvryQajELz9o8aMLyiXzuxtI21crq
Yb+FkOZVKUwZ2h8QTm6NIoH+MdQ6rHIbhPaWY1SHTrTZ
-----END CERTIFICATE-----