Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_kq2pHL2W3E-WeAkd6dToFRlwX4.roa
File:                     _kq2pHL2W3E-WeAkd6dToFRlwX4.roa (raw, json)
Hash identifier:          8+kyfuQjVn1D72rcgFcHa+WWWow3JV+ZyG/MXYwrXLg=
Subject key identifier:   FE:4A:B6:A4:72:F6:5B:71:3E:59:E0:24:77:A7:53:A0:54:65:C1:7E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DAABC1D92782F3B9E439B4756F5A5E1CD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_kq2pHL2W3E-WeAkd6dToFRlwX4.roa
Signing time:             Mon 20 Apr 2026 11:52:28 +0000
ROA not before:           Mon 20 Apr 2026 11:52:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        82.152.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:bc:1d:92:78:2f:3b:9e:43:9b:47:56:f5:a5:e1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 20 11:52:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe4ab6a472f65b713e59e02477a753a05465c17e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:de:36:b4:ba:0c:34:d0:06:f6:b8:1f:0d:59:
                    d2:33:f3:5e:0b:ad:a1:d2:7e:f3:bc:2f:d4:3d:52:
                    c1:65:ed:5e:de:cc:ca:93:dd:62:3b:e4:68:f4:cc:
                    49:c0:94:2b:15:76:55:72:6d:00:d7:91:42:91:79:
                    b0:55:4d:ed:b1:8f:97:cf:eb:d1:a1:f0:82:30:b2:
                    92:fe:b4:f5:b7:e5:c0:ae:7c:8a:18:2a:65:b3:47:
                    39:84:06:43:85:d3:c3:3a:85:3c:18:78:ec:4c:60:
                    da:46:ed:64:cc:5c:00:6d:b8:12:c9:e1:ed:82:9f:
                    9a:66:b4:1e:5b:8a:60:7b:57:42:2e:ab:a2:35:5c:
                    e8:da:f1:dd:63:ec:98:b1:df:fb:cb:ea:e2:32:b2:
                    05:d9:ae:df:ac:07:45:3e:e8:79:bb:aa:71:7a:b6:
                    8b:2f:6a:41:ec:3d:f2:03:a5:e4:1a:28:d6:2f:ff:
                    56:e2:09:86:df:98:02:19:f2:87:15:2c:7a:75:28:
                    02:11:bb:5a:dd:f0:17:a4:f5:e2:50:b8:5d:d8:3a:
                    cb:3f:3b:27:c6:25:e0:16:99:b2:8d:20:5b:3e:e3:
                    dd:f7:2e:3d:7e:2b:9e:b4:79:93:0f:c3:fd:de:f3:
                    1c:ca:88:5d:0d:8b:21:9e:36:d9:73:e8:25:64:ea:
                    5f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4A:B6:A4:72:F6:5B:71:3E:59:E0:24:77:A7:53:A0:54:65:C1:7E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_kq2pHL2W3E-WeAkd6dToFRlwX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:de:b9:95:56:02:c2:60:25:ac:ce:43:0d:1d:d2:f3:5f:80:
         e2:73:ed:c7:66:90:f1:b2:43:40:03:4a:e4:57:d6:17:1d:c4:
         b9:d0:fe:26:33:87:14:01:f0:83:47:8b:5e:ac:15:e2:e4:9c:
         1b:57:94:cd:c1:ef:d1:5c:21:61:5d:98:05:17:ee:b1:eb:1a:
         1d:2f:27:39:25:19:89:28:ec:33:d6:79:e6:85:dd:ae:9b:08:
         6a:97:8d:0b:b0:e1:1e:b3:a9:5d:69:66:9f:3e:8b:0b:e1:96:
         c7:8e:60:95:f6:6d:c5:05:38:cd:9b:47:a5:93:75:b0:a5:28:
         0a:a2:47:3a:c8:3a:0b:97:56:b0:44:a9:64:d1:bb:c4:4c:3d:
         0e:6b:07:05:5b:16:d6:7d:55:75:a4:be:c9:bc:b2:65:38:d3:
         96:3f:cf:72:2e:84:23:50:d6:2e:7d:f7:c6:53:1e:dc:b1:4f:
         d1:e6:5e:46:a5:b9:45:61:c9:d0:4c:91:ee:6a:b4:aa:40:1b:
         11:01:12:e2:0d:af:43:21:d3:23:f3:5b:48:04:a6:3c:25:07:
         4d:63:2d:bf:dc:ef:3f:8d:a2:cd:78:ed:19:94:6e:63:47:39:
         ee:bc:f7:49:54:53:62:68:b4:d8:4d:91:c3:39:a7:24:a0:6d:
         b1:d5:aa:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2qvB2SeC87nkObR1b1peHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDIwMTE1MjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTRhYjZhNDcyZjY1YjcxM2U1OWUwMjQ3N2E3NTNhMDU0NjVjMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9t42tLoMNNAG9rgfDVnSM/NeC62h
0n7zvC/UPVLBZe1e3szKk91iO+Ro9MxJwJQrFXZVcm0A15FCkXmwVU3tsY+Xz+vR
ofCCMLKS/rT1t+XArnyKGCpls0c5hAZDhdPDOoU8GHjsTGDaRu1kzFwAbbgSyeHt
gp+aZrQeW4pge1dCLquiNVzo2vHdY+yYsd/7y+riMrIF2a7frAdFPuh5u6pxeraL
L2pB7D3yA6XkGijWL/9W4gmG35gCGfKHFSx6dSgCEbta3fAXpPXiULhd2DrLPzsn
xiXgFpmyjSBbPuPd9y49fiuetHmTD8P93vMcyohdDYshnjbZc+glZOpfVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5KtqRy9ltxPlngJHenU6BUZcF+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX2txMnBITDJXM0UtV2VBa2Q2ZFRvRlJsd1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUph6MA0G
CSqGSIb3DQEBCwUAA4IBAQAQ3rmVVgLCYCWszkMNHdLzX4Dic+3HZpDxskNAA0rk
V9YXHcS50P4mM4cUAfCDR4terBXi5JwbV5TNwe/RXCFhXZgFF+6x6xodLyc5JRmJ
KOwz1nnmhd2umwhql40LsOEes6ldaWafPosL4ZbHjmCV9m3FBTjNm0elk3WwpSgK
okc6yDoLl1awRKlk0bvETD0OawcFWxbWfVV1pL7JvLJlONOWP89yLoQjUNYufffG
Ux7csU/R5l5GpblFYcnQTJHuarSqQBsRARLiDa9DIdMj81tIBKY8JQdNYy2/3O8/
jaLNeO0ZlG5jRznuvPdJVFNiaLTYTZHDOackoG2x1aoh
-----END CERTIFICATE-----