Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cK0knfq49hr07SmowzGlKLJMqSs.roa
File:                     cK0knfq49hr07SmowzGlKLJMqSs.roa (raw, json)
Hash identifier:          fxkNm0XNgSHFyZZmY2zjP5hd8LZEEim8Bb4tQpHnafo=
Subject key identifier:   70:AD:24:9D:FA:B8:F6:1A:F4:ED:29:A8:C3:31:A5:28:B2:4C:A9:2B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A2A1B4CA794B50686C474E43370A2A8F5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cK0knfq49hr07SmowzGlKLJMqSs.roa
Signing time:             Tue 28 Oct 2025 09:17:03 +0000
ROA not before:           Tue 28 Oct 2025 09:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        77.107.82.0/24 maxlen: 24
                          82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:1b:4c:a7:94:b5:06:86:c4:74:e4:33:70:a2:a8:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 28 09:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70ad249dfab8f61af4ed29a8c331a528b24ca92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:86:df:dd:bf:07:21:60:bf:6a:ed:88:94:17:
                    3e:a7:34:53:fc:f3:19:50:ab:61:b6:03:d7:50:d7:
                    99:42:1c:9d:b7:8a:c6:03:96:06:6e:79:bb:bc:25:
                    a4:98:3d:ba:e7:45:c4:39:64:b5:1a:e1:d7:0c:72:
                    0c:02:47:57:fe:2e:17:ee:1d:1f:7a:54:d4:db:a2:
                    19:52:74:8c:82:67:5f:f6:1c:88:09:08:a6:e7:f1:
                    80:d7:32:6a:b1:a7:9f:8d:2f:47:a1:51:b8:64:ce:
                    6a:05:04:6c:5d:06:52:61:0a:7a:6d:03:0b:83:25:
                    16:c8:e4:5e:db:15:ae:68:bd:c4:08:4c:36:74:9c:
                    71:66:77:88:fe:07:7f:5f:33:a6:86:39:25:f7:5d:
                    57:c7:fe:da:3e:d5:2e:1f:79:30:3f:38:7c:da:cd:
                    e9:a0:c2:6f:e3:5a:f6:d3:8c:c7:82:11:14:d9:a8:
                    76:f1:fc:bc:b8:22:e2:72:b5:5f:a9:a0:21:3c:9f:
                    15:3a:58:96:9b:b0:a1:6b:2f:34:d5:bc:fa:66:6f:
                    95:a2:38:b6:09:37:6b:7d:1c:6f:d3:e7:97:7e:2f:
                    25:12:bd:19:02:6f:ae:02:f8:88:e0:35:c5:4a:69:
                    5a:26:36:ec:30:06:3a:b0:3c:10:4e:d6:28:ae:07:
                    64:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:AD:24:9D:FA:B8:F6:1A:F4:ED:29:A8:C3:31:A5:28:B2:4C:A9:2B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cK0knfq49hr07SmowzGlKLJMqSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.107.82.0/24
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:1c:ea:a8:9a:a8:43:84:7b:7c:c2:74:cd:7c:a6:6b:dc:32:
         6f:3e:f0:a5:12:84:70:52:3b:da:d1:94:77:47:13:94:a2:87:
         d5:1f:17:da:7c:1d:ab:f8:8c:6d:55:96:ff:bb:b9:8a:d3:e2:
         1c:27:0a:eb:44:9f:f1:f4:8b:b1:74:fd:a7:b3:15:2e:b8:61:
         7c:d5:10:0e:31:c2:a2:cb:f9:5d:a5:22:b1:5c:63:ba:48:c5:
         90:74:a7:d6:b8:6a:c9:83:6f:84:6e:a5:6e:11:d4:43:1c:6c:
         e9:b1:4a:7f:a9:cd:74:af:ef:2f:61:8c:a9:c5:66:ea:d9:b0:
         b3:52:1b:44:cd:88:aa:b6:f1:50:c2:9f:91:bb:41:90:47:9a:
         84:89:1e:f7:ad:78:4d:5a:26:d3:68:45:db:d7:d9:fe:a0:db:
         6b:b0:cc:d0:bc:6b:a5:3c:95:2b:69:3f:85:94:5a:78:3c:8e:
         f5:dd:33:23:3e:0a:3d:76:9d:df:08:5d:86:c1:e7:a2:19:a3:
         1a:d0:21:45:01:a0:d9:98:17:f4:25:60:b0:14:76:f0:b9:9f:
         26:e2:f8:f4:75:82:48:8f:5c:fa:54:0f:fa:4a:34:92:ee:32:
         49:aa:56:8c:ff:9a:2c:cc:0f:0a:0f:a8:89:9a:e0:a6:dd:67:
         3c:95:91:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoqG0ynlLUGhsR05DNwoqj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDI4MDkxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGFkMjQ5ZGZhYjhmNjFhZjRlZDI5YThjMzMxYTUyOGIyNGNhOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4bf3b8HIWC/au2IlBc+pzRT/PMZ
UKthtgPXUNeZQhydt4rGA5YGbnm7vCWkmD2650XEOWS1GuHXDHIMAkdX/i4X7h0f
elTU26IZUnSMgmdf9hyICQim5/GA1zJqsaefjS9HoVG4ZM5qBQRsXQZSYQp6bQML
gyUWyORe2xWuaL3ECEw2dJxxZneI/gd/XzOmhjkl911Xx/7aPtUuH3kwPzh82s3p
oMJv41r204zHghEU2ah28fy8uCLicrVfqaAhPJ8VOliWm7Chay801bz6Zm+Voji2
CTdrfRxv0+eXfi8lEr0ZAm+uAviI4DXFSmlaJjbsMAY6sDwQTtYorgdk4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHCtJJ36uPYa9O0pqMMxpSiyTKkrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0swa25mcTQ5aHIwN1Ntb3d6R2xLTEpNcVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATWtSAwQA
UpnYMA0GCSqGSIb3DQEBCwUAA4IBAQBqHOqomqhDhHt8wnTNfKZr3DJvPvClEoRw
Ujva0ZR3RxOUoofVHxfafB2r+IxtVZb/u7mK0+IcJwrrRJ/x9IuxdP2nsxUuuGF8
1RAOMcKiy/ldpSKxXGO6SMWQdKfWuGrJg2+EbqVuEdRDHGzpsUp/qc10r+8vYYyp
xWbq2bCzUhtEzYiqtvFQwp+Ru0GQR5qEiR73rXhNWibTaEXb19n+oNtrsMzQvGul
PJUraT+FlFp4PI713TMjPgo9dp3fCF2GweeiGaMa0CFFAaDZmBf0JWCwFHbwuZ8m
4vj0dYJIj1z6VA/6SjSS7jJJqlaM/5oszA8KD6iJmuCm3Wc8lZHU
-----END CERTIFICATE-----