Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dwA2Nl073_fI4ue5ECFRpVfr6r4.roa
File:                     dwA2Nl073_fI4ue5ECFRpVfr6r4.roa (raw, json)
Hash identifier:          NfSp4PExIVLRRKR/xze92AKvBIO23PqPXUZSUnx57TQ=
Subject key identifier:   77:00:36:36:5D:3B:DF:F7:C8:E2:E7:B9:10:21:51:A5:57:EB:EA:BE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E29338B0BE574DA4C77B2B229CB9C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dwA2Nl073_fI4ue5ECFRpVfr6r4.roa
Signing time:             Tue 26 May 2026 07:44:38 +0000
ROA not before:           Tue 26 May 2026 07:44:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203149
IP address blocks:        82.152.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:29:33:8b:0b:e5:74:da:4c:77:b2:b2:29:cb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=770036365d3bdff7c8e2e7b9102151a557ebeabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:13:01:be:ee:ab:3e:5d:2a:62:9d:e8:7a:b2:
                    95:77:89:e3:58:36:d2:ef:30:d0:2f:c9:df:9c:c3:
                    70:b5:89:21:31:08:68:ab:6d:a9:dc:44:d6:a2:da:
                    1e:b2:f3:51:61:29:ec:b5:22:2b:7d:63:f7:98:49:
                    05:9d:85:11:3a:6b:5c:65:68:2b:fe:0f:5c:d9:c8:
                    3c:f0:8d:f8:eb:32:85:af:ce:b9:d1:63:40:58:ee:
                    0a:5e:e3:b9:f5:59:c9:86:70:61:fd:0f:8e:d2:a0:
                    4a:73:44:54:85:e7:fe:ff:29:49:48:9a:1f:a5:b0:
                    34:64:ad:e0:32:f9:e0:03:09:0d:43:4f:e6:88:4d:
                    e9:ee:f8:f9:65:7c:dc:b8:6c:c2:4e:7e:0e:f0:cd:
                    e6:75:14:30:5a:5b:2c:00:1c:ad:d6:25:79:70:ab:
                    c5:a3:0f:1a:e8:9e:07:f5:1c:ae:28:5d:ce:a6:3f:
                    3c:cb:ce:1e:6b:04:4a:cb:88:f2:9d:fd:29:96:4a:
                    3b:7a:33:05:42:4b:9d:28:41:85:4b:b0:d9:bc:a8:
                    65:fd:f9:6d:59:96:0e:54:5e:31:1b:f7:f9:b0:3a:
                    e3:95:a1:54:08:82:41:f2:cf:00:7d:f6:a9:98:fa:
                    74:8e:a4:52:b9:fe:09:3a:a2:c9:b4:e4:df:21:17:
                    39:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:00:36:36:5D:3B:DF:F7:C8:E2:E7:B9:10:21:51:A5:57:EB:EA:BE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dwA2Nl073_fI4ue5ECFRpVfr6r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b9:64:63:4d:3f:e7:6e:4f:cb:6d:b3:0c:01:9e:4f:8b:4b:
         ea:14:6d:dc:2e:e4:4d:7a:ca:12:db:5f:b1:24:d8:eb:9a:76:
         4a:c1:65:1a:3a:52:ad:2c:ef:0c:71:a0:69:ef:4d:3e:a7:c1:
         6e:8a:ee:c7:d1:20:4e:74:7e:4d:bf:9e:ab:bd:ae:30:5c:b3:
         66:39:51:21:86:7c:8a:28:61:c2:e3:49:f6:e7:8d:a0:de:bf:
         97:2d:26:aa:67:e0:81:ed:17:05:41:57:af:35:95:3d:1c:f7:
         9f:7b:5b:f2:ae:b5:ee:8c:66:15:15:d4:8e:81:b3:d4:2e:00:
         35:52:ac:5f:3b:00:f9:bf:79:9f:d9:29:73:8b:0e:ad:81:97:
         39:e3:65:6b:0e:40:57:59:e1:45:fe:61:9f:18:63:61:99:b6:
         6a:d1:dc:ec:9c:e9:ea:9f:b5:bc:54:f7:1a:26:2d:83:c1:b1:
         5c:b7:f3:d1:db:47:fa:c2:d3:b7:ec:cd:78:ca:3a:1d:ad:a0:
         08:7b:ba:a6:8b:2a:77:94:7f:e3:58:ce:2b:82:45:80:59:8f:
         6b:a3:ac:01:83:40:4e:3b:a3:8c:4e:68:4b:f8:06:21:5c:d0:
         96:d8:b6:fb:d2:ee:41:35:fb:16:83:07:37:7d:d9:a8:f1:4d:
         89:7b:ab:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPikziwvldNpMd7KyKcucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzAwMzYzNjVkM2JkZmY3YzhlMmU3YjkxMDIxNTFhNTU3ZWJlYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RMBvu6rPl0qYp3oerKVd4njWDbS
7zDQL8nfnMNwtYkhMQhoq22p3ETWotoesvNRYSnstSIrfWP3mEkFnYUROmtcZWgr
/g9c2cg88I346zKFr8650WNAWO4KXuO59VnJhnBh/Q+O0qBKc0RUhef+/ylJSJof
pbA0ZK3gMvngAwkNQ0/miE3p7vj5ZXzcuGzCTn4O8M3mdRQwWlssAByt1iV5cKvF
ow8a6J4H9RyuKF3Opj88y84eawRKy4jynf0plko7ejMFQkudKEGFS7DZvKhl/flt
WZYOVF4xG/f5sDrjlaFUCIJB8s8AffapmPp0jqRSuf4JOqLJtOTfIRc5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcANjZdO9/3yOLnuRAhUaVX6+q+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZHdBMk5sMDczX2ZJNHVlNUVDRlJwVmZyNnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpjRMA0G
CSqGSIb3DQEBCwUAA4IBAQByuWRjTT/nbk/LbbMMAZ5Pi0vqFG3cLuRNesoS21+x
JNjrmnZKwWUaOlKtLO8McaBp700+p8Fuiu7H0SBOdH5Nv56rva4wXLNmOVEhhnyK
KGHC40n2542g3r+XLSaqZ+CB7RcFQVevNZU9HPefe1vyrrXujGYVFdSOgbPULgA1
UqxfOwD5v3mf2Slziw6tgZc542VrDkBXWeFF/mGfGGNhmbZq0dzsnOnqn7W8VPca
Ji2DwbFct/PR20f6wtO37M14yjodraAIe7qmiyp3lH/jWM4rgkWAWY9ro6wBg0BO
O6OMTmhL+AYhXNCW2Lb70u5BNfsWgwc3fdmo8U2Je6sY
-----END CERTIFICATE-----