Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iU4BxHjO1SQFyujGKU55za2vKqM.roa
File:                     iU4BxHjO1SQFyujGKU55za2vKqM.roa (raw, json)
Hash identifier:          QOITOWUxwLE5IWszllrnfFAT/xPbuesG/bLfOMjv7Vk=
Subject key identifier:   89:4E:01:C4:78:CE:D5:24:05:CA:E8:C6:29:4E:79:CD:AD:AF:2A:A3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D48497918A44B20FE03D46DD94BE4A6D0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iU4BxHjO1SQFyujGKU55za2vKqM.roa
Signing time:             Wed 01 Apr 2026 09:04:27 +0000
ROA not before:           Wed 01 Apr 2026 09:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48266
IP address blocks:        81.5.191.0/24 maxlen: 24
                          82.152.177.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:49:79:18:a4:4b:20:fe:03:d4:6d:d9:4b:e4:a6:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  1 09:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=894e01c478ced52405cae8c6294e79cdadaf2aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:08:28:5f:4f:d6:d1:8e:76:32:e9:17:60:23:
                    05:dd:27:f7:96:7b:0d:fc:03:f6:d0:09:af:fc:4d:
                    5c:d9:04:de:ce:d7:23:62:55:88:56:ac:ac:3e:30:
                    e5:90:70:78:da:93:3c:b9:5a:34:e3:af:d6:f3:01:
                    dd:fc:3d:7f:70:61:b3:b0:84:92:e7:74:8d:7f:94:
                    07:a2:64:63:a6:08:e5:9b:5f:6d:12:d1:90:91:1d:
                    86:75:8a:f8:db:09:9d:30:21:15:1d:27:1e:7a:99:
                    5e:7e:16:0c:fe:c8:de:bd:ac:95:f5:ca:4c:09:03:
                    3b:d9:62:ad:60:b9:50:d7:6e:9e:13:29:b5:5f:ba:
                    ad:3f:7a:02:d6:3e:c9:dc:b7:ab:2f:a0:78:83:57:
                    e8:c6:fc:d0:88:3a:b9:55:65:dc:4b:bf:0d:ba:a9:
                    51:af:7c:76:1d:82:bf:6b:ae:73:1b:94:e1:50:e3:
                    f6:7d:2a:1f:df:c9:92:04:a7:a0:d1:87:cd:b3:ce:
                    c8:0c:29:1b:ad:16:2f:ce:b2:14:d7:c9:9f:29:32:
                    e2:9d:11:c5:6d:e5:40:f3:71:52:3d:36:ac:c2:68:
                    28:7c:f2:a9:43:22:4b:20:1d:ec:3e:dd:00:6d:d4:
                    d8:ba:8b:dc:e4:b6:1a:62:37:8e:a6:98:52:45:40:
                    da:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:4E:01:C4:78:CE:D5:24:05:CA:E8:C6:29:4E:79:CD:AD:AF:2A:A3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iU4BxHjO1SQFyujGKU55za2vKqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.191.0/24
                  82.152.177.0/24
                  82.153.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c9:b7:b5:8f:74:07:51:eb:b9:7f:1c:38:f6:86:a1:41:94:
         f9:15:85:56:d5:d1:9f:73:ed:a0:8d:c3:1e:1f:8b:e4:84:8d:
         f2:65:23:a3:9b:85:c2:c1:bc:88:fe:62:76:8c:b4:67:d7:86:
         8a:72:8a:b0:21:55:2b:7b:97:7c:cc:3f:28:39:d7:85:2c:91:
         75:12:0a:b3:f2:b5:78:9b:d5:0d:71:27:c4:05:6a:c7:ab:cb:
         01:5c:57:16:45:25:c1:86:94:31:a5:2e:2d:0c:7c:87:21:b3:
         65:76:ea:83:52:25:ea:e1:07:e4:f9:23:11:e6:c2:8f:47:22:
         14:49:67:13:ee:c1:01:7f:87:51:56:28:d9:c6:2b:24:45:40:
         c5:b4:25:f0:d7:f2:77:31:46:4a:12:ad:7d:ae:c8:3d:8c:52:
         a3:d1:9a:8a:d0:08:c6:b5:a2:0c:ef:a6:26:d5:ac:cd:4b:d3:
         6e:00:ad:7e:3d:50:c7:d1:83:91:09:2b:36:03:e8:2b:93:75:
         fb:b0:dc:fa:3d:c4:f1:4c:3c:42:d2:09:80:63:64:f4:b0:dc:
         be:09:9f:28:c3:3c:bb:d7:8d:d5:ea:16:2f:ca:cb:3a:d8:b6:
         0f:00:f8:41:64:06:18:3d:8f:1b:5a:3c:b6:d2:d0:29:b6:e3:
         7e:26:72:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1ISXkYpEsg/gPUbdlL5KbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDAxMDkwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTRlMDFjNDc4Y2VkNTI0MDVjYWU4YzYyOTRlNzljZGFkYWYyYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AgoX0/W0Y52MukXYCMF3Sf3lnsN
/AP20Amv/E1c2QTeztcjYlWIVqysPjDlkHB42pM8uVo046/W8wHd/D1/cGGzsISS
53SNf5QHomRjpgjlm19tEtGQkR2GdYr42wmdMCEVHSceeplefhYM/sjevayV9cpM
CQM72WKtYLlQ126eEym1X7qtP3oC1j7J3LerL6B4g1foxvzQiDq5VWXcS78NuqlR
r3x2HYK/a65zG5ThUOP2fSof38mSBKeg0YfNs87IDCkbrRYvzrIU18mfKTLinRHF
beVA83FSPTaswmgofPKpQyJLIB3sPt0AbdTYuovc5LYaYjeOpphSRUDaJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIlOAcR4ztUkBcroxilOec2tryqjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaVU0QnhIak8xU1FGeXVqR0tVNTV6YTJ2S3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUQW/AwQA
UpixAwQAUplFMA0GCSqGSIb3DQEBCwUAA4IBAQA0ybe1j3QHUeu5fxw49oahQZT5
FYVW1dGfc+2gjcMeH4vkhI3yZSOjm4XCwbyI/mJ2jLRn14aKcoqwIVUre5d8zD8o
OdeFLJF1Egqz8rV4m9UNcSfEBWrHq8sBXFcWRSXBhpQxpS4tDHyHIbNlduqDUiXq
4Qfk+SMR5sKPRyIUSWcT7sEBf4dRVijZxiskRUDFtCXw1/J3MUZKEq19rsg9jFKj
0ZqK0AjGtaIM76Ym1azNS9NuAK1+PVDH0YORCSs2A+grk3X7sNz6PcTxTDxC0gmA
Y2T0sNy+CZ8owzy7143V6hYvyss62LYPAPhBZAYYPY8bWjy20tAptuN+JnIf
-----END CERTIFICATE-----