Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sxJgeyTenJMV1pqO8pPhtgutFzU.roa
File:                     sxJgeyTenJMV1pqO8pPhtgutFzU.roa (raw, json)
Hash identifier:          fHKkhKXuFdBy7odqC0PVs+0BZh05lo2YosjeSpt9ka4=
Subject key identifier:   B3:12:60:7B:24:DE:9C:93:15:D6:9A:8E:F2:93:E1:B6:0B:AD:17:35
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4F31B365E50622293BD27E1F26A1318E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sxJgeyTenJMV1pqO8pPhtgutFzU.roa
Signing time:             Fri 22 May 2026 10:18:37 +0000
ROA not before:           Fri 22 May 2026 10:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        109.176.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:31:b3:65:e5:06:22:29:3b:d2:7e:1f:26:a1:31:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 10:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b312607b24de9c9315d69a8ef293e1b60bad1735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:71:18:a7:75:70:5b:36:c3:04:d8:0b:42:76:
                    5b:df:ad:53:8e:a9:f0:1c:4e:4f:8c:06:c0:52:c3:
                    80:0b:f3:90:f7:8a:c3:37:34:db:7a:af:8f:c1:11:
                    2c:25:4b:8f:c5:f8:d0:5a:1d:74:c0:b8:59:74:5d:
                    35:ab:2a:93:d2:dd:68:c9:78:16:1d:dd:ee:ee:ac:
                    bb:d9:2f:21:49:c1:b3:e6:61:fa:ff:81:89:e3:ab:
                    21:ca:16:97:36:0e:9e:02:8f:01:81:04:80:21:09:
                    48:ae:13:f1:01:0a:ce:a1:0d:40:96:71:28:2f:bd:
                    48:2d:cc:00:eb:db:45:6d:23:51:52:38:9b:aa:1a:
                    e0:34:20:60:97:1f:b1:07:9f:6b:e4:4a:6b:78:8f:
                    d3:bf:93:fa:d2:c9:77:02:39:ab:15:51:0f:cc:f2:
                    84:d9:d1:0d:e8:fc:1c:30:88:2d:6a:53:23:58:bd:
                    c8:44:43:5b:4d:34:27:36:04:9c:1d:3f:f6:00:77:
                    82:7d:9d:71:e4:81:c0:d3:b1:b8:a2:f6:75:a2:ad:
                    d4:a3:a9:29:e9:1e:9f:db:e0:3c:68:76:86:b2:da:
                    1e:2f:7b:83:67:4b:b3:7b:05:80:bc:c7:8c:6e:50:
                    15:48:6f:9c:9a:19:e2:af:d4:e3:35:56:d4:0f:7a:
                    ea:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:12:60:7B:24:DE:9C:93:15:D6:9A:8E:F2:93:E1:B6:0B:AD:17:35
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sxJgeyTenJMV1pqO8pPhtgutFzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:42:60:50:fb:49:1c:29:ef:43:18:fc:24:e2:d1:eb:ba:3d:
         d7:44:35:8a:40:32:50:76:04:de:35:65:91:c6:b0:3b:1e:3a:
         3b:ee:d1:84:18:3e:51:b7:05:fc:5a:d1:75:55:42:19:f5:62:
         36:68:de:61:26:44:94:d1:5e:46:1a:89:b0:f9:ca:37:b7:72:
         2b:88:dd:32:52:3d:17:90:0b:05:9b:82:82:77:14:53:ac:28:
         72:31:29:4e:20:af:97:1f:5b:10:1f:a9:f0:5e:a2:fe:50:a3:
         c4:24:2a:ad:1f:7b:2d:eb:03:bf:6f:0a:77:1a:26:ad:b5:59:
         91:92:8c:02:db:b2:f5:6c:1e:fd:53:03:b2:3f:b9:00:33:11:
         9f:c8:aa:ca:72:2d:9b:81:06:d8:d9:3d:5d:5d:69:e1:b4:1e:
         5f:4c:9d:9f:68:b6:83:bf:f1:24:a0:5b:ac:18:d9:9e:d6:1e:
         3d:27:cb:2d:11:88:df:47:3b:ba:03:87:11:f0:04:a9:f4:86:
         d6:ce:f8:9f:e8:91:0d:04:a6:2b:30:51:82:9d:fd:2e:b1:2f:
         f9:74:7a:98:68:a1:9c:0c:04:fb:9a:ab:79:93:db:8e:bd:2e:
         23:4f:46:4c:96:2c:69:95:73:d2:c0:07:66:e0:63:04:6c:2e:
         7e:11:a1:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PMbNl5QYiKTvSfh8moTGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIyMTAxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzEyNjA3YjI0ZGU5YzkzMTVkNjlhOGVmMjkzZTFiNjBiYWQxNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23EYp3VwWzbDBNgLQnZb361Tjqnw
HE5PjAbAUsOAC/OQ94rDNzTbeq+PwREsJUuPxfjQWh10wLhZdF01qyqT0t1oyXgW
Hd3u7qy72S8hScGz5mH6/4GJ46shyhaXNg6eAo8BgQSAIQlIrhPxAQrOoQ1AlnEo
L71ILcwA69tFbSNRUjibqhrgNCBglx+xB59r5EpreI/Tv5P60sl3AjmrFVEPzPKE
2dEN6PwcMIgtalMjWL3IRENbTTQnNgScHT/2AHeCfZ1x5IHA07G4ovZ1oq3Uo6kp
6R6f2+A8aHaGstoeL3uDZ0uzewWAvMeMblAVSG+cmhnir9TjNVbUD3rqXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMSYHsk3pyTFdaajvKT4bYLrRc1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc3hKZ2V5VGVuSk1WMXBxTzhwUGh0Z3V0RnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDQMA0G
CSqGSIb3DQEBCwUAA4IBAQB4QmBQ+0kcKe9DGPwk4tHruj3XRDWKQDJQdgTeNWWR
xrA7Hjo77tGEGD5RtwX8WtF1VUIZ9WI2aN5hJkSU0V5GGomw+co3t3IriN0yUj0X
kAsFm4KCdxRTrChyMSlOIK+XH1sQH6nwXqL+UKPEJCqtH3st6wO/bwp3GiattVmR
kowC27L1bB79UwOyP7kAMxGfyKrKci2bgQbY2T1dXWnhtB5fTJ2faLaDv/EkoFus
GNme1h49J8stEYjfRzu6A4cR8ASp9IbWzvif6JENBKYrMFGCnf0usS/5dHqYaKGc
DAT7mqt5k9uOvS4jT0ZMlixplXPSwAdm4GMEbC5+EaG4
-----END CERTIFICATE-----