Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/trrYUuqeMFrn-Wu6YgSRJE71KAc.roa
File:                     trrYUuqeMFrn-Wu6YgSRJE71KAc.roa (raw, json)
Hash identifier:          9Tn3+g/CzUBkxtcpN4ppAVax6kJ3Ln1QZPTL/j1kwg0=
Subject key identifier:   B6:BA:D8:52:EA:9E:30:5A:E7:F9:6B:BA:62:04:91:24:4E:F5:28:07
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CB7D39C4BE362355D83DCB6C6D563D7FE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/trrYUuqeMFrn-Wu6YgSRJE71KAc.roa
Signing time:             Wed 04 Mar 2026 07:50:24 +0000
ROA not before:           Wed 04 Mar 2026 07:50:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31715
IP address blocks:        213.210.54.0/24 maxlen: 24
                          213.218.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 16:33:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:d3:9c:4b:e3:62:35:5d:83:dc:b6:c6:d5:63:d7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  4 07:50:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6bad852ea9e305ae7f96bba620491244ef52807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7d:aa:d1:47:fc:02:7b:d6:6e:d4:da:b4:e1:
                    a5:34:93:8a:fd:23:15:0b:5e:a7:dc:db:ef:5e:41:
                    0b:44:c6:ef:0c:1c:b2:ba:fc:57:9c:79:5f:02:29:
                    44:5e:75:7e:a0:46:73:82:43:81:87:5b:06:14:06:
                    bb:a4:34:8d:19:8d:7e:48:7d:90:9d:5e:6e:7d:4e:
                    59:2d:5b:13:5f:28:9e:fa:93:1e:bd:44:8a:84:19:
                    a6:60:03:33:f2:b6:cd:6a:a8:3b:d6:a7:bf:29:9a:
                    cb:cd:ee:80:01:cb:9f:49:db:c1:0c:51:fe:62:3e:
                    f2:aa:4f:cc:f7:d8:33:77:8b:0e:96:49:1d:c9:bc:
                    86:db:62:ad:c0:c2:a9:a6:cd:50:a6:28:1a:f8:9e:
                    60:aa:f7:09:9b:25:9c:9a:a3:52:fd:22:ea:17:3d:
                    87:be:74:f3:56:fb:0e:0a:91:26:90:73:e7:b5:08:
                    61:15:eb:c3:9d:d7:6f:0d:09:39:5e:49:58:dd:0a:
                    2a:62:44:f1:58:9a:20:21:ba:61:22:3b:e9:6b:54:
                    70:a2:37:ae:fb:bd:27:79:ec:61:3c:03:27:2e:4c:
                    e8:4b:b5:db:aa:06:c8:92:df:f9:08:fb:65:55:82:
                    f2:9c:18:60:a5:f0:58:92:07:88:11:f9:64:b6:f2:
                    8e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:BA:D8:52:EA:9E:30:5A:E7:F9:6B:BA:62:04:91:24:4E:F5:28:07
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/trrYUuqeMFrn-Wu6YgSRJE71KAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.54.0/24
                  213.218.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:97:9a:aa:4c:44:3f:35:97:77:f1:a3:db:89:2e:70:b2:36:
         6e:5c:b3:ac:95:37:ff:1a:75:fd:88:3e:ad:c9:29:4d:c9:07:
         b4:bc:8b:e0:38:89:d5:06:81:84:d6:0c:d5:80:d1:5b:f5:6c:
         b8:aa:23:6f:08:fb:ac:ee:0d:de:65:8e:39:12:43:44:4e:dc:
         c3:7c:0c:f8:4e:f2:aa:e9:1d:1e:ed:83:74:ec:33:8f:b4:c0:
         a8:d4:74:3e:50:cc:ee:6b:26:74:68:05:f8:99:a0:bc:03:83:
         3d:c0:7e:e9:3f:a9:7e:d9:a0:08:e5:c4:b4:4a:f6:49:70:d3:
         09:92:14:19:b4:51:61:bb:3c:90:33:d2:74:a8:e7:e7:fe:7c:
         4d:4c:94:28:10:27:98:be:b4:3b:04:b3:8f:2b:64:47:5a:f9:
         4c:df:a4:ca:ee:34:3a:2d:09:1e:4f:db:f3:8f:1d:0c:7e:45:
         d9:00:cd:4c:63:59:f8:80:59:33:f6:a5:c5:bd:e0:a6:64:9b:
         02:d3:e4:73:f6:89:f2:bf:ec:fb:61:dd:fa:62:3b:a3:e2:93:
         eb:56:93:3e:5a:27:81:8e:f7:7c:88:91:d0:76:3f:61:35:b7:
         cb:c9:3c:ed:05:20:1f:32:1a:98:e7:a0:cc:43:37:1d:14:1d:
         69:84:9f:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy305xL42I1XYPctsbVY9f+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzA0MDc1MDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmJhZDg1MmVhOWUzMDVhZTdmOTZiYmE2MjA0OTEyNDRlZjUyODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn32q0Uf8AnvWbtTatOGlNJOK/SMV
C16n3NvvXkELRMbvDByyuvxXnHlfAilEXnV+oEZzgkOBh1sGFAa7pDSNGY1+SH2Q
nV5ufU5ZLVsTXyie+pMevUSKhBmmYAMz8rbNaqg71qe/KZrLze6AAcufSdvBDFH+
Yj7yqk/M99gzd4sOlkkdybyG22KtwMKpps1Qpiga+J5gqvcJmyWcmqNS/SLqFz2H
vnTzVvsOCpEmkHPntQhhFevDnddvDQk5XklY3QoqYkTxWJogIbphIjvpa1Rwojeu
+70neexhPAMnLkzoS7XbqgbIkt/5CPtlVYLynBhgpfBYkgeIEflktvKOgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLa62FLqnjBa5/lrumIEkSRO9SgHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdHJyWVV1cWVNRnJuLVd1NllnU1JKRTcxS0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1dI2AwQA
1drQMA0GCSqGSIb3DQEBCwUAA4IBAQCbl5qqTEQ/NZd38aPbiS5wsjZuXLOslTf/
GnX9iD6tySlNyQe0vIvgOInVBoGE1gzVgNFb9Wy4qiNvCPus7g3eZY45EkNETtzD
fAz4TvKq6R0e7YN07DOPtMCo1HQ+UMzuayZ0aAX4maC8A4M9wH7pP6l+2aAI5cS0
SvZJcNMJkhQZtFFhuzyQM9J0qOfn/nxNTJQoECeYvrQ7BLOPK2RHWvlM36TK7jQ6
LQkeT9vzjx0MfkXZAM1MY1n4gFkz9qXFveCmZJsC0+Rz9onyv+z7Yd36Yjuj4pPr
VpM+WieBjvd8iJHQdj9hNbfLyTztBSAfMhqY56DMQzcdFB1phJ+J
-----END CERTIFICATE-----