Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HDy9E8Syvp_94CFPESY5rqbClSY.roa
File:                     HDy9E8Syvp_94CFPESY5rqbClSY.roa (raw, json)
Hash identifier:          3igy8TWZ+XjW5zsIvNRV3KRA/9ZGWbPE9nexH9tr414=
Subject key identifier:   1C:3C:BD:13:C4:B2:BE:9F:FD:E0:21:4F:11:26:39:AE:A6:C2:95:26
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019D921D8097C526734C95C79E736A22F8DE
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HDy9E8Syvp_94CFPESY5rqbClSY.roa
Signing time:             Wed 15 Apr 2026 17:08:20 +0000
ROA not before:           Wed 15 Apr 2026 17:08:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198154
IP address blocks:        87.236.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Apr 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:92:1d:80:97:c5:26:73:4c:95:c7:9e:73:6a:22:f8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Apr 15 17:08:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c3cbd13c4b2be9ffde0214f112639aea6c29526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e0:bc:85:75:e1:90:de:e7:56:21:ac:b4:9f:
                    c3:f0:8c:a0:ec:5b:ab:c6:b0:08:4c:09:d7:65:18:
                    5f:83:3b:c7:ef:33:82:f0:e7:3d:a4:99:08:85:60:
                    27:c8:76:87:de:09:9f:d2:e4:4f:a7:10:dc:7a:ed:
                    ce:91:e3:7f:9c:bb:0a:ea:47:5b:ee:6f:62:e2:5b:
                    cc:1d:d6:d6:3f:5b:9f:d9:47:96:6b:6f:c2:90:12:
                    7a:48:53:56:d4:a6:94:d7:ba:90:30:af:ed:a1:49:
                    39:8a:f3:2c:0a:b0:10:90:35:25:29:16:3c:36:72:
                    fd:6a:dd:6d:4a:1c:a9:5d:cc:dc:14:4f:b4:11:64:
                    7a:28:79:94:db:60:98:8f:f0:02:f3:ea:a7:14:b6:
                    62:bd:58:ae:5c:2c:16:3a:b1:29:c8:8f:fb:d5:d7:
                    11:d9:0a:99:40:bd:d1:f5:d7:fb:6e:5b:f7:62:b5:
                    59:f8:66:20:4f:4e:70:25:ac:d1:91:12:8b:b6:8b:
                    87:66:0c:62:de:54:a0:44:a0:88:d8:5d:82:3c:b3:
                    25:e3:87:ac:bc:15:7a:1a:76:1b:7e:e4:b9:4b:12:
                    e3:09:cd:2b:2c:ee:73:18:8f:e1:e3:08:c5:ad:e9:
                    52:12:71:ad:7d:e3:c4:09:66:d5:c7:51:29:3a:35:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3C:BD:13:C4:B2:BE:9F:FD:E0:21:4F:11:26:39:AE:A6:C2:95:26
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HDy9E8Syvp_94CFPESY5rqbClSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:5e:29:a7:be:b5:82:fc:f9:0f:73:21:2b:d7:ff:c8:33:4b:
         87:c6:1d:14:37:9f:07:61:96:9b:d3:cd:7f:29:09:f6:ff:0c:
         6b:e1:d1:c9:8e:47:dc:fa:e9:c5:03:e8:b0:54:96:ad:0b:6d:
         d4:ef:0d:de:13:a5:91:75:d6:79:6b:ba:4b:65:aa:e9:22:81:
         6b:76:8b:3e:7a:62:a0:53:62:6e:2c:55:9e:45:22:87:5a:0d:
         00:b5:4a:82:a4:4d:85:56:c8:96:e3:61:4d:fe:30:09:55:d0:
         59:f8:48:be:73:1a:af:0c:0a:c0:cf:eb:eb:c8:e5:30:f4:b0:
         31:9d:b7:c1:6e:19:22:cd:ea:f2:05:83:20:b0:ad:cd:6c:da:
         d4:bd:82:2e:02:e3:a9:7a:7d:7e:2d:68:e4:51:a4:5e:f0:6c:
         ba:f7:61:59:5a:e4:a9:60:5f:61:fa:78:c8:43:f2:2c:29:54:
         11:50:c7:cf:52:38:8c:be:34:43:78:09:1d:04:b1:27:7f:a8:
         05:10:9a:8a:16:90:4e:a5:74:5d:dd:05:df:69:84:97:84:d8:
         52:33:6c:cf:bb:94:2e:6c:52:4f:0c:cc:39:2c:24:0d:98:b8:
         07:c5:e6:77:87:58:d8:3e:70:7e:f0:c7:27:7a:2f:6e:10:d0:
         3b:70:6b:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2SHYCXxSZzTJXHnnNqIvjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDE1MTcwODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzNjYmQxM2M0YjJiZTlmZmRlMDIxNGYxMTI2MzlhZWE2YzI5NTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeC8hXXhkN7nViGstJ/D8Iyg7Fur
xrAITAnXZRhfgzvH7zOC8Oc9pJkIhWAnyHaH3gmf0uRPpxDceu3OkeN/nLsK6kdb
7m9i4lvMHdbWP1uf2UeWa2/CkBJ6SFNW1KaU17qQMK/toUk5ivMsCrAQkDUlKRY8
NnL9at1tShypXczcFE+0EWR6KHmU22CYj/AC8+qnFLZivViuXCwWOrEpyI/71dcR
2QqZQL3R9df7blv3YrVZ+GYgT05wJazRkRKLtouHZgxi3lSgRKCI2F2CPLMl44es
vBV6GnYbfuS5SxLjCc0rLO5zGI/h4wjFrelSEnGtfePECWbVx1EpOjUOSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBw8vRPEsr6f/eAhTxEmOa6mwpUmMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSER5OUU4U3l2cF85NENGUEVTWTVycWJDbFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+wmMA0G
CSqGSIb3DQEBCwUAA4IBAQCZXimnvrWC/PkPcyEr1//IM0uHxh0UN58HYZab081/
KQn2/wxr4dHJjkfc+unFA+iwVJatC23U7w3eE6WRddZ5a7pLZarpIoFrdos+emKg
U2JuLFWeRSKHWg0AtUqCpE2FVsiW42FN/jAJVdBZ+Ei+cxqvDArAz+vryOUw9LAx
nbfBbhkizeryBYMgsK3NbNrUvYIuAuOpen1+LWjkUaRe8Gy692FZWuSpYF9h+njI
Q/IsKVQRUMfPUjiMvjRDeAkdBLEnf6gFEJqKFpBOpXRd3QXfaYSXhNhSM2zPu5Qu
bFJPDMw5LCQNmLgHxeZ3h1jYPnB+8Mcnei9uENA7cGsj
-----END CERTIFICATE-----