Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/3t0Qh1teY6OuWuD5eux2hDRDsok.roa
File:                     3t0Qh1teY6OuWuD5eux2hDRDsok.roa (raw, json)
Hash identifier:          AEOYyQYZger6I0vrFZcgHsYcO9T8vKWws/4ZrI8XgKc=
Subject key identifier:   DE:DD:10:87:5B:5E:63:A3:AE:5A:E0:F9:7A:EC:76:84:34:43:B2:89
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019CD6C38E5874E538FC07439AF07DE21246
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/3t0Qh1teY6OuWuD5eux2hDRDsok.roa
Signing time:             Tue 10 Mar 2026 08:01:06 +0000
ROA not before:           Tue 10 Mar 2026 08:01:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        91.193.233.0/24 maxlen: 24
                          193.151.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d6:c3:8e:58:74:e5:38:fc:07:43:9a:f0:7d:e2:12:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Mar 10 08:01:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dedd10875b5e63a3ae5ae0f97aec76843443b289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ec:c1:1c:2a:48:e5:fa:c5:c4:9c:98:03:78:
                    ff:89:4c:63:62:3d:e8:b1:96:c1:63:79:57:24:e8:
                    9b:88:94:4a:6d:d7:8e:f1:3e:98:9f:11:f0:8c:d7:
                    0f:39:0b:9d:05:1e:41:50:2f:50:22:cf:a6:4e:4c:
                    93:37:e2:78:3e:7d:e6:15:ec:b5:c2:47:ea:6b:92:
                    40:9e:f2:db:5e:4d:fb:f5:66:a1:6f:c2:78:ed:45:
                    97:e2:10:cd:51:98:b3:71:1a:36:05:9a:86:72:1d:
                    79:6e:3c:d9:c4:4b:2f:54:4a:60:2f:91:41:42:a2:
                    c1:cd:14:c6:19:7f:73:20:69:0a:d9:ec:ca:11:a1:
                    80:29:e9:26:ce:6e:53:be:4d:9a:87:4a:14:a9:78:
                    45:78:13:81:38:e9:f9:8b:d6:75:b0:91:f1:07:c4:
                    31:02:14:02:61:3c:ed:98:c0:22:f2:e2:a1:b6:62:
                    0c:76:b1:15:71:25:d9:7e:b1:e6:bf:14:95:ec:8e:
                    3f:37:e7:f3:5b:56:67:3d:9b:9a:0b:18:1e:56:85:
                    b5:bb:e9:ca:5a:bf:0b:59:08:7a:15:ce:08:7c:33:
                    8a:3b:a5:74:1b:d0:70:01:3c:71:20:2d:e9:08:47:
                    59:14:e7:90:c8:77:02:04:b8:6c:d8:ba:29:e2:49:
                    ba:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DD:10:87:5B:5E:63:A3:AE:5A:E0:F9:7A:EC:76:84:34:43:B2:89
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/3t0Qh1teY6OuWuD5eux2hDRDsok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.233.0/24
                  193.151.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:68:0f:1a:d9:30:f5:7f:fa:f3:df:bc:3c:c2:1f:9d:b4:7b:
         48:9f:c7:89:44:4d:81:4b:31:90:8c:e6:50:f6:58:a9:d4:a2:
         54:9f:71:b8:37:56:97:75:2d:56:0a:53:43:0e:fe:7d:37:fa:
         27:80:64:d0:1d:84:36:1f:bb:48:b7:43:70:99:ec:a5:26:4c:
         da:da:58:8c:1d:cd:71:4c:5e:64:f8:39:20:7d:b5:e8:be:66:
         6c:90:2c:75:84:d0:7e:bf:28:3c:65:14:c3:08:44:16:da:c8:
         dc:cc:d6:44:37:e1:86:24:58:41:a9:69:0d:8d:a1:32:38:8b:
         74:83:1e:df:0e:80:88:f5:dc:74:10:c1:36:bc:4d:e1:d8:b3:
         7e:8a:32:fe:c6:38:39:9f:4d:88:14:01:a5:cf:b4:9f:81:f7:
         91:6c:eb:4c:b3:6e:e1:2b:9f:71:fd:58:50:ba:f5:5b:4c:6b:
         69:92:87:f7:55:fa:bb:96:0d:57:ae:d2:a0:a5:6c:0f:fe:68:
         00:27:06:f6:39:72:46:a7:1d:29:f9:30:ec:a1:9e:af:0e:a8:
         69:c1:26:39:a7:94:6a:49:5f:86:3f:e0:94:2b:4f:7e:73:76:
         50:d1:89:bf:f5:ee:ab:30:6e:7a:47:f2:55:fd:63:c8:1f:89:
         90:d8:c2:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzWw45YdOU4/AdDmvB94hJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMzEwMDgwMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRkMTA4NzViNWU2M2EzYWU1YWUwZjk3YWVjNzY4NDM0NDNiMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkezBHCpI5frFxJyYA3j/iUxjYj3o
sZbBY3lXJOibiJRKbdeO8T6YnxHwjNcPOQudBR5BUC9QIs+mTkyTN+J4Pn3mFey1
wkfqa5JAnvLbXk379Wahb8J47UWX4hDNUZizcRo2BZqGch15bjzZxEsvVEpgL5FB
QqLBzRTGGX9zIGkK2ezKEaGAKekmzm5Tvk2ah0oUqXhFeBOBOOn5i9Z1sJHxB8Qx
AhQCYTztmMAi8uKhtmIMdrEVcSXZfrHmvxSV7I4/N+fzW1ZnPZuaCxgeVoW1u+nK
Wr8LWQh6Fc4IfDOKO6V0G9BwATxxIC3pCEdZFOeQyHcCBLhs2Lop4km6GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN7dEIdbXmOjrlrg+XrsdoQ0Q7KJMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvM3QwUWgxdGVZNk91V3VENWV1eDJoRFJEc29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8HpAwQA
wZemMA0GCSqGSIb3DQEBCwUAA4IBAQCraA8a2TD1f/rz37w8wh+dtHtIn8eJRE2B
SzGQjOZQ9lip1KJUn3G4N1aXdS1WClNDDv59N/ongGTQHYQ2H7tIt0NwmeylJkza
2liMHc1xTF5k+DkgfbXovmZskCx1hNB+vyg8ZRTDCEQW2sjczNZEN+GGJFhBqWkN
jaEyOIt0gx7fDoCI9dx0EME2vE3h2LN+ijL+xjg5n02IFAGlz7SfgfeRbOtMs27h
K59x/VhQuvVbTGtpkof3Vfq7lg1XrtKgpWwP/mgAJwb2OXJGpx0p+TDsoZ6vDqhp
wSY5p5RqSV+GP+CUK09+c3ZQ0Ym/9e6rMG56R/JV/WPIH4mQ2MKX
-----END CERTIFICATE-----