Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/1a1Hz0PzM6MuhV6g6x_kVg7kspQ.roa
File:                     1a1Hz0PzM6MuhV6g6x_kVg7kspQ.roa (raw, json)
Hash identifier:          SxLq0IDA9ULiz8yncJU48iCtZHe0HJA53FejGCQEDC8=
Subject key identifier:   D5:AD:47:CF:43:F3:33:A3:2E:85:5E:A0:EB:1F:E4:56:0E:E4:B2:94
Certificate issuer:       /CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
Certificate serial:       019D9662A5FF9EAA6E1B215068433FABE826
Authority key identifier: DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/1a1Hz0PzM6MuhV6g6x_kVg7kspQ.roa
Signing time:             Thu 16 Apr 2026 13:02:20 +0000
ROA not before:           Thu 16 Apr 2026 13:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49065
IP address blocks:        5.252.128.0/24 maxlen: 24
                          5.252.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:62:a5:ff:9e:aa:6e:1b:21:50:68:43:3f:ab:e8:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
        Validity
            Not Before: Apr 16 13:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5ad47cf43f333a32e855ea0eb1fe4560ee4b294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:18:d6:c4:a7:5d:78:19:b6:60:9c:0b:7d:dd:
                    f7:a7:f3:c2:90:66:c1:05:c8:3b:96:36:33:25:55:
                    26:f2:ec:8b:70:a0:dc:8a:8a:b2:07:19:9f:8e:47:
                    d1:2c:6a:75:29:31:ce:fd:88:25:89:d5:78:5f:4b:
                    55:4f:cc:79:d1:e3:ca:18:0e:b5:4d:22:ea:39:64:
                    62:3c:e2:df:0d:38:e4:1f:e1:8f:16:17:34:23:0f:
                    f0:5a:12:12:48:be:59:0f:ef:69:46:ed:cc:11:5e:
                    62:97:e9:31:99:a9:d4:96:cf:61:cf:67:04:9a:21:
                    ef:13:a6:fa:ed:80:31:99:11:9e:2a:3f:ca:90:5f:
                    b4:5f:5d:c1:76:61:f1:9a:99:97:a3:c2:c5:81:a0:
                    09:12:db:07:87:75:72:cc:1a:8c:5b:b7:fa:4c:ed:
                    8d:f5:90:6b:6e:b8:0a:e0:28:f3:c8:7d:08:5b:24:
                    76:4b:06:8f:24:ff:b8:5e:59:97:3f:c0:1f:bc:2b:
                    1a:5f:30:b0:22:25:54:e7:30:4c:b0:d0:ef:7f:bd:
                    79:47:47:9a:ed:d1:70:88:66:0d:05:c5:db:31:5a:
                    a2:d4:e0:89:07:4e:9a:f8:d7:44:82:92:f2:03:0c:
                    0e:56:56:2f:b2:85:56:e5:31:f2:a0:84:5e:0a:01:
                    bf:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AD:47:CF:43:F3:33:A3:2E:85:5E:A0:EB:1F:E4:56:0E:E4:B2:94
            X509v3 Authority Key Identifier:
                keyid:DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/1a1Hz0PzM6MuhV6g6x_kVg7kspQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:a0:b3:3b:45:ec:6f:72:19:d6:91:aa:9b:f3:48:dc:9a:fb:
         46:01:10:2a:32:20:1a:9f:4c:d4:5a:9f:3f:b9:ae:96:31:87:
         92:97:97:6f:ec:9a:b3:eb:9f:5c:31:47:bc:27:b9:48:3a:7e:
         01:39:37:d6:d1:b2:c1:af:84:69:fd:f2:8c:51:ad:e2:d1:30:
         b2:f0:21:61:9a:be:2d:2c:2b:ee:66:5d:05:3f:27:40:5b:ed:
         9b:c9:35:f1:4a:78:ce:30:15:28:15:84:e0:09:44:df:2d:53:
         55:e6:7a:95:ed:b5:b8:24:5a:de:e0:a0:45:bd:1a:0f:97:eb:
         5e:c7:12:ea:3f:90:6d:62:dc:c7:4d:bb:97:46:2a:b7:47:49:
         ce:89:5f:d5:c2:a2:d6:3f:a5:1f:17:5a:c3:ba:4e:a1:43:e2:
         fe:10:85:f6:29:b9:21:a9:92:d9:31:5f:a1:d5:05:59:ce:bd:
         e4:e7:7d:04:eb:39:37:75:71:8a:b5:73:44:0a:6f:b8:d1:c6:
         e7:ec:21:c2:2f:79:a0:e5:8f:4c:5f:ea:5c:e9:0d:cb:02:9a:
         17:57:50:26:0f:33:5e:82:92:14:f5:39:0b:23:8e:be:43:8c:
         39:41:e6:a2:8e:cb:8f:cb:51:f1:ca:96:cb:46:b1:dc:57:20:
         16:17:18:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WYqX/nqpuGyFQaEM/q+gmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNmRjNDE5MjY0NWM4NDJhNGZhMmY4ODIzNGYyZTVhMTg0
Yzc2NjQwHhcNMjYwNDE2MTMwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWFkNDdjZjQzZjMzM2EzMmU4NTVlYTBlYjFmZTQ1NjBlZTRiMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhjWxKddeBm2YJwLfd33p/PCkGbB
Bcg7ljYzJVUm8uyLcKDcioqyBxmfjkfRLGp1KTHO/YglidV4X0tVT8x50ePKGA61
TSLqOWRiPOLfDTjkH+GPFhc0Iw/wWhISSL5ZD+9pRu3MEV5il+kxmanUls9hz2cE
miHvE6b67YAxmRGeKj/KkF+0X13BdmHxmpmXo8LFgaAJEtsHh3VyzBqMW7f6TO2N
9ZBrbrgK4CjzyH0IWyR2SwaPJP+4XlmXP8AfvCsaXzCwIiVU5zBMsNDvf715R0ea
7dFwiGYNBcXbMVqi1OCJB06a+NdEgpLyAwwOVlYvsoVW5THyoIReCgG//wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWtR89D8zOjLoVeoOsf5FYO5LKUMB8GA1UdIwQY
MBaAFNptxBkmRchCpPoviCNPLloYTHZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUt
ZWVmNzBhYWIwMzVlLzEvMWExSHowUHpNNk11aFY2ZzZ4X2tWZzdrc3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUtZWVmNzBhYWIwMzVl
LzEvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBfyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCkoLM7RexvchnWkaqb80jcmvtGARAqMiAan0zUWp8/
ua6WMYeSl5dv7Jqz659cMUe8J7lIOn4BOTfW0bLBr4Rp/fKMUa3i0TCy8CFhmr4t
LCvuZl0FPydAW+2byTXxSnjOMBUoFYTgCUTfLVNV5nqV7bW4JFre4KBFvRoPl+te
xxLqP5BtYtzHTbuXRiq3R0nOiV/VwqLWP6UfF1rDuk6hQ+L+EIX2KbkhqZLZMV+h
1QVZzr3k530E6zk3dXGKtXNECm+40cbn7CHCL3mg5Y9MX+pc6Q3LApoXV1AmDzNe
gpIU9TkLI46+Q4w5QeaijsuPy1HxypbLRrHcVyAWFxj8
-----END CERTIFICATE-----