Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Fgu5stglO6Pq50uJK8P5w9nSOtg.roa
File:                     Fgu5stglO6Pq50uJK8P5w9nSOtg.roa (raw, json)
Hash identifier:          hoqPMWoSa2QjmLpPeHJ7kH0PELVdBPVI3YHS2rHkY1Q=
Subject key identifier:   16:0B:B9:B2:D8:25:3B:A3:EA:E7:4B:89:2B:C3:F9:C3:D9:D2:3A:D8
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D9628F8D7924040EE7BA3D257132C2AAA
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Fgu5stglO6Pq50uJK8P5w9nSOtg.roa
Signing time:             Thu 16 Apr 2026 11:59:20 +0000
ROA not before:           Thu 16 Apr 2026 11:59:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        178.253.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:28:f8:d7:92:40:40:ee:7b:a3:d2:57:13:2c:2a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 16 11:59:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=160bb9b2d8253ba3eae74b892bc3f9c3d9d23ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:53:7e:b9:a4:93:d5:b3:75:33:09:4e:ea:ba:
                    6b:d0:eb:8b:32:50:95:c7:1c:b0:9c:62:48:b2:f1:
                    c8:86:8c:29:f0:38:35:0f:26:ec:fa:da:e4:89:b5:
                    61:94:c9:38:a7:22:ea:5a:63:dd:e9:22:5b:2c:3c:
                    82:e2:9e:f2:11:f3:39:ae:97:6f:7a:04:3b:e6:77:
                    f2:6b:21:af:89:ac:bf:32:07:1d:57:da:79:29:4e:
                    a5:1e:64:8a:f2:ca:da:47:23:39:40:e5:ea:74:ad:
                    4c:ba:e4:08:a9:60:32:fd:ff:e6:49:9d:de:80:fb:
                    83:19:1d:5c:38:d3:84:67:33:e9:5b:a9:b1:57:fe:
                    de:20:31:1d:ff:d9:39:46:01:35:8d:b1:58:15:4d:
                    00:c7:af:17:2b:18:c9:41:86:68:0c:44:38:7b:73:
                    82:62:1d:0e:c4:03:75:a4:59:e4:49:6f:9b:f1:f1:
                    83:a1:42:f0:ef:19:4a:b5:f4:cc:7f:68:a3:c2:bb:
                    40:51:1b:fb:3a:1c:2e:3b:80:66:b4:ad:b8:df:ab:
                    19:b0:d2:d3:a2:9d:d3:cc:b1:07:ed:3b:40:bc:af:
                    f7:e9:ce:6b:35:cc:b6:a4:fe:9a:91:28:bb:50:26:
                    a0:1f:f3:0f:91:67:a3:60:c6:82:fd:38:7f:e2:ef:
                    c7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:0B:B9:B2:D8:25:3B:A3:EA:E7:4B:89:2B:C3:F9:C3:D9:D2:3A:D8
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Fgu5stglO6Pq50uJK8P5w9nSOtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:36:a5:74:3a:84:87:93:40:57:5f:d8:53:60:65:1c:88:3b:
         70:41:fe:39:ee:7c:63:12:6a:7b:d0:4b:e5:68:d8:b4:4a:54:
         52:8d:ae:4d:66:1a:be:6d:66:46:ac:7a:34:4c:30:b6:94:b8:
         ee:93:cb:52:a4:40:94:78:a8:e8:fd:03:12:8d:b4:29:1b:80:
         2f:12:04:b2:26:8d:a0:6f:76:a9:7b:9d:f9:38:87:c9:68:7f:
         70:14:bc:32:e0:cc:2f:f4:fe:53:86:e5:ec:db:5a:64:c7:ac:
         47:ba:62:23:f6:cc:98:b5:37:29:a5:2c:3b:13:91:a6:8f:8e:
         2d:58:84:56:75:09:6b:f1:8a:60:ca:c2:08:93:31:34:9f:19:
         b1:cd:f2:a0:b1:9b:5f:7b:5f:7a:93:f8:9d:4b:bc:17:77:b3:
         f3:a4:b0:eb:df:0b:db:e3:b3:fd:e7:6f:9b:f1:92:31:86:00:
         c5:0c:11:57:ed:bf:76:8b:9b:aa:e5:dc:ad:97:7c:85:c8:82:
         22:0c:c8:23:94:0c:ee:7f:56:ce:d8:3c:e0:e0:75:60:b6:4f:
         ca:be:11:3d:49:89:ae:f8:9a:fc:87:b1:9f:89:f9:80:0b:c0:
         35:cd:b4:db:e6:19:fa:63:27:a8:1b:42:64:75:d4:41:2b:b2:
         3f:22:3b:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WKPjXkkBA7nuj0lcTLCqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDE2MTE1OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjBiYjliMmQ4MjUzYmEzZWFlNzRiODkyYmMzZjljM2Q5ZDIzYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VN+uaST1bN1MwlO6rpr0OuLMlCV
xxywnGJIsvHIhowp8Dg1Dybs+trkibVhlMk4pyLqWmPd6SJbLDyC4p7yEfM5rpdv
egQ75nfyayGviay/MgcdV9p5KU6lHmSK8sraRyM5QOXqdK1MuuQIqWAy/f/mSZ3e
gPuDGR1cONOEZzPpW6mxV/7eIDEd/9k5RgE1jbFYFU0Ax68XKxjJQYZoDEQ4e3OC
Yh0OxAN1pFnkSW+b8fGDoULw7xlKtfTMf2ijwrtAURv7OhwuO4BmtK2436sZsNLT
op3TzLEH7TtAvK/36c5rNcy2pP6akSi7UCagH/MPkWejYMaC/Th/4u/H4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYLubLYJTuj6udLiSvD+cPZ0jrYMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvRmd1NXN0Z2xPNlBxNTB1Sks4UDV3OW5TT3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0fMA0G
CSqGSIb3DQEBCwUAA4IBAQAgNqV0OoSHk0BXX9hTYGUciDtwQf457nxjEmp70Evl
aNi0SlRSja5NZhq+bWZGrHo0TDC2lLjuk8tSpECUeKjo/QMSjbQpG4AvEgSyJo2g
b3ape535OIfJaH9wFLwy4Mwv9P5ThuXs21pkx6xHumIj9syYtTcppSw7E5Gmj44t
WIRWdQlr8YpgysIIkzE0nxmxzfKgsZtfe196k/idS7wXd7PzpLDr3wvb47P952+b
8ZIxhgDFDBFX7b92i5uq5dytl3yFyIIiDMgjlAzuf1bO2Dzg4HVgtk/KvhE9SYmu
+Jr8h7GfifmAC8A1zbTb5hn6YyeoG0JkddRBK7I/Ijvu
-----END CERTIFICATE-----