Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/SZxwFn-rv4YHYIn11rPhhdZalEE.roa
File:                     SZxwFn-rv4YHYIn11rPhhdZalEE.roa (raw, json)
Hash identifier:          qGdnGUtcjilIGvYv6gZqj/DBGuFNWX/5F8NZ1f7ELoQ=
Subject key identifier:   49:9C:70:16:7F:AB:BF:86:07:60:89:F5:D6:B3:E1:85:D6:5A:94:41
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       019D4D58E9836FCC40BEB130E4FAD83AD302
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/SZxwFn-rv4YHYIn11rPhhdZalEE.roa
Signing time:             Thu 02 Apr 2026 08:39:25 +0000
ROA not before:           Thu 02 Apr 2026 08:39:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51273
IP address blocks:        212.79.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:58:e9:83:6f:cc:40:be:b1:30:e4:fa:d8:3a:d3:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Apr  2 08:39:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=499c70167fabbf86076089f5d6b3e185d65a9441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cd:f7:08:3e:a6:e1:72:da:36:74:b0:a5:52:
                    9e:48:15:d1:9d:8f:09:de:b0:af:ea:71:0c:67:2e:
                    6f:91:dd:ce:ab:43:4d:34:65:aa:01:5d:8c:77:73:
                    79:d4:70:69:fa:27:56:93:20:fc:a3:bc:44:a8:78:
                    92:83:9f:27:dc:75:33:93:75:ed:e6:f7:ee:12:47:
                    fd:e1:23:6a:a4:68:32:c2:72:b8:56:bb:29:b7:cd:
                    7e:24:e3:7f:96:6a:56:bd:26:f6:86:d1:76:1e:a6:
                    88:8b:a6:03:2b:8a:e0:c6:cc:fe:f1:9d:08:5c:84:
                    5c:f0:dc:cd:57:67:c4:42:5c:76:a3:a3:94:31:db:
                    c2:57:43:4c:dc:19:24:4d:2f:05:d7:ee:5d:41:d2:
                    cc:fa:8b:86:4c:c9:c3:8a:36:f8:00:55:b1:74:be:
                    c8:6e:83:62:18:9b:03:77:b7:c5:b6:4c:72:55:30:
                    18:9c:90:e3:b4:e1:14:11:f1:9c:9f:2d:06:c5:fb:
                    53:07:0a:f7:07:2f:aa:5b:cd:ea:46:a3:06:f5:23:
                    59:bf:b5:26:10:a6:43:4c:49:7f:9d:57:56:c4:e2:
                    07:aa:34:d7:63:a6:c6:86:10:f7:94:05:03:3a:a2:
                    a9:d8:3a:8f:42:38:c7:67:c8:07:31:0b:f2:20:be:
                    5d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:9C:70:16:7F:AB:BF:86:07:60:89:F5:D6:B3:E1:85:D6:5A:94:41
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/SZxwFn-rv4YHYIn11rPhhdZalEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.79.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:41:03:18:b8:42:e1:b1:b8:e8:ea:28:c1:bc:95:f4:a9:42:
         be:c1:e2:87:4c:b0:01:a3:07:14:9c:6a:f8:7c:4a:c6:15:3e:
         93:82:52:82:00:e6:e3:95:24:ce:fa:92:bb:3a:8c:29:09:75:
         10:54:2c:b5:bc:c7:98:c9:87:b9:da:f3:50:78:07:fb:f4:65:
         36:06:2e:95:96:8a:84:5f:89:4c:6a:c1:c8:59:d3:76:4a:83:
         47:b4:7d:a3:12:6c:2e:65:7e:b7:79:f8:51:61:d2:28:79:06:
         3a:2d:6c:fc:32:c1:96:9c:07:a0:91:51:06:a0:aa:e5:b2:db:
         50:cb:7c:b0:ce:b2:15:61:06:c4:ee:33:55:79:40:ba:d8:2d:
         bc:e1:e0:b2:bf:2c:7a:d0:1f:97:7d:e5:c7:b6:3a:39:ab:88:
         c5:3b:8b:c8:9a:e4:0f:a7:a0:61:14:e1:c4:11:9f:32:69:21:
         d0:5e:a5:1b:6c:b1:a2:f2:93:09:a1:e7:b3:78:6e:14:8e:06:
         f6:bb:79:fc:b1:87:0b:a9:a1:a7:2f:3c:ab:e7:f5:5a:1f:a7:
         8d:fe:1a:af:3a:cf:60:e5:c2:95:ed:ac:d3:05:da:13:5e:e5:
         ad:69:29:9a:6a:48:cb:8e:de:69:07:ca:a4:1f:61:13:89:76:
         be:49:0c:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NWOmDb8xAvrEw5PrYOtMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjYwNDAyMDgzOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTljNzAxNjdmYWJiZjg2MDc2MDg5ZjVkNmIzZTE4NWQ2NWE5NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv833CD6m4XLaNnSwpVKeSBXRnY8J
3rCv6nEMZy5vkd3Oq0NNNGWqAV2Md3N51HBp+idWkyD8o7xEqHiSg58n3HUzk3Xt
5vfuEkf94SNqpGgywnK4Vrspt81+JON/lmpWvSb2htF2HqaIi6YDK4rgxsz+8Z0I
XIRc8NzNV2fEQlx2o6OUMdvCV0NM3BkkTS8F1+5dQdLM+ouGTMnDijb4AFWxdL7I
boNiGJsDd7fFtkxyVTAYnJDjtOEUEfGcny0GxftTBwr3By+qW83qRqMG9SNZv7Um
EKZDTEl/nVdWxOIHqjTXY6bGhhD3lAUDOqKp2DqPQjjHZ8gHMQvyIL5dkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmccBZ/q7+GB2CJ9daz4YXWWpRBMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvU1p4d0ZuLXJ2NFlIWUluMTFyUGhoZFphbEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1E9+MA0G
CSqGSIb3DQEBCwUAA4IBAQCaQQMYuELhsbjo6ijBvJX0qUK+weKHTLABowcUnGr4
fErGFT6TglKCAObjlSTO+pK7OowpCXUQVCy1vMeYyYe52vNQeAf79GU2Bi6VloqE
X4lMasHIWdN2SoNHtH2jEmwuZX63efhRYdIoeQY6LWz8MsGWnAegkVEGoKrlsttQ
y3ywzrIVYQbE7jNVeUC62C284eCyvyx60B+XfeXHtjo5q4jFO4vImuQPp6BhFOHE
EZ8yaSHQXqUbbLGi8pMJoeezeG4Ujgb2u3n8sYcLqaGnLzyr5/VaH6eN/hqvOs9g
5cKV7azTBdoTXuWtaSmaakjLjt5pB8qkH2ETiXa+SQzT
-----END CERTIFICATE-----