Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/AHx6V2Z9QDGtty0wN66x2-zfiI0.roa
File:                     AHx6V2Z9QDGtty0wN66x2-zfiI0.roa (raw, json)
Hash identifier:          pItxmZQDtCGAzgWrKpnF/LBvyS8k60GinL1Cd50YfEc=
Subject key identifier:   00:7C:7A:57:66:7D:40:31:AD:B7:2D:30:37:AE:B1:DB:EC:DF:88:8D
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       019EA16596B2C9E83523B8CAD58AAC8BE837
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/AHx6V2Z9QDGtty0wN66x2-zfiI0.roa
Signing time:             Sun 07 Jun 2026 09:24:09 +0000
ROA not before:           Sun 07 Jun 2026 09:24:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50810
IP address blocks:        5.220.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:65:96:b2:c9:e8:35:23:b8:ca:d5:8a:ac:8b:e8:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jun  7 09:24:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=007c7a57667d4031adb72d3037aeb1dbecdf888d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:02:ca:1d:6e:b4:84:d6:36:26:c6:91:e7:02:
                    49:ba:ca:ee:22:dc:96:b2:75:ee:e4:ec:e6:03:2a:
                    ce:36:0d:c1:5d:b4:51:20:7d:30:80:22:f6:7e:34:
                    38:07:1f:11:ac:19:6e:2b:4a:f7:cc:46:69:61:85:
                    9f:f5:b0:8d:49:4d:9d:09:61:7a:70:85:62:3a:ba:
                    42:43:a7:85:7d:f0:45:36:75:86:d9:fe:98:db:e3:
                    f3:cd:e8:b3:85:12:a0:03:c7:7a:13:d3:36:4f:3f:
                    88:3d:0e:77:e9:1f:5a:39:3a:cd:ce:9c:36:d2:84:
                    be:2f:8a:91:bb:11:c2:8d:2a:76:ee:71:12:21:87:
                    c9:0d:0b:98:3e:6d:e7:8f:6d:af:bb:ca:6b:3d:de:
                    f9:33:8b:08:93:22:a4:cf:86:79:75:c4:26:39:73:
                    86:71:b0:d4:04:1b:25:ec:bf:d1:07:80:54:03:d6:
                    6d:9e:7d:27:32:fb:fb:fa:c8:1f:d9:14:40:94:e5:
                    1c:d5:96:03:a6:99:55:d8:aa:ce:9e:75:4e:47:95:
                    9a:7e:0e:d2:4a:a8:21:1d:3b:fc:b4:43:1f:14:f4:
                    97:06:1d:45:38:53:74:d7:8a:a0:e8:4c:7c:b8:31:
                    58:4b:d7:db:8a:19:c6:49:ca:87:69:cb:a3:25:1d:
                    de:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7C:7A:57:66:7D:40:31:AD:B7:2D:30:37:AE:B1:DB:EC:DF:88:8D
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/AHx6V2Z9QDGtty0wN66x2-zfiI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.220.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b2:d5:b7:da:1e:c9:ca:a9:c7:5f:e6:61:7e:3e:7f:d7:a8:
         87:1a:ec:b2:2b:a8:12:6d:80:59:52:77:1f:ec:db:c4:a0:1f:
         cd:c0:26:c5:bc:1e:52:55:0d:57:4c:d4:c4:e8:e9:d5:61:05:
         6f:f8:32:d8:b2:17:6c:9e:ef:98:90:fb:72:e4:b2:b8:12:ad:
         13:d8:cf:21:3a:21:64:53:a6:2d:08:24:7e:c6:d0:e9:18:d4:
         e2:8a:54:33:24:3f:51:c0:7d:73:77:02:56:18:83:35:b4:24:
         01:99:ff:40:9b:cd:94:2c:15:81:e0:b2:ba:7d:a9:f4:f3:d6:
         68:b4:ec:eb:dc:89:38:bb:9f:75:51:0c:88:da:85:62:27:b2:
         39:ab:45:0d:e6:7a:0a:85:dd:16:3c:26:88:52:c5:ae:a6:44:
         f7:18:53:4a:8d:13:e3:34:d9:03:0e:ab:bf:95:4d:09:34:6e:
         69:86:e2:22:dd:82:cd:6b:a5:49:43:55:9e:6d:70:a6:fd:4b:
         5e:64:dd:04:87:07:15:b4:9d:08:0e:a3:88:b1:be:12:37:2d:
         e9:35:48:7c:c0:73:fa:de:87:e3:6d:b5:30:60:37:66:31:82:
         69:d0:d9:9d:45:a1:97:c8:89:55:ab:5a:bd:47:9c:d9:de:aa:
         be:a2:c1:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hZZayyeg1I7jK1Yqsi+g3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjYwNjA3MDkyNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDdjN2E1NzY2N2Q0MDMxYWRiNzJkMzAzN2FlYjFkYmVjZGY4ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwLKHW60hNY2JsaR5wJJusruItyW
snXu5OzmAyrONg3BXbRRIH0wgCL2fjQ4Bx8RrBluK0r3zEZpYYWf9bCNSU2dCWF6
cIViOrpCQ6eFffBFNnWG2f6Y2+PzzeizhRKgA8d6E9M2Tz+IPQ536R9aOTrNzpw2
0oS+L4qRuxHCjSp27nESIYfJDQuYPm3nj22vu8prPd75M4sIkyKkz4Z5dcQmOXOG
cbDUBBsl7L/RB4BUA9Ztnn0nMvv7+sgf2RRAlOUc1ZYDpplV2KrOnnVOR5Wafg7S
SqghHTv8tEMfFPSXBh1FOFN014qg6Ex8uDFYS9fbihnGScqHacujJR3ehwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAB8eldmfUAxrbctMDeusdvs34iNMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvQUh4NlYyWjlRREd0dHkwd042NngyLXpmaUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABdwAMA0G
CSqGSIb3DQEBCwUAA4IBAQATstW32h7JyqnHX+Zhfj5/16iHGuyyK6gSbYBZUncf
7NvEoB/NwCbFvB5SVQ1XTNTE6OnVYQVv+DLYshdsnu+YkPty5LK4Eq0T2M8hOiFk
U6YtCCR+xtDpGNTiilQzJD9RwH1zdwJWGIM1tCQBmf9Am82ULBWB4LK6fan089Zo
tOzr3Ik4u591UQyI2oViJ7I5q0UN5noKhd0WPCaIUsWupkT3GFNKjRPjNNkDDqu/
lU0JNG5phuIi3YLNa6VJQ1WebXCm/UteZN0EhwcVtJ0IDqOIsb4SNy3pNUh8wHP6
3ofjbbUwYDdmMYJp0NmdRaGXyIlVq1q9R5zZ3qq+osGJ
-----END CERTIFICATE-----