Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dg_5dtbjiCILO1TrwKH6tNu2KNY.roa
File:                     dg_5dtbjiCILO1TrwKH6tNu2KNY.roa (raw, json)
Hash identifier:          UXzi1O774Ep0Ptx0vgv9lNAfx7TL0k9NCTeDl/Nc3iM=
Subject key identifier:   76:0F:F9:76:D6:E3:88:22:0B:3B:54:EB:C0:A1:FA:B4:DB:B6:28:D6
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019C7B93C1E9CF38A43C0E4B7FBA9F0CBFB4
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dg_5dtbjiCILO1TrwKH6tNu2KNY.roa
Signing time:             Fri 20 Feb 2026 15:03:26 +0000
ROA not before:           Fri 20 Feb 2026 15:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     286
IP address blocks:        138.226.16.0/20 maxlen: 20
                          138.226.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:93:c1:e9:cf:38:a4:3c:0e:4b:7f:ba:9f:0c:bf:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Feb 20 15:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=760ff976d6e388220b3b54ebc0a1fab4dbb628d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:01:5f:1b:9a:6a:c6:41:be:14:93:cd:41:c7:
                    b6:53:e3:f0:23:f4:0e:09:78:24:72:a6:9f:de:48:
                    c4:62:10:fd:86:71:f5:48:3b:43:46:8b:4d:5a:81:
                    59:f8:26:d2:87:29:b2:2f:05:bc:f2:f2:ca:91:00:
                    6e:59:3a:fc:eb:2a:40:e0:e8:57:91:79:b8:80:80:
                    47:a0:d0:0b:90:32:ee:30:e8:f7:f8:f7:ca:a4:b2:
                    a2:2a:b2:6e:23:c2:e3:a0:27:07:51:ec:26:c7:49:
                    97:8d:72:68:d8:19:37:c8:54:85:29:d5:7c:41:5d:
                    1b:ae:a6:f3:ef:cc:e7:01:43:4d:66:25:db:38:4d:
                    71:6f:fe:ce:93:86:3f:ea:ce:19:a0:c9:50:3f:93:
                    f0:24:c4:ac:1d:51:b3:4f:78:28:a2:77:fc:b7:9c:
                    29:5a:14:96:80:be:7c:0d:09:6f:29:24:4f:36:1a:
                    cc:83:4a:30:3e:35:98:07:cb:1b:cd:77:72:36:89:
                    4e:ec:7f:72:ef:25:aa:72:d3:59:a8:1c:06:af:28:
                    78:37:89:48:ad:72:fd:07:40:d0:21:ef:dc:af:3a:
                    99:7e:17:cd:aa:a9:c8:61:c4:a5:d6:74:44:7a:48:
                    4c:21:85:d7:5b:db:8f:56:ba:cc:26:ce:b1:f6:ec:
                    16:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0F:F9:76:D6:E3:88:22:0B:3B:54:EB:C0:A1:FA:B4:DB:B6:28:D6
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dg_5dtbjiCILO1TrwKH6tNu2KNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.16.0/20
                  138.226.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:2b:09:c3:64:a7:37:76:68:54:ce:8c:23:8f:94:09:50:56:
         e3:b2:86:e4:14:16:9c:0c:c0:45:7f:ec:a9:9b:23:27:13:69:
         5e:65:81:37:17:6f:d5:7a:26:9c:ac:c2:78:20:ee:98:91:db:
         10:79:44:8f:bd:24:68:e2:6e:d8:d2:8a:d8:35:d0:7c:14:d5:
         57:1f:d3:88:dc:dc:0e:a9:09:80:bc:a2:5f:ec:3a:cb:0b:f3:
         db:82:be:bb:29:55:b3:80:9d:de:ec:f9:58:fd:c8:48:a7:b6:
         e0:be:3b:e0:34:11:70:b4:5f:42:38:72:20:1b:74:e1:d3:03:
         50:70:70:4d:68:7b:59:fc:06:90:5e:9b:37:4a:1e:89:2c:e5:
         1c:69:ea:d1:26:c0:24:e4:70:0d:fe:26:70:b1:3f:85:fd:d2:
         b2:1d:2c:fb:ae:a5:a3:9d:63:d0:08:bb:ca:0d:27:c7:7c:72:
         6e:12:33:87:8b:71:9a:61:c7:91:2f:bd:27:3d:c9:0a:e8:c7:
         fe:94:ee:90:3c:34:b9:c6:42:f7:1c:b8:ae:1e:c4:f8:b4:94:
         db:e5:2e:b9:02:5a:15:b6:e4:c0:1f:af:17:3d:c5:9b:98:95:
         ff:95:f2:ae:39:4d:39:db:ba:7f:03:99:c5:0e:e2:2f:b4:de:
         7c:39:f6:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx7k8HpzzikPA5Lf7qfDL+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwMjIwMTUwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjBmZjk3NmQ2ZTM4ODIyMGIzYjU0ZWJjMGExZmFiNGRiYjYyOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgFfG5pqxkG+FJPNQce2U+PwI/QO
CXgkcqaf3kjEYhD9hnH1SDtDRotNWoFZ+CbShymyLwW88vLKkQBuWTr86ypA4OhX
kXm4gIBHoNALkDLuMOj3+PfKpLKiKrJuI8LjoCcHUewmx0mXjXJo2Bk3yFSFKdV8
QV0brqbz78znAUNNZiXbOE1xb/7Ok4Y/6s4ZoMlQP5PwJMSsHVGzT3goonf8t5wp
WhSWgL58DQlvKSRPNhrMg0owPjWYB8sbzXdyNolO7H9y7yWqctNZqBwGryh4N4lI
rXL9B0DQIe/crzqZfhfNqqnIYcSl1nREekhMIYXXW9uPVrrMJs6x9uwWOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHYP+XbW44giCztU68Ch+rTbtijWMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvZGdfNWR0YmppQ0lMTzFUcndLSDZ0TnUyS05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEiuIQAwQE
iuJgMA0GCSqGSIb3DQEBCwUAA4IBAQCHKwnDZKc3dmhUzowjj5QJUFbjsobkFBac
DMBFf+ypmyMnE2leZYE3F2/VeiacrMJ4IO6YkdsQeUSPvSRo4m7Y0orYNdB8FNVX
H9OI3NwOqQmAvKJf7DrLC/Pbgr67KVWzgJ3e7PlY/chIp7bgvjvgNBFwtF9COHIg
G3Th0wNQcHBNaHtZ/AaQXps3Sh6JLOUcaerRJsAk5HAN/iZwsT+F/dKyHSz7rqWj
nWPQCLvKDSfHfHJuEjOHi3GaYceRL70nPckK6Mf+lO6QPDS5xkL3HLiuHsT4tJTb
5S65AloVtuTAH68XPcWbmJX/lfKuOU0527p/A5nFDuIvtN58OfY+
-----END CERTIFICATE-----