Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/DmoDqDPowCrVpCCkIKS4Nf6g_kI.roa
File:                     DmoDqDPowCrVpCCkIKS4Nf6g_kI.roa (raw, json)
Hash identifier:          7od5f7R8DSJPoJQHbrlbRFv+w64a+rw+WvHvRvhjbSo=
Subject key identifier:   0E:6A:03:A8:33:E8:C0:2A:D5:A4:20:A4:20:A4:B8:35:FE:A0:FE:42
Certificate issuer:       /CN=d291741252bb9c4cda80047dfb01ce98c219d180
Certificate serial:       019B7BA4C72DF8A7737BF752E79B5C6AE9A5
Authority key identifier: D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/DmoDqDPowCrVpCCkIKS4Nf6g_kI.roa
Signing time:             Thu 01 Jan 2026 22:19:15 +0000
ROA not before:           Thu 01 Jan 2026 22:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209441
IP address blocks:        5.253.220.0/24 maxlen: 24
                          5.253.221.0/24 maxlen: 24
                          5.253.222.0/24 maxlen: 24
                          5.253.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:c7:2d:f8:a7:73:7b:f7:52:e7:9b:5c:6a:e9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d291741252bb9c4cda80047dfb01ce98c219d180
        Validity
            Not Before: Jan  1 22:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e6a03a833e8c02ad5a420a420a4b835fea0fe42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:54:f7:32:ec:bd:e4:85:21:e3:a3:ae:54:4b:
                    48:be:c1:0f:f5:0d:3c:91:7c:a2:f2:d2:ca:66:3d:
                    53:26:aa:33:aa:93:37:32:5e:7b:86:7a:85:27:ec:
                    e2:b8:96:f9:37:fc:9d:db:42:68:38:32:e3:c8:9e:
                    43:3b:cd:fc:da:5d:ce:fc:62:43:59:d4:ef:4e:6f:
                    e9:68:07:50:70:59:13:b2:66:d9:d9:d1:ca:92:fd:
                    c4:55:04:23:28:f5:8f:3a:a8:06:ba:b2:5d:48:5b:
                    8f:d3:06:d3:43:83:56:13:c4:55:38:fe:1f:2a:ce:
                    2c:cf:c2:27:10:10:1b:e4:f8:40:b4:2d:24:ac:b7:
                    b5:35:29:18:05:39:ae:ac:e7:a2:ef:d8:72:b8:c1:
                    78:17:d9:38:76:a3:6d:23:7d:0f:87:cc:e2:5a:d7:
                    09:8c:ea:cf:2c:74:d7:fd:e1:28:35:cd:4a:8e:7f:
                    53:e4:a2:66:0a:ea:c3:d4:e8:ce:9b:00:f2:75:75:
                    15:83:51:41:bb:37:1b:e2:b6:f5:14:84:c9:c4:1c:
                    68:75:96:1c:84:93:36:c7:46:90:7e:4b:0f:ea:21:
                    3d:a8:28:e9:3c:0f:99:5c:78:0d:2c:4f:b8:af:1a:
                    35:20:45:7c:78:13:b2:10:9c:45:f8:41:31:d8:29:
                    10:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6A:03:A8:33:E8:C0:2A:D5:A4:20:A4:20:A4:B8:35:FE:A0:FE:42
            X509v3 Authority Key Identifier:
                keyid:D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/DmoDqDPowCrVpCCkIKS4Nf6g_kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:5a:f2:30:e4:a4:42:b3:35:98:22:24:5f:f2:2a:19:63:2c:
         66:89:46:21:c2:00:38:82:9f:39:e1:6a:25:aa:ad:d8:fa:87:
         34:c3:b0:4c:1b:43:f5:54:7e:6b:e4:ef:7c:cc:30:dd:e9:cf:
         da:cc:f3:1c:d1:17:96:88:3f:ae:e9:da:96:18:29:80:28:06:
         df:6f:ef:dc:9d:82:e0:2e:5e:d2:ec:e7:ab:eb:fe:71:79:6d:
         da:18:12:97:7a:46:25:3f:6c:a4:6b:69:f6:04:7c:52:40:db:
         3a:12:3a:b1:d3:51:97:64:13:92:34:b2:b4:8a:8b:a5:17:f6:
         76:6b:dd:b2:f3:c7:9d:e2:5a:20:90:89:4c:63:60:92:09:aa:
         0d:d8:c4:9d:56:f4:60:48:61:12:fc:4d:43:d4:eb:45:61:d0:
         84:dd:10:6e:19:42:ee:8e:72:55:c4:d9:77:b0:b7:4a:82:32:
         4c:c1:f2:73:5e:2f:92:b2:7f:f6:05:67:3d:27:67:40:58:9d:
         b2:d6:4c:3f:4f:e1:2b:f0:a3:62:c8:ca:85:0c:67:a9:d1:ff:
         b1:65:3f:f9:54:da:8f:8c:fa:9b:e3:ec:08:17:43:6d:00:eb:
         62:91:b2:75:97:83:79:5d:9c:e3:32:a5:70:3a:73:27:61:64:
         6a:ee:b8:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pMct+Kdze/dS55tcaumlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOTE3NDEyNTJiYjljNGNkYTgwMDQ3ZGZiMDFjZTk4YzIx
OWQxODAwHhcNMjYwMTAxMjIxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZhMDNhODMzZThjMDJhZDVhNDIwYTQyMGE0YjgzNWZlYTBmZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FT3Muy95IUh46OuVEtIvsEP9Q08
kXyi8tLKZj1TJqozqpM3Ml57hnqFJ+ziuJb5N/yd20JoODLjyJ5DO8382l3O/GJD
WdTvTm/paAdQcFkTsmbZ2dHKkv3EVQQjKPWPOqgGurJdSFuP0wbTQ4NWE8RVOP4f
Ks4sz8InEBAb5PhAtC0krLe1NSkYBTmurOei79hyuMF4F9k4dqNtI30Ph8ziWtcJ
jOrPLHTX/eEoNc1Kjn9T5KJmCurD1OjOmwDydXUVg1FBuzcb4rb1FITJxBxodZYc
hJM2x0aQfksP6iE9qCjpPA+ZXHgNLE+4rxo1IEV8eBOyEJxF+EEx2CkQyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5qA6gz6MAq1aQgpCCkuDX+oP5CMB8GA1UdIwQY
MBaAFNKRdBJSu5xM2oAEffsBzpjCGdGAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHBGMEVsSzduRXphZ0FSOS13SE9tTUlaMFlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zYmE2ZmMtMmQ0OS00YWZmLTkyMjkt
NDhiOTU3MjY0YzI2LzEvRG1vRHFEUG93Q3JWcENDa0lLUzROZjZnX2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zYmE2ZmMtMmQ0OS00YWZmLTkyMjktNDhiOTU3MjY0YzI2
LzEvMHBGMEVsSzduRXphZ0FSOS13SE9tTUlaMFlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf3cMA0G
CSqGSIb3DQEBCwUAA4IBAQCaWvIw5KRCszWYIiRf8ioZYyxmiUYhwgA4gp854Wol
qq3Y+oc0w7BMG0P1VH5r5O98zDDd6c/azPMc0ReWiD+u6dqWGCmAKAbfb+/cnYLg
Ll7S7Oer6/5xeW3aGBKXekYlP2yka2n2BHxSQNs6Ejqx01GXZBOSNLK0ioulF/Z2
a92y88ed4logkIlMY2CSCaoN2MSdVvRgSGES/E1D1OtFYdCE3RBuGULujnJVxNl3
sLdKgjJMwfJzXi+Ssn/2BWc9J2dAWJ2y1kw/T+Er8KNiyMqFDGep0f+xZT/5VNqP
jPqb4+wIF0NtAOtikbJ1l4N5XZzjMqVwOnMnYWRq7rgu
-----END CERTIFICATE-----