Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/Q5KSfGS3tHda5rpVovsFITdTDYg.roa
File:                     Q5KSfGS3tHda5rpVovsFITdTDYg.roa (raw, json)
Hash identifier:          ICa5+GlL+U3Gm/Y9rjnti3iGdfCYMhzdaqvSwGSYDhw=
Subject key identifier:   43:92:92:7C:64:B7:B4:77:5A:E6:BA:55:A2:FB:05:21:37:53:0D:88
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       019C1139DBA4ACD67CEBA50FC0C84E158825
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/Q5KSfGS3tHda5rpVovsFITdTDYg.roa
Signing time:             Fri 30 Jan 2026 23:25:30 +0000
ROA not before:           Fri 30 Jan 2026 23:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        37.153.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:11:39:db:a4:ac:d6:7c:eb:a5:0f:c0:c8:4e:15:88:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Jan 30 23:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4392927c64b7b4775ae6ba55a2fb052137530d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0c:50:4b:0a:89:9a:41:04:e4:2f:0b:83:56:
                    fd:e1:c6:0e:30:c9:19:df:bd:0b:8b:38:a9:4a:03:
                    99:17:7b:85:a3:c9:2c:d7:4c:d5:4f:a2:dd:fe:b0:
                    aa:02:9c:84:cf:5b:28:e8:81:e1:c7:8e:57:46:93:
                    a2:d4:0b:10:c2:1d:ac:eb:c1:0c:9f:a0:0f:45:72:
                    4a:e4:b5:26:2f:68:23:5d:cc:4d:45:74:09:ef:b5:
                    04:0a:a8:4c:a2:c6:3f:dc:34:71:92:9b:23:1a:f3:
                    7c:fb:47:24:22:92:e2:46:7c:d0:52:14:7f:21:a2:
                    51:27:38:d8:12:69:10:1b:99:1a:50:51:25:2a:2e:
                    c9:f6:58:d3:fe:23:8d:cc:dc:dd:84:49:f2:42:23:
                    d7:03:da:26:fd:f7:e2:42:f6:3a:78:3f:6d:d6:35:
                    52:98:f1:70:7a:12:e5:ae:76:6c:29:94:a2:94:52:
                    f0:5d:a6:a1:01:0e:71:09:99:c2:67:47:48:10:2c:
                    e1:49:e2:b8:87:4a:15:55:f1:11:3c:b5:89:0e:96:
                    e9:c8:9d:4d:51:57:9d:e5:3d:d8:c9:df:84:4f:78:
                    a9:83:dc:f6:e5:11:70:76:68:9d:ae:5f:29:e3:d7:
                    6f:4c:5f:6e:91:b0:90:1f:d2:de:07:07:55:fd:4d:
                    4f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:92:92:7C:64:B7:B4:77:5A:E6:BA:55:A2:FB:05:21:37:53:0D:88
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/Q5KSfGS3tHda5rpVovsFITdTDYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:70:46:0b:da:01:dc:45:f7:e4:5a:8f:a9:2b:a4:43:e6:21:
         95:5a:22:5d:82:77:14:12:b9:07:6e:38:ff:83:44:40:75:00:
         a2:a9:68:44:68:2c:25:b0:2c:6a:9b:8e:d5:c3:81:2a:99:1f:
         7e:15:19:31:eb:57:4d:3b:7c:07:fa:71:9c:51:a9:d8:cc:90:
         75:b1:38:9a:5d:79:c7:d7:41:cf:95:e6:04:5f:6a:17:a8:72:
         dc:a6:f9:24:a7:7a:62:5d:7e:92:4c:83:47:2c:f3:2e:2d:ba:
         ce:d1:64:0f:d0:d6:9c:51:c3:dc:55:9e:df:09:b1:61:05:b6:
         40:32:0e:55:b1:38:6b:95:a7:90:a2:b5:f2:aa:50:85:fd:e7:
         e8:56:a4:f4:e5:7d:05:a0:6f:97:97:3c:34:9b:bd:46:33:b4:
         3d:6c:c3:cd:02:bd:b2:15:25:c4:19:17:c8:9a:4f:58:6d:36:
         43:4b:76:42:c4:10:5e:18:8a:3e:8a:71:87:05:23:30:a8:2a:
         68:04:17:d7:ab:bb:6d:08:11:5c:b3:5e:10:de:66:33:e7:6a:
         24:53:e2:b8:dd:d2:21:38:67:66:94:d4:c9:e6:44:3a:c9:d1:
         0c:e6:e0:cc:40:1c:73:09:d4:bf:f4:8d:61:b2:5b:57:e0:d7:
         84:38:e8:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwROdukrNZ866UPwMhOFYglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjYwMTMwMjMyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkyOTI3YzY0YjdiNDc3NWFlNmJhNTVhMmZiMDUyMTM3NTMwZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQxQSwqJmkEE5C8Lg1b94cYOMMkZ
370LizipSgOZF3uFo8ks10zVT6Ld/rCqApyEz1so6IHhx45XRpOi1AsQwh2s68EM
n6APRXJK5LUmL2gjXcxNRXQJ77UECqhMosY/3DRxkpsjGvN8+0ckIpLiRnzQUhR/
IaJRJzjYEmkQG5kaUFElKi7J9ljT/iONzNzdhEnyQiPXA9om/ffiQvY6eD9t1jVS
mPFwehLlrnZsKZSilFLwXaahAQ5xCZnCZ0dIECzhSeK4h0oVVfERPLWJDpbpyJ1N
UVed5T3Yyd+ET3ipg9z25RFwdmidrl8p49dvTF9ukbCQH9LeBwdV/U1PrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOSknxkt7R3Wua6VaL7BSE3Uw2IMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvUTVLU2ZHUzN0SGRhNXJwVm92c0ZJVGRURFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmZMA0G
CSqGSIb3DQEBCwUAA4IBAQBccEYL2gHcRffkWo+pK6RD5iGVWiJdgncUErkHbjj/
g0RAdQCiqWhEaCwlsCxqm47Vw4EqmR9+FRkx61dNO3wH+nGcUanYzJB1sTiaXXnH
10HPleYEX2oXqHLcpvkkp3piXX6STINHLPMuLbrO0WQP0NacUcPcVZ7fCbFhBbZA
Mg5VsThrlaeQorXyqlCF/efoVqT05X0FoG+Xlzw0m71GM7Q9bMPNAr2yFSXEGRfI
mk9YbTZDS3ZCxBBeGIo+inGHBSMwqCpoBBfXq7ttCBFcs14Q3mYz52okU+K43dIh
OGdmlNTJ5kQ6ydEM5uDMQBxzCdS/9I1hsltX4NeEOOjN
-----END CERTIFICATE-----