Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/IDKO7jIqiR_FuIZh_0QPOX0acJY.roa
File:                     IDKO7jIqiR_FuIZh_0QPOX0acJY.roa (raw, json)
Hash identifier:          SUuyXo0XyLewTNjHOeFN03+QZPEkWcPb1M5NStmw+t0=
Subject key identifier:   20:32:8E:EE:32:2A:89:1F:C5:B8:86:61:FF:44:0F:39:7D:1A:70:96
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019D44836F82A2270E358DDBF4BDC4277636
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/IDKO7jIqiR_FuIZh_0QPOX0acJY.roa
Signing time:             Tue 31 Mar 2026 15:29:17 +0000
ROA not before:           Tue 31 Mar 2026 15:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        217.147.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:83:6f:82:a2:27:0e:35:8d:db:f4:bd:c4:27:76:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Mar 31 15:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20328eee322a891fc5b88661ff440f397d1a7096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9f:a7:eb:28:49:1f:be:5d:8c:ae:30:3b:18:
                    15:a7:c9:65:4f:13:f4:a1:11:71:09:a4:f9:38:63:
                    55:44:df:83:52:52:5b:7b:47:96:9e:c8:18:4a:7a:
                    6d:e1:66:78:b5:09:1d:51:bd:94:8d:3b:2d:7f:0d:
                    df:42:8a:ab:c6:c7:bc:aa:9b:21:0a:69:8e:55:88:
                    2c:3b:df:60:71:a5:86:1d:7b:13:2e:a0:81:53:8e:
                    70:d6:07:41:ff:76:25:dc:bd:52:fd:df:ee:09:de:
                    39:54:29:fb:42:5a:b6:62:77:3c:aa:f4:d4:81:d7:
                    f9:5f:5e:d9:11:a4:6e:de:cf:af:fe:df:37:72:55:
                    f7:84:a5:33:33:97:0f:52:91:b2:38:16:84:32:91:
                    90:e5:d4:fa:a8:eb:79:55:bf:34:37:fa:b1:ed:78:
                    36:55:a5:0e:5a:ab:36:5d:5c:d9:cd:9b:ce:96:b9:
                    b3:ce:94:ff:04:da:f3:b2:df:64:bf:3d:b4:93:be:
                    a4:93:45:0a:2d:27:ee:61:ca:ba:0a:fe:bb:5d:0e:
                    4d:19:9b:9a:bb:f3:ca:5b:cd:5a:4c:1c:5c:de:89:
                    5a:30:05:46:b9:c9:e1:8e:93:07:4d:bd:5d:87:55:
                    68:a2:65:33:41:0e:48:a4:12:f2:8d:32:7a:65:00:
                    ab:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:32:8E:EE:32:2A:89:1F:C5:B8:86:61:FF:44:0F:39:7D:1A:70:96
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/IDKO7jIqiR_FuIZh_0QPOX0acJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:81:50:5c:9c:1e:28:b9:bd:20:4e:f1:5f:af:c0:c9:50:d4:
         68:8b:dd:60:ed:97:77:5c:9a:3d:81:d9:c6:ef:c3:8c:45:4c:
         e1:98:80:48:74:81:a4:48:3e:51:5c:0b:f5:cf:22:8a:d9:1f:
         57:f2:38:75:77:37:7a:5a:c3:f4:41:cd:0f:03:fa:d4:39:d1:
         aa:81:69:fd:62:fa:c4:c0:bf:f4:91:1a:ca:56:ec:75:10:6d:
         eb:62:08:56:28:fb:6c:70:bb:fa:e7:5f:fb:22:a9:d2:18:fb:
         f5:42:ba:fb:e2:c4:80:0d:1b:4b:b6:69:cf:75:07:48:5b:e1:
         25:f5:53:f0:fe:55:6a:7c:6a:e4:a5:b4:7d:31:3d:28:17:c2:
         d5:7b:23:b4:c5:38:bf:4f:be:8d:a7:78:b9:d3:c9:d0:16:22:
         db:07:b8:e7:37:71:16:4a:ee:b1:db:8e:77:6c:81:a5:6c:87:
         8e:b8:e9:46:a9:05:75:87:ae:35:8c:55:83:25:30:f2:a3:44:
         da:c1:93:d4:3f:f7:c2:7b:84:6e:24:ec:9f:eb:7f:5d:a6:e3:
         38:29:10:50:52:92:2b:1d:95:58:3d:56:c2:1b:9a:07:b2:68:
         b9:bc:e7:16:c0:4c:c1:f2:33:94:87:a7:dc:10:d6:7f:89:58:
         dd:7f:19:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Eg2+CoicONY3b9L3EJ3Y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMzMxMTUyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDMyOGVlZTMyMmE4OTFmYzViODg2NjFmZjQ0MGYzOTdkMWE3MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp+n6yhJH75djK4wOxgVp8llTxP0
oRFxCaT5OGNVRN+DUlJbe0eWnsgYSnpt4WZ4tQkdUb2UjTstfw3fQoqrxse8qpsh
CmmOVYgsO99gcaWGHXsTLqCBU45w1gdB/3Yl3L1S/d/uCd45VCn7Qlq2Ync8qvTU
gdf5X17ZEaRu3s+v/t83clX3hKUzM5cPUpGyOBaEMpGQ5dT6qOt5Vb80N/qx7Xg2
VaUOWqs2XVzZzZvOlrmzzpT/BNrzst9kvz20k76kk0UKLSfuYcq6Cv67XQ5NGZua
u/PKW81aTBxc3olaMAVGucnhjpMHTb1dh1VoomUzQQ5IpBLyjTJ6ZQCrKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAyju4yKokfxbiGYf9EDzl9GnCWMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvSURLTzdqSXFpUl9GdUlaaF8wUVBPWDBhY0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQCZgVBcnB4oub0gTvFfr8DJUNRoi91g7Zd3XJo9gdnG
78OMRUzhmIBIdIGkSD5RXAv1zyKK2R9X8jh1dzd6WsP0Qc0PA/rUOdGqgWn9YvrE
wL/0kRrKVux1EG3rYghWKPtscLv651/7IqnSGPv1Qrr74sSADRtLtmnPdQdIW+El
9VPw/lVqfGrkpbR9MT0oF8LVeyO0xTi/T76Np3i508nQFiLbB7jnN3EWSu6x2453
bIGlbIeOuOlGqQV1h641jFWDJTDyo0TawZPUP/fCe4RuJOyf639dpuM4KRBQUpIr
HZVYPVbCG5oHsmi5vOcWwEzB8jOUh6fcENZ/iVjdfxnb
-----END CERTIFICATE-----