Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/7qTepYATqKVXyyn2qZtoxxFTcjA.roa
File:                     7qTepYATqKVXyyn2qZtoxxFTcjA.roa (raw, json)
Hash identifier:          zj/P1u6iWoahM98pNTDlWucnNtLUswY/H6W+OVzgPg0=
Subject key identifier:   EE:A4:DE:A5:80:13:A8:A5:57:CB:29:F6:A9:9B:68:C7:11:53:72:30
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       019D42EEC61988D47925D057682EC6DAB78D
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/7qTepYATqKVXyyn2qZtoxxFTcjA.roa
Signing time:             Tue 31 Mar 2026 08:07:17 +0000
ROA not before:           Tue 31 Mar 2026 08:07:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59547
IP address blocks:        151.248.48.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:ee:c6:19:88:d4:79:25:d0:57:68:2e:c6:da:b7:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Mar 31 08:07:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eea4dea58013a8a557cb29f6a99b68c711537230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d2:17:98:f4:4d:4c:09:78:60:90:b0:9d:fc:
                    e5:84:f4:ae:09:38:e9:73:34:6a:22:f8:9f:cc:9c:
                    f5:52:c0:c3:1b:d7:14:41:0f:93:a9:ce:3f:b6:f1:
                    44:db:e4:29:ef:93:0a:3d:29:6d:56:4e:79:11:4c:
                    be:91:c2:9f:38:bf:5f:a2:b3:93:d3:fa:92:94:c0:
                    b7:b0:73:1a:a8:d6:85:e5:e0:8e:09:f0:19:e9:b3:
                    f3:1d:1f:90:5c:20:ca:09:cf:0c:85:48:4a:6a:77:
                    97:2b:be:7f:56:08:29:a5:ff:c9:81:ea:7e:1e:3f:
                    92:ff:b0:ce:ac:aa:d7:67:0a:a8:85:34:6e:d8:05:
                    6f:ff:fa:60:94:70:97:f3:03:a2:7c:97:65:13:ff:
                    d7:3c:69:8d:ad:11:db:07:6a:59:97:fd:10:af:6c:
                    c9:56:18:53:c2:1b:69:d9:8f:31:c9:ea:49:d2:e5:
                    32:a6:dd:d1:39:3b:0b:6d:dc:10:de:9e:dc:ea:d7:
                    6d:eb:7a:12:34:e4:4d:cd:6c:81:26:77:6d:12:72:
                    ba:57:de:6b:f8:f6:a0:b2:7b:b3:51:72:79:13:d1:
                    09:2a:60:e1:37:65:ca:24:93:2c:32:fa:dd:48:04:
                    aa:51:fa:03:01:e0:34:3c:cf:3e:66:d4:33:52:6e:
                    95:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A4:DE:A5:80:13:A8:A5:57:CB:29:F6:A9:9B:68:C7:11:53:72:30
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/7qTepYATqKVXyyn2qZtoxxFTcjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:92:02:d0:8e:d2:f3:69:71:ae:88:5f:85:48:80:42:50:82:
         d0:38:48:b7:01:7b:51:67:a5:ef:51:65:54:4f:36:5b:34:81:
         62:1a:6e:55:2a:07:b5:ad:d2:7e:e6:6a:52:c3:fe:27:ab:e8:
         90:f2:1a:8a:c8:72:e2:63:6a:4d:69:7f:cc:5b:8d:b0:0b:6f:
         0b:e5:a4:9f:c2:b9:ad:0c:f8:cd:6c:68:18:33:b0:e9:3b:fe:
         ce:3f:9a:e5:13:c8:03:4c:dd:a8:02:56:42:8a:59:b0:75:12:
         4d:42:4e:7a:4d:da:1e:c8:f7:97:39:9e:f0:21:a8:72:2e:2e:
         77:a1:c8:8c:35:0a:0d:14:cf:53:9d:39:28:a0:04:e6:58:79:
         e4:e2:4b:85:da:59:cd:6c:a7:25:90:07:86:9f:49:56:37:38:
         98:47:47:cf:e2:d8:29:7f:67:d4:e7:a9:3a:3c:85:ea:9f:14:
         00:3e:21:e2:99:dc:a6:b5:97:ed:d6:92:cd:5f:08:21:70:c7:
         20:e0:7e:9f:d7:1e:40:54:3a:a6:64:16:5b:84:6d:27:8d:47:
         ed:43:9b:ec:95:35:f6:11:1c:b7:b1:e6:3c:94:a8:18:93:d3:
         1c:43:1d:71:6e:a2:47:52:13:50:d6:61:e9:53:45:0b:41:ed:
         46:9e:33:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1C7sYZiNR5JdBXaC7G2reNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjYwMzMxMDgwNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE0ZGVhNTgwMTNhOGE1NTdjYjI5ZjZhOTliNjhjNzExNTM3MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdIXmPRNTAl4YJCwnfzlhPSuCTjp
czRqIvifzJz1UsDDG9cUQQ+Tqc4/tvFE2+Qp75MKPSltVk55EUy+kcKfOL9forOT
0/qSlMC3sHMaqNaF5eCOCfAZ6bPzHR+QXCDKCc8MhUhKaneXK75/Vggppf/Jgep+
Hj+S/7DOrKrXZwqohTRu2AVv//pglHCX8wOifJdlE//XPGmNrRHbB2pZl/0Qr2zJ
VhhTwhtp2Y8xyepJ0uUypt3ROTsLbdwQ3p7c6tdt63oSNORNzWyBJndtEnK6V95r
+PagsnuzUXJ5E9EJKmDhN2XKJJMsMvrdSASqUfoDAeA0PM8+ZtQzUm6VFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6k3qWAE6ilV8sp9qmbaMcRU3IwMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvN3FUZXBZQVRxS1ZYeXluMnFadG94eEZUY2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl/gwMA0G
CSqGSIb3DQEBCwUAA4IBAQApkgLQjtLzaXGuiF+FSIBCUILQOEi3AXtRZ6XvUWVU
TzZbNIFiGm5VKge1rdJ+5mpSw/4nq+iQ8hqKyHLiY2pNaX/MW42wC28L5aSfwrmt
DPjNbGgYM7DpO/7OP5rlE8gDTN2oAlZCilmwdRJNQk56TdoeyPeXOZ7wIahyLi53
ociMNQoNFM9TnTkooATmWHnk4kuF2lnNbKclkAeGn0lWNziYR0fP4tgpf2fU56k6
PIXqnxQAPiHimdymtZft1pLNXwghcMcg4H6f1x5AVDqmZBZbhG0njUftQ5vslTX2
ERy3seY8lKgYk9McQx1xbqJHUhNQ1mHpU0ULQe1GnjM6
-----END CERTIFICATE-----