Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/8MW5HqzxM8fWAkgdIF87Ez5R_jE.roa
File:                     8MW5HqzxM8fWAkgdIF87Ez5R_jE.roa (raw, json)
Hash identifier:          yqEz69K9RUBzU0ZL3wR6AByNl65m7OmG7mQS2PnAi1Q=
Subject key identifier:   F0:C5:B9:1E:AC:F1:33:C7:D6:02:48:1D:20:5F:3B:13:3E:51:FE:31
Certificate issuer:       /CN=59fad388bea71da2f43f39a45e10141d6f29c428
Certificate serial:       019B76EAFA8247A36DE4C3AFFF77BD49B1ED
Authority key identifier: 59:FA:D3:88:BE:A7:1D:A2:F4:3F:39:A4:5E:10:14:1D:6F:29:C4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfrTiL6nHaL0PzmkXhAUHW8pxCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/8MW5HqzxM8fWAkgdIF87Ez5R_jE.roa
Signing time:             Thu 01 Jan 2026 00:17:49 +0000
ROA not before:           Thu 01 Jan 2026 00:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21171
IP address blocks:        152.90.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/WfrTiL6nHaL0PzmkXhAUHW8pxCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/WfrTiL6nHaL0PzmkXhAUHW8pxCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfrTiL6nHaL0PzmkXhAUHW8pxCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:fa:82:47:a3:6d:e4:c3:af:ff:77:bd:49:b1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59fad388bea71da2f43f39a45e10141d6f29c428
        Validity
            Not Before: Jan  1 00:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0c5b91eacf133c7d602481d205f3b133e51fe31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:14:69:85:ae:5e:d9:db:08:34:4a:94:79:02:
                    1d:02:38:7b:49:97:8e:5e:da:ce:f7:4c:69:30:84:
                    98:20:85:38:9c:36:f7:fc:5a:34:2c:60:e3:60:50:
                    c7:d9:c2:df:e2:38:72:6b:5f:6b:62:ac:c8:76:a1:
                    81:c7:55:8f:6b:6c:83:b9:c5:71:7a:78:61:c0:3c:
                    66:ae:d0:46:dd:43:0a:4b:5e:3e:b1:8a:31:c8:ff:
                    7b:4c:e4:93:16:16:2f:14:ed:25:23:96:0a:34:d2:
                    a6:b9:b3:e9:72:46:34:fe:e4:12:a8:fb:b4:eb:4c:
                    69:08:b2:32:00:61:e1:29:29:64:02:3b:6e:b1:75:
                    44:da:fc:fd:8d:a0:e6:91:07:71:46:43:0a:a7:ab:
                    fc:6c:37:ad:f5:45:91:9f:62:2b:66:b0:82:72:3b:
                    7b:c1:1b:ad:20:60:e9:75:b5:cd:50:41:ca:8c:08:
                    71:b8:29:16:8e:a3:27:73:4e:ec:7f:57:23:72:98:
                    65:87:9e:8e:7f:02:83:20:23:e9:91:3d:ca:a5:14:
                    d9:81:ef:38:49:e6:b3:48:4c:4b:a7:55:ad:bd:f6:
                    32:90:de:ff:f0:78:0c:e8:f9:b5:fa:9c:c9:b9:b6:
                    08:78:92:56:e8:f3:61:82:39:4d:12:82:70:8a:64:
                    21:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C5:B9:1E:AC:F1:33:C7:D6:02:48:1D:20:5F:3B:13:3E:51:FE:31
            X509v3 Authority Key Identifier:
                keyid:59:FA:D3:88:BE:A7:1D:A2:F4:3F:39:A4:5E:10:14:1D:6F:29:C4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfrTiL6nHaL0PzmkXhAUHW8pxCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/8MW5HqzxM8fWAkgdIF87Ez5R_jE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4ea481-ba97-4b94-b000-35bd65f1f2a4/1/WfrTiL6nHaL0PzmkXhAUHW8pxCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.90.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:a3:da:c6:64:04:07:6d:12:f4:40:08:1c:10:2d:65:b1:3d:
         7f:da:f5:dd:ef:ff:37:35:63:24:b4:1c:b7:e3:de:a8:01:6a:
         5d:10:74:d7:a5:c6:e2:11:07:30:9b:80:8a:93:a7:14:6b:90:
         9f:b1:23:c9:43:da:e7:cf:2f:10:dd:9d:a3:45:2f:a4:ce:15:
         c8:e3:a9:e9:ad:43:2a:c5:e9:cd:7c:29:e8:4c:2a:ea:8b:09:
         70:0c:db:9c:00:b0:23:fe:7a:c2:94:81:5b:35:76:02:d4:6a:
         6d:fc:f0:33:d4:67:ee:8d:61:d4:a7:98:69:85:62:bb:28:56:
         90:29:c6:39:4a:c6:34:75:fe:11:09:05:df:51:22:7d:c4:bc:
         57:84:e8:03:f4:9a:e0:d4:28:22:a1:a4:b8:09:23:51:8b:79:
         0b:0d:e7:47:6d:6a:38:32:54:d6:b9:0c:bc:5d:6b:14:d2:4b:
         23:05:18:03:b5:dd:f7:cc:35:5a:81:6b:e7:66:e7:a7:7d:8b:
         a2:26:7a:1a:fa:8d:56:d8:0b:b6:fa:28:45:27:6f:b1:e0:d1:
         84:8e:9e:9c:2f:22:5a:b6:0b:56:4e:b9:bc:3d:58:96:ee:ff:
         eb:05:39:74:5d:40:98:49:aa:a4:c8:bd:24:b2:fc:b4:3b:b0:
         44:a6:f0:6a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt26vqCR6Nt5MOv/3e9SbHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZmFkMzg4YmVhNzFkYTJmNDNmMzlhNDVlMTAxNDFkNmYy
OWM0MjgwHhcNMjYwMTAxMDAxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGM1YjkxZWFjZjEzM2M3ZDYwMjQ4MWQyMDVmM2IxMzNlNTFmZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhRpha5e2dsINEqUeQIdAjh7SZeO
XtrO90xpMISYIIU4nDb3/Fo0LGDjYFDH2cLf4jhya19rYqzIdqGBx1WPa2yDucVx
enhhwDxmrtBG3UMKS14+sYoxyP97TOSTFhYvFO0lI5YKNNKmubPpckY0/uQSqPu0
60xpCLIyAGHhKSlkAjtusXVE2vz9jaDmkQdxRkMKp6v8bDet9UWRn2IrZrCCcjt7
wRutIGDpdbXNUEHKjAhxuCkWjqMnc07sf1cjcphlh56OfwKDICPpkT3KpRTZge84
SeazSExLp1WtvfYykN7/8HgM6Pm1+pzJubYIeJJW6PNhgjlNEoJwimQh7QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPDFuR6s8TPH1gJIHSBfOxM+Uf4xMB8GA1UdIwQY
MBaAFFn604i+px2i9D85pF4QFB1vKcQoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ZyVGlMNm5IYUwwUHpta1hoQVVIVzhweENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80ZWE0ODEtYmE5Ny00Yjk0LWIwMDAt
MzViZDY1ZjFmMmE0LzEvOE1XNUhxenhNOGZXQWtnZElGODdFejVSX2pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80ZWE0ODEtYmE5Ny00Yjk0LWIwMDAtMzViZDY1ZjFmMmE0
LzEvV2ZyVGlMNm5IYUwwUHpta1hoQVVIVzhweENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmFowDQYJ
KoZIhvcNAQELBQADggEBAAKj2sZkBAdtEvRACBwQLWWxPX/a9d3v/zc1YyS0HLfj
3qgBal0QdNelxuIRBzCbgIqTpxRrkJ+xI8lD2ufPLxDdnaNFL6TOFcjjqemtQyrF
6c18KehMKuqLCXAM25wAsCP+esKUgVs1dgLUam388DPUZ+6NYdSnmGmFYrsoVpAp
xjlKxjR1/hEJBd9RIn3EvFeE6AP0muDUKCKhpLgJI1GLeQsN50dtajgyVNa5DLxd
axTSSyMFGAO13ffMNVqBa+dm56d9i6Imehr6jVbYC7b6KEUnb7Hg0YSOnpwvIlq2
C1ZOubw9WJbu/+sFOXRdQJhJqqTIvSSy/LQ7sESm8Go=
-----END CERTIFICATE-----