Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/5ruGjzi72EzHeNevEE3JGyLtXgQ.roa
File:                     5ruGjzi72EzHeNevEE3JGyLtXgQ.roa (raw, json)
Hash identifier:          F631VpzOVt6zeqgnyepT7OlQYefuALhIBPjhvOj+SbM=
Subject key identifier:   E6:BB:86:8F:38:BB:D8:4C:C7:78:D7:AF:10:4D:C9:1B:22:ED:5E:04
Certificate issuer:       /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial:       019B77592335F8B104E8A4A4C9738A747DAC
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/5ruGjzi72EzHeNevEE3JGyLtXgQ.roa
Signing time:             Thu 01 Jan 2026 02:18:08 +0000
ROA not before:           Thu 01 Jan 2026 02:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44880
IP address blocks:        192.101.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:23:35:f8:b1:04:e8:a4:a4:c9:73:8a:74:7d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
        Validity
            Not Before: Jan  1 02:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6bb868f38bbd84cc778d7af104dc91b22ed5e04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:97:2b:73:75:34:65:30:13:9d:30:bf:48:
                    df:d4:65:33:98:e8:9b:cd:00:73:9f:41:4c:91:ed:
                    2b:6a:68:2b:23:b4:de:ff:91:99:53:03:e2:79:02:
                    fa:b9:f0:8c:cf:bd:b9:2a:a4:53:d6:8c:08:f2:e6:
                    52:44:9e:c5:50:9d:63:43:b6:a2:70:da:d8:26:b8:
                    89:d6:cc:10:90:0b:96:be:f2:d3:d1:8f:66:37:e9:
                    a3:12:c9:fd:29:77:e2:81:47:d6:28:ff:e2:6d:3b:
                    19:31:24:a4:df:6b:bc:5f:27:c4:74:56:47:3e:8a:
                    97:c3:3e:4d:60:f5:1d:aa:b4:c4:23:6f:3a:40:6b:
                    f4:bb:7e:4f:53:96:6b:e0:07:af:fd:df:c1:4d:03:
                    f2:38:b8:bf:e1:5b:da:4f:52:57:41:b5:e7:99:40:
                    aa:f9:28:13:a1:fd:ed:5f:ce:28:f2:0a:7f:83:86:
                    6e:01:2d:cf:79:5f:c3:81:6b:b8:d0:6d:1a:64:6f:
                    83:fc:cc:e4:ab:5d:b7:a4:a0:a9:93:3f:3e:35:3a:
                    c6:55:bc:de:f0:e4:37:6d:e4:b8:63:e5:66:09:96:
                    cd:64:2e:1a:d5:ed:e2:71:60:16:b9:1e:bd:5c:b5:
                    97:e2:3d:0e:36:6c:e1:8e:cf:3a:0a:c0:ce:4f:a4:
                    f2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BB:86:8F:38:BB:D8:4C:C7:78:D7:AF:10:4D:C9:1B:22:ED:5E:04
            X509v3 Authority Key Identifier:
                keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/5ruGjzi72EzHeNevEE3JGyLtXgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.101.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:0f:97:1c:8f:e3:9c:0e:b1:cb:34:e1:12:3a:0e:a2:1f:35:
         6f:b0:5d:c9:83:68:61:37:0b:0a:1c:fb:8d:2f:91:d0:b7:38:
         f7:db:6b:e4:e0:f7:b4:0b:7e:98:04:30:4e:08:67:7e:45:e1:
         a0:34:d3:5a:d7:1b:c2:72:ee:1c:36:15:29:e7:a1:f0:e8:08:
         ba:09:46:92:30:7f:03:46:38:db:14:ec:3b:44:14:15:61:84:
         89:ee:eb:17:52:8d:ca:71:d2:bc:16:4b:4f:15:6e:cb:7d:8a:
         12:e9:31:80:fd:cb:cb:26:c6:aa:46:35:03:7c:81:e6:80:4d:
         b4:30:65:b0:2b:c7:df:be:1d:91:94:2a:92:f3:ab:02:85:f9:
         fa:f7:9b:3a:34:66:ac:49:5d:8d:42:66:95:01:f2:a5:3d:d7:
         0e:8b:5e:be:65:95:bd:6a:12:bd:45:43:97:1f:68:ee:39:f4:
         d5:24:a4:4e:0d:89:79:f9:58:ba:81:ec:82:eb:40:3f:07:47:
         10:d5:aa:9b:fa:0d:27:e1:85:75:cc:05:0a:b7:c8:24:8a:8b:
         6e:54:19:0c:d9:69:0d:79:95:f2:4d:e5:bd:ef:2e:c8:be:9d:
         2b:62:8a:46:cf:07:1d:31:38:94:db:12:91:88:64:ca:34:5f:
         40:81:6f:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WSM1+LEE6KSkyXOKdH2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjYwMTAxMDIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJiODY4ZjM4YmJkODRjYzc3OGQ3YWYxMDRkYzkxYjIyZWQ1ZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0yXK3N1NGUwE50wv0jf1GUzmOib
zQBzn0FMke0ramgrI7Te/5GZUwPieQL6ufCMz725KqRT1owI8uZSRJ7FUJ1jQ7ai
cNrYJriJ1swQkAuWvvLT0Y9mN+mjEsn9KXfigUfWKP/ibTsZMSSk32u8XyfEdFZH
PoqXwz5NYPUdqrTEI286QGv0u35PU5Zr4Aev/d/BTQPyOLi/4VvaT1JXQbXnmUCq
+SgTof3tX84o8gp/g4ZuAS3PeV/DgWu40G0aZG+D/Mzkq123pKCpkz8+NTrGVbze
8OQ3beS4Y+VmCZbNZC4a1e3icWAWuR69XLWX4j0ONmzhjs86CsDOT6TyNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa7ho84u9hMx3jXrxBNyRsi7V4EMB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvNXJ1R2p6aTcyRXpIZU5ldkVFM0pHeUx0WGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGVLMA0G
CSqGSIb3DQEBCwUAA4IBAQCMD5ccj+OcDrHLNOESOg6iHzVvsF3Jg2hhNwsKHPuN
L5HQtzj322vk4Pe0C36YBDBOCGd+ReGgNNNa1xvCcu4cNhUp56Hw6Ai6CUaSMH8D
RjjbFOw7RBQVYYSJ7usXUo3KcdK8FktPFW7LfYoS6TGA/cvLJsaqRjUDfIHmgE20
MGWwK8ffvh2RlCqS86sChfn695s6NGasSV2NQmaVAfKlPdcOi16+ZZW9ahK9RUOX
H2juOfTVJKRODYl5+Vi6geyC60A/B0cQ1aqb+g0n4YV1zAUKt8gkiotuVBkM2WkN
eZXyTeW97y7Ivp0rYopGzwcdMTiU2xKRiGTKNF9AgW8t
-----END CERTIFICATE-----