Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/unZp2OJA2fbOt-Y_-ODsYBVi8ew.roa
File:                     unZp2OJA2fbOt-Y_-ODsYBVi8ew.roa (raw, json)
Hash identifier:          r63RVWeKiuvBtXD1HrWdaSawqv6H2r1yUg7rCp31KIE=
Subject key identifier:   BA:76:69:D8:E2:40:D9:F6:CE:B7:E6:3F:F8:E0:EC:60:15:62:F1:EC
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D2B2C0415A3F99286A80F13050D2220A1
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/unZp2OJA2fbOt-Y_-ODsYBVi8ew.roa
Signing time:             Thu 26 Mar 2026 17:23:18 +0000
ROA not before:           Thu 26 Mar 2026 17:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209741
IP address blocks:        150.251.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:2c:04:15:a3:f9:92:86:a8:0f:13:05:0d:22:20:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 26 17:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba7669d8e240d9f6ceb7e63ff8e0ec601562f1ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:73:00:b3:92:c9:d7:15:72:df:f3:04:95:e8:
                    72:34:02:14:ae:8d:59:4f:51:4a:8b:6d:58:10:03:
                    68:82:d4:ef:a3:f2:27:02:e9:69:d9:87:9d:c2:ca:
                    08:93:25:ab:32:62:98:db:f5:27:43:d2:30:ef:0f:
                    6e:2a:b8:ff:68:c4:5f:29:f8:dd:a6:da:59:08:d6:
                    c4:15:ab:0c:a3:fa:4e:cb:89:81:1f:c3:03:d8:a8:
                    e7:3f:aa:d4:a8:59:98:2d:f2:98:d9:e6:da:3b:69:
                    04:62:95:6f:cd:a5:34:af:fb:bd:fa:44:bb:9c:de:
                    a1:4c:16:53:41:b2:70:79:d2:94:8b:82:73:d4:03:
                    7e:2d:31:b3:4e:96:0f:9b:9b:92:b1:42:fc:04:f0:
                    81:3e:1f:83:e4:5d:3a:9b:3b:87:34:b6:d4:2b:b9:
                    48:02:18:2b:3d:a6:ef:3f:95:fa:03:7e:30:bd:f8:
                    e9:75:75:71:c8:52:09:89:67:b2:a8:e5:59:90:ca:
                    f7:f6:97:db:18:84:ad:f3:63:cb:49:9f:8e:52:25:
                    c8:0d:e1:e7:22:9e:db:d1:f0:2f:46:e8:a3:61:a5:
                    06:95:df:67:7b:aa:84:d8:68:30:bd:00:16:2f:46:
                    4f:b5:f6:73:c2:1b:8a:64:6b:8b:ae:8c:ad:1a:9b:
                    58:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:76:69:D8:E2:40:D9:F6:CE:B7:E6:3F:F8:E0:EC:60:15:62:F1:EC
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/unZp2OJA2fbOt-Y_-ODsYBVi8ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:af:7a:82:b7:07:97:d9:ca:de:5e:1f:3a:b6:65:22:d3:ca:
         87:f1:d4:d9:1e:78:e3:01:70:fd:bf:ff:90:0b:f9:ad:ca:f1:
         28:fd:60:31:39:18:63:25:e0:17:c9:03:4c:c0:90:7b:36:3c:
         5d:2b:06:e8:1f:e4:a4:8e:4a:fe:8c:76:72:78:ed:96:6c:5a:
         79:d1:68:00:16:16:00:c7:8c:d2:f6:fa:28:5d:c9:36:38:1e:
         26:7d:3f:52:96:34:b1:d8:1c:6a:64:9e:c6:ad:9b:47:62:5f:
         1f:57:79:2e:8f:99:0b:9e:af:85:73:ae:6b:6a:05:5e:c7:41:
         30:c3:6e:a0:80:e7:f8:59:9e:1d:72:cd:47:7a:6b:6c:68:20:
         4b:09:27:46:55:1c:a9:de:b4:b3:29:68:97:af:64:5a:54:b4:
         25:04:df:d0:33:cb:63:e6:e1:80:a8:f6:50:69:0f:cd:04:31:
         8e:f4:7d:c6:1c:1f:12:35:3d:24:9f:55:b3:8a:4d:92:29:42:
         af:32:ee:78:32:2c:62:3e:61:15:f4:dc:25:6b:af:45:3f:0a:
         86:7f:51:94:53:69:62:3c:f5:23:10:0e:ba:70:72:3d:a2:6c:
         df:66:52:1a:e8:77:1b:52:5b:43:7e:70:15:0a:c3:29:38:c7:
         87:2b:8a:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0rLAQVo/mShqgPEwUNIiChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzI2MTcyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc2NjlkOGUyNDBkOWY2Y2ViN2U2M2ZmOGUwZWM2MDE1NjJmMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXMAs5LJ1xVy3/MElehyNAIUro1Z
T1FKi21YEANogtTvo/InAulp2YedwsoIkyWrMmKY2/UnQ9Iw7w9uKrj/aMRfKfjd
ptpZCNbEFasMo/pOy4mBH8MD2KjnP6rUqFmYLfKY2ebaO2kEYpVvzaU0r/u9+kS7
nN6hTBZTQbJwedKUi4Jz1AN+LTGzTpYPm5uSsUL8BPCBPh+D5F06mzuHNLbUK7lI
AhgrPabvP5X6A34wvfjpdXVxyFIJiWeyqOVZkMr39pfbGISt82PLSZ+OUiXIDeHn
Ip7b0fAvRuijYaUGld9ne6qE2GgwvQAWL0ZPtfZzwhuKZGuLroytGptYMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLp2adjiQNn2zrfmP/jg7GAVYvHsMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvdW5acDJPSkEyZmJPdC1ZXy1PRHNZQlZpOGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuIMA0G
CSqGSIb3DQEBCwUAA4IBAQB7r3qCtweX2creXh86tmUi08qH8dTZHnjjAXD9v/+Q
C/mtyvEo/WAxORhjJeAXyQNMwJB7NjxdKwboH+Skjkr+jHZyeO2WbFp50WgAFhYA
x4zS9vooXck2OB4mfT9SljSx2BxqZJ7GrZtHYl8fV3kuj5kLnq+Fc65ragVex0Ew
w26ggOf4WZ4dcs1HemtsaCBLCSdGVRyp3rSzKWiXr2RaVLQlBN/QM8tj5uGAqPZQ
aQ/NBDGO9H3GHB8SNT0kn1Wzik2SKUKvMu54MixiPmEV9Nwla69FPwqGf1GUU2li
PPUjEA66cHI9omzfZlIa6HcbUltDfnAVCsMpOMeHK4qY
-----END CERTIFICATE-----