Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/AzMofwjaFEjY--M2w_hFTS6Doe8.roa
File:                     AzMofwjaFEjY--M2w_hFTS6Doe8.roa (raw, json)
Hash identifier:          yafDjlpEdmCovrq5jgaaEVAWffNoz5k46A2nsxmxvfM=
Subject key identifier:   03:33:28:7F:08:DA:14:48:D8:FB:E3:36:C3:F8:45:4D:2E:83:A1:EF
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       019C9AF0F026AD9941F8FECDE49681C0C1AE
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/AzMofwjaFEjY--M2w_hFTS6Doe8.roa
Signing time:             Thu 26 Feb 2026 17:13:27 +0000
ROA not before:           Thu 26 Feb 2026 17:13:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        91.238.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:f0:f0:26:ad:99:41:f8:fe:cd:e4:96:81:c0:c1:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Feb 26 17:13:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0333287f08da1448d8fbe336c3f8454d2e83a1ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9e:4f:d1:89:62:a0:2e:4b:2c:f6:e4:82:70:
                    e0:50:34:d7:76:cd:8f:59:6a:9e:4b:2e:12:df:98:
                    ef:20:a0:05:09:21:aa:27:7a:c5:09:4b:e7:aa:25:
                    ec:fc:ae:f2:c6:ca:4b:c7:cd:27:ba:26:b2:bb:df:
                    29:ba:3c:87:2b:84:86:47:9e:18:d5:1d:95:b5:14:
                    ef:82:2e:e7:ca:74:1e:68:20:07:3e:6a:4d:be:56:
                    73:c4:dd:d5:f8:32:7c:d0:7a:2f:27:31:62:70:a3:
                    de:da:77:5f:7d:26:ad:08:b1:44:35:6e:22:20:c1:
                    a3:78:97:de:40:92:83:7a:2c:9d:b6:2c:56:af:df:
                    ff:e7:2e:6e:b1:bb:f7:fd:14:f9:94:c1:a8:bd:28:
                    a8:03:72:71:c3:43:96:52:26:4b:eb:18:8f:9a:3c:
                    eb:4e:a7:f8:d6:e0:7f:f2:a3:55:60:c3:b4:d4:c6:
                    58:67:07:83:9f:09:be:e5:98:ad:08:59:61:6e:fa:
                    ea:98:a6:43:ca:a1:ef:0d:ad:02:20:af:2f:cb:f3:
                    7d:65:ff:ae:b4:64:f7:cd:ae:a4:69:57:4b:14:bd:
                    f8:70:64:e7:dd:11:7b:17:95:ea:f9:6f:d0:52:62:
                    6e:7b:33:6d:9e:67:f8:c7:e8:5d:0d:a3:be:16:32:
                    d0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:33:28:7F:08:DA:14:48:D8:FB:E3:36:C3:F8:45:4D:2E:83:A1:EF
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/AzMofwjaFEjY--M2w_hFTS6Doe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:47:64:a7:b1:6f:97:59:80:f7:86:23:a2:cd:28:bb:f7:0f:
         2c:e5:13:f0:d4:1a:43:0a:1a:e8:f5:0c:d2:88:7b:73:18:81:
         0c:fd:98:37:6e:9e:7c:07:39:d6:fa:ac:fe:56:55:cd:08:75:
         4b:54:c2:71:3f:7e:d7:2d:b9:00:ef:61:e2:3e:7b:ec:0a:92:
         90:74:54:c0:c9:cb:a4:87:f8:eb:a6:33:66:58:5e:d4:86:b5:
         dc:fd:58:c9:a6:33:bc:cb:a2:07:21:d2:6e:c9:af:46:d5:30:
         c0:5f:97:7a:ad:ed:21:0e:b2:0f:c0:cc:d8:17:5a:eb:68:cb:
         e4:1e:7e:e8:8a:9e:a6:4c:d2:0e:63:af:66:32:13:c2:73:67:
         ca:cc:3f:31:48:48:fb:f3:b6:5e:a1:c9:66:03:b9:a1:55:48:
         5f:aa:14:e3:66:72:8d:26:4d:63:31:3f:02:d4:42:df:5f:92:
         17:ff:5c:31:b7:58:46:3d:55:a9:46:29:a0:2f:86:74:0c:b7:
         c3:5d:63:fe:e3:3c:c1:36:cb:f0:cd:ec:ad:b3:33:24:a4:33:
         b3:5f:e1:35:61:42:b9:16:85:13:c2:a5:7c:ee:fb:f5:58:8e:
         2f:e0:f8:fe:b1:24:8e:6d:54:eb:55:a0:6b:82:c4:fe:f5:81:
         f3:bf:32:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZya8PAmrZlB+P7N5JaBwMGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjYwMjI2MTcxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzMzMjg3ZjA4ZGExNDQ4ZDhmYmUzMzZjM2Y4NDU0ZDJlODNhMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq55P0YlioC5LLPbkgnDgUDTXds2P
WWqeSy4S35jvIKAFCSGqJ3rFCUvnqiXs/K7yxspLx80nuiayu98pujyHK4SGR54Y
1R2VtRTvgi7nynQeaCAHPmpNvlZzxN3V+DJ80HovJzFicKPe2ndffSatCLFENW4i
IMGjeJfeQJKDeiydtixWr9//5y5usbv3/RT5lMGovSioA3Jxw0OWUiZL6xiPmjzr
Tqf41uB/8qNVYMO01MZYZweDnwm+5ZitCFlhbvrqmKZDyqHvDa0CIK8vy/N9Zf+u
tGT3za6kaVdLFL34cGTn3RF7F5Xq+W/QUmJuezNtnmf4x+hdDaO+FjLQ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMzKH8I2hRI2PvjNsP4RU0ug6HvMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvQXpNb2Z3amFGRWpZLS1NMndfaEZUUzZEb2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5HMA0G
CSqGSIb3DQEBCwUAA4IBAQA/R2SnsW+XWYD3hiOizSi79w8s5RPw1BpDChro9QzS
iHtzGIEM/Zg3bp58BznW+qz+VlXNCHVLVMJxP37XLbkA72HiPnvsCpKQdFTAycuk
h/jrpjNmWF7UhrXc/VjJpjO8y6IHIdJuya9G1TDAX5d6re0hDrIPwMzYF1rraMvk
Hn7oip6mTNIOY69mMhPCc2fKzD8xSEj787ZeoclmA7mhVUhfqhTjZnKNJk1jMT8C
1ELfX5IX/1wxt1hGPVWpRimgL4Z0DLfDXWP+4zzBNsvwzeytszMkpDOzX+E1YUK5
FoUTwqV87vv1WI4v4Pj+sSSObVTrVaBrgsT+9YHzvzJI
-----END CERTIFICATE-----