Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/R79Ipr-0FWZ9pSOyBjpln8jjILE.roa
File:                     R79Ipr-0FWZ9pSOyBjpln8jjILE.roa (raw, json)
Hash identifier:          oIU6yi/Sa7g1CUEgB7Sblk1HAyDW+gPJSx8dNKFuU1I=
Subject key identifier:   47:BF:48:A6:BF:B4:15:66:7D:A5:23:B2:06:3A:65:9F:C8:E3:20:B1
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019D20221B44720BDFC241816A631E47777F
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/R79Ipr-0FWZ9pSOyBjpln8jjILE.roa
Signing time:             Tue 24 Mar 2026 13:56:39 +0000
ROA not before:           Tue 24 Mar 2026 13:56:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8447
IP address blocks:        79.132.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:22:1b:44:72:0b:df:c2:41:81:6a:63:1e:47:77:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 24 13:56:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47bf48a6bfb415667da523b2063a659fc8e320b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d3:a4:a0:2b:41:1d:69:01:0e:01:ea:a2:69:
                    ef:22:dc:49:86:81:bf:35:e2:e2:ba:0c:fc:cf:9a:
                    3b:e2:07:79:e4:64:7c:46:f9:70:93:70:3a:37:7a:
                    90:58:16:d8:4d:b2:17:f8:b1:49:df:7a:b5:8e:fc:
                    d3:f3:65:72:7c:24:d6:9a:db:14:23:59:c4:81:8e:
                    55:68:f1:4d:20:7b:53:30:bd:c4:b5:7a:03:7a:d7:
                    68:96:7d:35:55:05:37:ad:00:99:77:6a:7b:34:7d:
                    f8:91:45:c7:06:6d:aa:d9:95:2c:5b:c9:b7:cc:75:
                    25:f4:cb:c6:ac:ae:72:56:49:2e:bf:39:93:b8:28:
                    ec:33:16:ad:17:47:52:6c:d9:4c:d2:43:5b:f6:11:
                    8d:f7:ca:9b:31:90:cd:1f:a5:bf:10:37:76:e6:57:
                    60:d7:71:7c:3c:10:81:d4:14:82:4b:7f:13:6b:5b:
                    83:65:2c:0b:5e:6a:c1:fc:aa:55:18:8e:95:31:eb:
                    a8:f6:6f:79:08:01:7f:21:7e:c8:3f:5a:90:5e:f0:
                    ed:a9:d9:e5:9e:cc:51:76:53:37:d9:a0:b0:4c:4d:
                    e6:87:6c:76:f0:ad:0e:73:f9:e7:fd:75:b8:01:43:
                    6c:19:64:e3:3d:e9:5a:d6:00:e0:29:f4:0f:17:8d:
                    71:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BF:48:A6:BF:B4:15:66:7D:A5:23:B2:06:3A:65:9F:C8:E3:20:B1
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/R79Ipr-0FWZ9pSOyBjpln8jjILE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:20:8a:68:f0:89:d3:8f:34:9d:f7:38:18:7c:e7:de:4c:42:
         db:54:bc:39:b5:44:a0:c5:ff:bb:b8:3e:f0:fc:ea:8b:ac:e5:
         8b:2f:5c:12:fe:de:33:e8:a9:42:e9:de:6a:55:c6:f0:7d:5a:
         99:30:a9:9b:6e:ab:3f:08:98:de:8b:17:3a:f4:60:43:3a:1a:
         67:ee:e5:98:6e:e4:6c:d9:9f:33:db:09:7d:0f:14:ea:d1:28:
         d5:89:83:e0:6a:b6:8c:14:5e:cc:07:07:65:ae:7d:dc:26:54:
         6f:2b:4b:12:dd:c9:ec:63:40:06:95:97:07:25:d6:f4:d6:a4:
         a7:72:49:c4:a3:79:1a:66:a4:ad:6b:28:05:18:28:53:ed:49:
         a6:a5:34:2f:af:52:20:88:4f:59:2b:0c:12:fb:b0:b6:20:94:
         58:d8:89:94:9c:10:ab:7d:92:8d:96:fc:0a:ed:35:5f:73:c5:
         62:c5:0e:fb:10:15:a4:ea:37:a1:6a:83:b9:d2:56:83:4a:66:
         2c:58:d8:8d:ec:5a:62:83:e4:4f:44:aa:3e:64:0c:17:41:0a:
         1f:52:ad:1e:3f:04:43:52:f8:66:bf:62:3b:f0:47:b9:7b:c2:
         59:5e:c8:c1:7a:4f:1b:5e:de:ee:00:e8:05:47:59:f8:67:00:
         fd:8c:87:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0gIhtEcgvfwkGBamMeR3d/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMzI0MTM1NjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JmNDhhNmJmYjQxNTY2N2RhNTIzYjIwNjNhNjU5ZmM4ZTMyMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dOkoCtBHWkBDgHqomnvItxJhoG/
NeLiugz8z5o74gd55GR8Rvlwk3A6N3qQWBbYTbIX+LFJ33q1jvzT82VyfCTWmtsU
I1nEgY5VaPFNIHtTML3EtXoDetdoln01VQU3rQCZd2p7NH34kUXHBm2q2ZUsW8m3
zHUl9MvGrK5yVkkuvzmTuCjsMxatF0dSbNlM0kNb9hGN98qbMZDNH6W/EDd25ldg
13F8PBCB1BSCS38Ta1uDZSwLXmrB/KpVGI6VMeuo9m95CAF/IX7IP1qQXvDtqdnl
nsxRdlM32aCwTE3mh2x28K0Oc/nn/XW4AUNsGWTjPela1gDgKfQPF41xawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe/SKa/tBVmfaUjsgY6ZZ/I4yCxMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvUjc5SXByLTBGV1o5cFNPeUJqcGxuOGpqSUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4RDMA0G
CSqGSIb3DQEBCwUAA4IBAQAHIIpo8InTjzSd9zgYfOfeTELbVLw5tUSgxf+7uD7w
/OqLrOWLL1wS/t4z6KlC6d5qVcbwfVqZMKmbbqs/CJjeixc69GBDOhpn7uWYbuRs
2Z8z2wl9DxTq0SjViYPgaraMFF7MBwdlrn3cJlRvK0sS3cnsY0AGlZcHJdb01qSn
cknEo3kaZqStaygFGChT7UmmpTQvr1IgiE9ZKwwS+7C2IJRY2ImUnBCrfZKNlvwK
7TVfc8VixQ77EBWk6jehaoO50laDSmYsWNiN7Fpig+RPRKo+ZAwXQQofUq0ePwRD
Uvhmv2I78Ee5e8JZXsjBek8bXt7uAOgFR1n4ZwD9jIeO
-----END CERTIFICATE-----