Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/fdT5h_AVa4G_dfwdPb5ps2tK-dc.roa
File:                     fdT5h_AVa4G_dfwdPb5ps2tK-dc.roa (raw, json)
Hash identifier:          REU2paWp+wXXGlOwD8K0DYxInrpyINHxZ90ERdleFKg=
Subject key identifier:   7D:D4:F9:87:F0:15:6B:81:BF:75:FC:1D:3D:BE:69:B3:6B:4A:F9:D7
Certificate issuer:       /CN=0afefc3abbb3bfade9adf14269f3602307c92e5e
Certificate serial:       019D022AC0CB1FB71677675AD5393E623134
Authority key identifier: 0A:FE:FC:3A:BB:B3:BF:AD:E9:AD:F1:42:69:F3:60:23:07:C9:2E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/fdT5h_AVa4G_dfwdPb5ps2tK-dc.roa
Signing time:             Wed 18 Mar 2026 18:17:29 +0000
ROA not before:           Wed 18 Mar 2026 18:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        157.190.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:02:2a:c0:cb:1f:b7:16:77:67:5a:d5:39:3e:62:31:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0afefc3abbb3bfade9adf14269f3602307c92e5e
        Validity
            Not Before: Mar 18 18:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7dd4f987f0156b81bf75fc1d3dbe69b36b4af9d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d3:63:27:90:b6:31:79:e3:1e:e2:b3:b0:28:
                    93:1b:5a:08:a7:aa:54:1c:73:8e:cd:b0:3f:f7:a4:
                    38:63:95:a0:e4:3e:87:a2:27:e0:c9:76:97:43:21:
                    14:80:60:f7:14:68:56:ae:9d:37:f4:a1:29:f1:d6:
                    8a:bf:6e:ff:2d:ec:18:eb:e2:3a:db:58:9c:70:80:
                    3d:2c:a2:68:43:06:c5:7c:ce:51:e6:69:ed:8a:c8:
                    bf:2f:d7:14:2f:bf:33:4c:79:b5:4e:05:86:91:9f:
                    6b:4e:0b:97:e1:22:9d:4e:69:17:84:3d:03:7c:df:
                    94:3b:1f:df:1f:fd:f3:c1:17:58:0a:d4:d6:2d:e7:
                    6d:f0:e2:15:65:07:48:b1:3d:c5:0a:aa:6e:59:ec:
                    86:b8:b2:99:f7:ec:43:ea:d6:72:41:eb:cb:94:61:
                    09:5d:25:c2:3a:41:62:d5:c9:f3:5c:be:de:d4:61:
                    1d:bd:e8:62:22:ee:e3:e9:b1:70:fb:9e:30:3b:5d:
                    af:cd:82:d9:d5:ba:6d:81:bc:05:7d:b4:75:d6:15:
                    58:ab:53:6d:28:1b:f1:fd:df:8f:71:84:54:9c:bc:
                    63:b1:40:bd:a6:c4:98:f3:e1:f2:2a:27:bd:59:4f:
                    73:75:42:87:ab:3b:10:4c:ab:b1:62:5e:2e:2f:b8:
                    4b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D4:F9:87:F0:15:6B:81:BF:75:FC:1D:3D:BE:69:B3:6B:4A:F9:D7
            X509v3 Authority Key Identifier:
                keyid:0A:FE:FC:3A:BB:B3:BF:AD:E9:AD:F1:42:69:F3:60:23:07:C9:2E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/fdT5h_AVa4G_dfwdPb5ps2tK-dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:7a:1f:58:b4:05:de:1c:ad:8b:53:83:01:98:ca:e7:77:92:
         d3:87:14:3a:f1:40:85:f5:75:e4:4b:ec:33:25:b8:b8:4a:0c:
         04:63:9f:0b:4b:0b:45:1f:cf:d9:a1:c0:2d:99:ad:0e:f9:96:
         b6:d7:f1:65:3e:e9:3a:b1:d7:39:86:b1:94:45:0b:65:39:7e:
         26:e0:96:19:c0:78:41:db:81:ed:ce:dd:8f:90:fa:5f:88:9a:
         e3:c6:ad:9c:3a:5f:1d:f0:95:27:e3:dd:a0:18:57:26:a9:73:
         ff:21:0b:e7:92:52:51:10:3e:24:bf:77:e9:35:ba:de:15:27:
         4b:b4:cf:b3:de:92:2d:c3:9d:60:12:d0:39:8b:a1:96:30:62:
         08:7e:ab:1b:10:8b:68:d1:0d:d7:39:93:e8:d4:3c:a6:59:80:
         66:2b:49:4f:70:cc:c2:6c:32:a9:d5:aa:08:05:9a:6e:2b:a6:
         0c:67:06:d3:60:6f:6c:6b:a5:b8:c6:16:f5:3e:da:ba:3e:74:
         78:0b:c5:81:c9:82:9a:2f:ec:a9:38:aa:99:b4:94:73:95:f1:
         b2:43:eb:c3:81:8a:21:a5:13:c9:8c:5b:53:eb:21:e4:a3:21:
         c5:41:ce:02:fc:15:87:50:42:49:1f:83:8f:39:b7:cf:8e:29:
         5e:f5:c0:a7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZ0CKsDLH7cWd2da1Tk+YjE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZmVmYzNhYmJiM2JmYWRlOWFkZjE0MjY5ZjM2MDIzMDdj
OTJlNWUwHhcNMjYwMzE4MTgxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGQ0Zjk4N2YwMTU2YjgxYmY3NWZjMWQzZGJlNjliMzZiNGFmOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tNjJ5C2MXnjHuKzsCiTG1oIp6pU
HHOOzbA/96Q4Y5Wg5D6HoifgyXaXQyEUgGD3FGhWrp039KEp8daKv27/LewY6+I6
21iccIA9LKJoQwbFfM5R5mntisi/L9cUL78zTHm1TgWGkZ9rTguX4SKdTmkXhD0D
fN+UOx/fH/3zwRdYCtTWLedt8OIVZQdIsT3FCqpuWeyGuLKZ9+xD6tZyQevLlGEJ
XSXCOkFi1cnzXL7e1GEdvehiIu7j6bFw+54wO12vzYLZ1bptgbwFfbR11hVYq1Nt
KBvx/d+PcYRUnLxjsUC9psSY8+HyKie9WU9zdUKHqzsQTKuxYl4uL7hLHQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFH3U+YfwFWuBv3X8HT2+abNrSvnXMB8GA1UdIwQY
MBaAFAr+/Dq7s7+t6a3xQmnzYCMHyS5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3Y3OE9ydXp2NjNwcmZGQ2FmTmdJd2ZKTGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9hOTdmODYtZmIxOC00ODNlLTkyNmMt
ODMyZDU1NTkwZjI5LzEvZmRUNWhfQVZhNEdfZGZ3ZFBiNXBzMnRLLWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9hOTdmODYtZmIxOC00ODNlLTkyNmMtODMyZDU1NTkwZjI5
LzEvQ3Y3OE9ydXp2NjNwcmZGQ2FmTmdJd2ZKTGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnb4wDQYJ
KoZIhvcNAQELBQADggEBAEV6H1i0Bd4crYtTgwGYyud3ktOHFDrxQIX1deRL7DMl
uLhKDARjnwtLC0Ufz9mhwC2ZrQ75lrbX8WU+6Tqx1zmGsZRFC2U5fibglhnAeEHb
ge3O3Y+Q+l+ImuPGrZw6Xx3wlSfj3aAYVyapc/8hC+eSUlEQPiS/d+k1ut4VJ0u0
z7Peki3DnWAS0DmLoZYwYgh+qxsQi2jRDdc5k+jUPKZZgGYrSU9wzMJsMqnVqggF
mm4rpgxnBtNgb2xrpbjGFvU+2ro+dHgLxYHJgpov7Kk4qpm0lHOV8bJD68OBiiGl
E8mMW1PrIeSjIcVBzgL8FYdQQkkfg485t8+OKV71wKc=
-----END CERTIFICATE-----