Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/StuUKxzxV-gd9QnS0s4Ekq0FKaU.roa
File:                     StuUKxzxV-gd9QnS0s4Ekq0FKaU.roa (raw, json)
Hash identifier:          H+iPiLir3BEmnESPMnpcLRZIXE9A6loYjM8se+IwwzU=
Subject key identifier:   4A:DB:94:2B:1C:F1:57:E8:1D:F5:09:D2:D2:CE:04:92:AD:05:29:A5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D24C00C9E14FD236CBB4940E11BC0BECB
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/StuUKxzxV-gd9QnS0s4Ekq0FKaU.roa
Signing time:             Wed 25 Mar 2026 11:27:39 +0000
ROA not before:           Wed 25 Mar 2026 11:27:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56958
IP address blocks:        206.203.16.0/21 maxlen: 21
                          206.203.16.0/22 maxlen: 22
                          206.203.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:c0:0c:9e:14:fd:23:6c:bb:49:40:e1:1b:c0:be:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 25 11:27:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4adb942b1cf157e81df509d2d2ce0492ad0529a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b3:16:1c:20:da:de:69:52:31:ec:72:51:5d:
                    bd:68:e6:18:7c:51:0a:89:93:65:dd:a2:49:53:4a:
                    ef:79:44:7a:a4:37:f2:4d:34:7d:83:2d:fb:42:2c:
                    93:a6:54:95:1f:de:03:a2:a2:a7:b6:99:f1:18:e1:
                    34:d9:28:48:b1:31:c7:68:e6:6a:75:b5:98:3c:c2:
                    51:11:3d:11:31:ad:c9:b1:64:90:1c:6f:45:0e:e7:
                    95:af:a3:96:44:36:ad:91:5d:c1:ae:fe:ef:d7:6b:
                    2c:d4:6a:c3:c8:f6:e3:3d:a8:8c:7c:f8:52:e8:f0:
                    db:bd:8b:ba:19:71:00:d3:f7:e9:4c:bf:a6:c8:47:
                    b2:1d:bb:a2:61:21:b3:d5:98:ca:3b:d8:be:a2:8a:
                    03:f4:d5:49:9a:a6:ce:dc:e9:0f:f8:d3:ff:5e:ca:
                    e0:fa:eb:8f:54:c3:e6:08:8c:42:37:bb:8d:5c:d1:
                    5c:15:6e:71:d4:0c:45:4a:d4:88:3d:e3:ae:6f:1f:
                    9f:7d:48:fb:2b:6a:53:ac:0e:48:0d:84:8c:d5:c7:
                    5a:38:3c:ba:8f:f0:5a:ed:f1:de:0a:59:30:c8:6f:
                    0e:62:34:6c:58:b0:f7:55:b6:94:62:17:9f:ea:bb:
                    c1:34:53:9b:e9:aa:16:4f:d0:a6:05:d6:d8:87:db:
                    63:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:DB:94:2B:1C:F1:57:E8:1D:F5:09:D2:D2:CE:04:92:AD:05:29:A5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/StuUKxzxV-gd9QnS0s4Ekq0FKaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.203.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         28:80:e4:3f:cf:eb:42:6b:bc:6f:62:26:12:a0:2f:e1:13:77:
         4f:03:e9:36:38:dd:f3:38:46:4a:41:b8:47:3b:ef:6d:48:6d:
         7c:b7:d7:1d:dc:09:c6:47:a9:4f:3d:8a:88:45:86:09:a7:f6:
         b7:5b:06:55:66:db:08:0c:74:53:61:0b:3f:f1:bb:9c:aa:d5:
         73:1a:54:cf:ef:90:4f:ab:c2:b2:84:25:ee:0f:89:24:13:7e:
         1e:17:bc:47:01:d0:98:6d:d4:ce:56:b9:a9:f7:6e:0d:d7:62:
         22:fb:a6:18:85:5a:86:ae:4c:a2:47:f3:5a:cd:b5:69:59:2b:
         45:5d:5f:bc:ef:2d:f9:d9:d8:1d:98:e4:0e:d0:6a:7d:ce:30:
         76:00:6e:93:fb:c0:9f:da:aa:a5:0d:d5:fa:2d:61:bd:08:ff:
         9c:09:de:b7:5a:87:ce:79:ca:aa:34:cd:97:1b:89:19:c3:0f:
         35:ad:fc:bf:a6:2c:49:47:38:b3:90:18:59:dc:ef:48:1e:26:
         e3:59:d8:25:1e:de:8b:4f:86:09:82:40:c5:9f:17:be:23:54:
         90:6a:22:f8:f9:6c:1e:8e:7c:c2:ed:7c:e9:8d:e9:0d:76:86:
         f0:9f:38:87:f6:72:02:dd:7c:9e:ba:45:5e:e4:ee:77:ed:7d:
         79:56:c9:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kwAyeFP0jbLtJQOEbwL7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzI1MTEyNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRiOTQyYjFjZjE1N2U4MWRmNTA5ZDJkMmNlMDQ5MmFkMDUyOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibMWHCDa3mlSMexyUV29aOYYfFEK
iZNl3aJJU0rveUR6pDfyTTR9gy37QiyTplSVH94DoqKntpnxGOE02ShIsTHHaOZq
dbWYPMJRET0RMa3JsWSQHG9FDueVr6OWRDatkV3Brv7v12ss1GrDyPbjPaiMfPhS
6PDbvYu6GXEA0/fpTL+myEeyHbuiYSGz1ZjKO9i+oooD9NVJmqbO3OkP+NP/Xsrg
+uuPVMPmCIxCN7uNXNFcFW5x1AxFStSIPeOubx+ffUj7K2pTrA5IDYSM1cdaODy6
j/Ba7fHeClkwyG8OYjRsWLD3VbaUYhef6rvBNFOb6aoWT9CmBdbYh9tjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErblCsc8VfoHfUJ0tLOBJKtBSmlMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvU3R1VUt4enhWLWdkOVFuUzBzNEVrcTBGS2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDzssQMA0G
CSqGSIb3DQEBCwUAA4IBAQAogOQ/z+tCa7xvYiYSoC/hE3dPA+k2ON3zOEZKQbhH
O+9tSG18t9cd3AnGR6lPPYqIRYYJp/a3WwZVZtsIDHRTYQs/8bucqtVzGlTP75BP
q8KyhCXuD4kkE34eF7xHAdCYbdTOVrmp924N12Ii+6YYhVqGrkyiR/NazbVpWStF
XV+87y352dgdmOQO0Gp9zjB2AG6T+8Cf2qqlDdX6LWG9CP+cCd63WofOecqqNM2X
G4kZww81rfy/pixJRzizkBhZ3O9IHibjWdglHt6LT4YJgkDFnxe+I1SQaiL4+Wwe
jnzC7XzpjekNdobwnziH9nIC3XyeukVe5O537X15Vsnt
-----END CERTIFICATE-----