Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KwJ4M-yqXlDIFava6Dfbhy8GyW0.roa
File:                     KwJ4M-yqXlDIFava6Dfbhy8GyW0.roa (raw, json)
Hash identifier:          JhdLQsdF6hwHWKYcI0g1e3Ar9U0yI22mWXmT76lO0dU=
Subject key identifier:   2B:02:78:33:EC:AA:5E:50:C8:15:AB:DA:E8:37:DB:87:2F:06:C9:6D
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019D294BAF41DC292CF0C8500C8B9B62A454
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KwJ4M-yqXlDIFava6Dfbhy8GyW0.roa
Signing time:             Thu 26 Mar 2026 08:38:39 +0000
ROA not before:           Thu 26 Mar 2026 08:38:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     812
IP address blocks:        104.239.55.0/24 maxlen: 24
                          104.249.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:4b:af:41:dc:29:2c:f0:c8:50:0c:8b:9b:62:a4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar 26 08:38:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b027833ecaa5e50c815abdae837db872f06c96d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:af:6a:80:d2:20:0c:c5:b4:0f:d7:fa:c3:b0:
                    21:19:5f:64:8d:0e:69:42:91:c0:12:74:08:fc:a5:
                    fc:ab:0f:61:7f:ac:7b:41:bd:24:3d:35:4f:03:80:
                    01:53:4d:13:bb:25:a9:32:a2:ff:df:d2:23:20:d4:
                    ea:7b:50:da:91:8c:43:42:64:f4:24:ad:da:26:a9:
                    ee:e2:d7:8e:5b:f6:18:72:17:01:3c:07:f8:39:0a:
                    20:0d:6e:8d:ab:c9:f0:2b:6b:51:46:10:d6:9c:f2:
                    00:2c:16:92:fb:7b:9a:91:59:0a:1a:1e:88:be:8f:
                    d2:30:86:39:9d:38:a2:0d:58:e6:12:7f:2b:44:f1:
                    18:1c:ee:e2:56:6f:8b:27:61:0a:d5:22:1f:a2:f8:
                    f8:2a:e4:f2:47:84:57:bb:2e:fe:b2:11:05:2f:93:
                    2d:14:e7:76:70:f9:8d:80:b2:f4:d8:48:fd:cb:8e:
                    49:0b:a3:f3:91:e5:4e:4c:bd:54:f6:f5:ed:31:88:
                    6a:17:c2:5e:58:ed:57:11:93:9e:3b:d3:bf:ba:d8:
                    70:2d:8b:b5:38:02:f3:d1:b2:92:49:e6:49:54:64:
                    7d:13:14:4b:51:81:02:3a:fb:08:fc:11:fe:3a:47:
                    5e:94:6d:a2:31:e4:43:6f:1b:bf:d7:a0:54:75:95:
                    6b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:02:78:33:EC:AA:5E:50:C8:15:AB:DA:E8:37:DB:87:2F:06:C9:6D
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KwJ4M-yqXlDIFava6Dfbhy8GyW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.239.55.0/24
                  104.249.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:57:b7:01:d1:40:45:c2:15:9e:c7:15:82:67:f6:1b:53:b5:
         f9:84:e5:fd:6c:6f:d5:12:78:05:e9:e9:cd:9a:00:48:8b:80:
         ce:2e:df:de:05:c8:1e:fa:c8:33:ef:54:ff:1b:5e:ed:75:b9:
         19:df:29:32:80:31:52:76:59:86:85:9e:d5:86:95:cc:4e:9e:
         a2:e8:73:02:ed:1f:57:57:07:8b:db:33:e7:7a:79:45:2b:4b:
         38:3f:e3:2a:5a:88:3f:1a:2d:0a:69:a7:67:1a:bb:ef:39:c9:
         0e:cd:5a:66:d8:36:7e:e9:aa:3e:4a:a0:f6:06:6b:62:d1:c6:
         aa:3d:c4:1a:cd:b5:58:16:6f:9f:81:c7:36:04:9d:76:5b:f0:
         f9:0d:90:94:ff:5b:c3:80:f1:28:97:fd:08:bb:96:03:36:80:
         38:48:66:7d:27:9d:14:03:40:6f:9b:75:22:c4:3b:7f:3d:5d:
         4f:97:a9:72:34:f6:da:48:ee:b1:17:06:aa:c9:f8:cd:10:ba:
         13:9f:b3:d3:79:6a:63:68:88:cc:0a:62:59:c7:0b:17:fa:01:
         9e:ee:4b:d0:14:5d:ea:e9:82:a0:6b:c9:4c:4c:d3:7a:78:94:
         fa:0c:33:af:fb:34:6e:72:91:a1:f9:b4:83:e8:74:86:b2:34:
         bf:08:a3:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0pS69B3Cks8MhQDIubYqRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzI2MDgzODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjAyNzgzM2VjYWE1ZTUwYzgxNWFiZGFlODM3ZGI4NzJmMDZjOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq9qgNIgDMW0D9f6w7AhGV9kjQ5p
QpHAEnQI/KX8qw9hf6x7Qb0kPTVPA4ABU00TuyWpMqL/39IjINTqe1DakYxDQmT0
JK3aJqnu4teOW/YYchcBPAf4OQogDW6Nq8nwK2tRRhDWnPIALBaS+3uakVkKGh6I
vo/SMIY5nTiiDVjmEn8rRPEYHO7iVm+LJ2EK1SIfovj4KuTyR4RXuy7+shEFL5Mt
FOd2cPmNgLL02Ej9y45JC6PzkeVOTL1U9vXtMYhqF8JeWO1XEZOeO9O/uthwLYu1
OALz0bKSSeZJVGR9ExRLUYECOvsI/BH+OkdelG2iMeRDbxu/16BUdZVrPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCsCeDPsql5QyBWr2ug324cvBsltMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvS3dKNE0teXFYbERJRmF2YTZEZmJoeThHeVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaO83AwQA
aPkXMA0GCSqGSIb3DQEBCwUAA4IBAQBqV7cB0UBFwhWexxWCZ/YbU7X5hOX9bG/V
EngF6enNmgBIi4DOLt/eBcge+sgz71T/G17tdbkZ3ykygDFSdlmGhZ7VhpXMTp6i
6HMC7R9XVweL2zPnenlFK0s4P+MqWog/Gi0KaadnGrvvOckOzVpm2DZ+6ao+SqD2
Bmti0caqPcQazbVYFm+fgcc2BJ12W/D5DZCU/1vDgPEol/0Iu5YDNoA4SGZ9J50U
A0Bvm3UixDt/PV1Pl6lyNPbaSO6xFwaqyfjNELoTn7PTeWpjaIjMCmJZxwsX+gGe
7kvQFF3q6YKga8lMTNN6eJT6DDOv+zRucpGh+bSD6HSGsjS/CKNl
-----END CERTIFICATE-----