Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/X5Fllye6aGGMObJ6POnfcAGjKm4.roa
File:                     X5Fllye6aGGMObJ6POnfcAGjKm4.roa (raw, json)
Hash identifier:          Hhwp9iTNEIJo4OaHJlm/6wpP0J0Fiwf/Npt/T/xIaAI=
Subject key identifier:   5F:91:65:97:27:BA:68:61:8C:39:B2:7A:3C:E9:DF:70:01:A3:2A:6E
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D0086D4711A0E1FC5B51CE7FBD2466EA2
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/X5Fllye6aGGMObJ6POnfcAGjKm4.roa
Signing time:             Wed 18 Mar 2026 10:38:49 +0000
ROA not before:           Wed 18 Mar 2026 10:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206804
IP address blocks:        158.173.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:86:d4:71:1a:0e:1f:c5:b5:1c:e7:fb:d2:46:6e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 18 10:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f91659727ba68618c39b27a3ce9df7001a32a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:44:02:61:1b:7a:4f:62:82:6f:83:45:49:32:
                    d5:04:74:d0:28:2d:04:8c:ff:e4:19:4d:03:08:ed:
                    e7:85:7a:42:87:3c:ea:0f:d2:2f:94:42:50:da:d7:
                    e4:20:42:32:b4:03:a8:78:1d:70:c3:fd:d0:93:22:
                    8f:ef:8d:ac:09:d9:c7:0b:f0:0a:b4:41:11:bf:9f:
                    cf:f7:92:79:06:5d:e0:b1:3c:f5:a3:13:1a:47:e1:
                    39:ef:41:02:2a:84:3a:de:21:fe:d4:f0:6b:01:1a:
                    35:36:4d:45:0b:3a:cc:bf:a5:f1:64:7f:9e:23:55:
                    03:fd:82:0f:ad:67:be:1f:73:31:6a:d7:ef:c3:a6:
                    0c:20:a2:06:39:52:c7:c4:8c:f4:7d:3d:da:1b:f4:
                    82:2e:51:f0:8e:57:41:9c:2c:85:c2:c5:8b:1b:84:
                    84:b2:af:31:7c:ef:3e:f4:b2:9a:bc:af:fe:54:63:
                    73:50:10:74:46:3c:1b:0c:bb:25:40:43:8d:4d:ba:
                    dc:72:7f:70:7e:91:74:28:a7:71:b1:8c:5d:27:4e:
                    69:66:a6:47:c5:98:19:0d:da:5b:ee:6c:ed:c7:4e:
                    bc:99:3c:7d:1e:f9:ec:48:3e:2e:45:96:f9:47:9c:
                    86:87:77:19:dc:70:ab:9d:72:f9:79:ec:b8:93:5e:
                    6c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:91:65:97:27:BA:68:61:8C:39:B2:7A:3C:E9:DF:70:01:A3:2A:6E
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/X5Fllye6aGGMObJ6POnfcAGjKm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:8b:8f:a1:e3:ff:6d:bc:1d:99:ac:5f:95:c3:ed:06:b1:7e:
         49:76:ee:f0:78:41:85:e1:b3:c5:da:62:a8:09:3a:9e:75:82:
         21:10:ad:62:dc:73:2d:0d:ba:6f:cb:7a:9f:4f:92:a6:fc:84:
         d7:f3:03:5c:98:5a:13:aa:09:06:ab:dc:43:14:69:92:72:47:
         1d:78:ca:18:cc:b2:44:0a:60:cb:28:cd:48:60:5e:8f:08:39:
         73:03:b0:e2:a9:8d:6e:da:ae:64:e9:a0:ab:1e:ae:7d:54:74:
         cb:6d:bb:67:79:ab:33:ac:29:14:fa:1c:b2:39:fe:38:4b:d1:
         64:6e:42:f9:3f:53:ec:e0:22:58:47:ec:85:5a:b0:c9:99:28:
         14:7e:c7:45:7d:10:6b:e1:10:25:10:be:ed:34:bd:6b:dd:94:
         8c:58:1a:b3:f5:ea:3a:d5:07:9d:6c:b8:5d:83:71:c9:b1:9b:
         73:92:95:11:2f:b7:ce:fa:70:77:c5:e6:d2:bb:95:06:10:2e:
         ba:18:b5:7c:ef:49:21:e9:20:ea:13:cd:02:7c:48:be:1b:28:
         a7:73:16:98:ea:80:5c:ae:da:d5:fa:57:76:0f:a4:65:43:97:
         49:73:ae:a6:1d:dd:c1:96:c1:8a:3e:21:c5:87:68:c4:3f:f3:
         13:c2:07:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AhtRxGg4fxbUc5/vSRm6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzE4MTAzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkxNjU5NzI3YmE2ODYxOGMzOWIyN2EzY2U5ZGY3MDAxYTMyYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEQCYRt6T2KCb4NFSTLVBHTQKC0E
jP/kGU0DCO3nhXpChzzqD9IvlEJQ2tfkIEIytAOoeB1ww/3QkyKP742sCdnHC/AK
tEERv5/P95J5Bl3gsTz1oxMaR+E570ECKoQ63iH+1PBrARo1Nk1FCzrMv6XxZH+e
I1UD/YIPrWe+H3Mxatfvw6YMIKIGOVLHxIz0fT3aG/SCLlHwjldBnCyFwsWLG4SE
sq8xfO8+9LKavK/+VGNzUBB0RjwbDLslQEONTbrccn9wfpF0KKdxsYxdJ05pZqZH
xZgZDdpb7mztx068mTx9HvnsSD4uRZb5R5yGh3cZ3HCrnXL5eey4k15sIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+RZZcnumhhjDmyejzp33ABoypuMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWDVGbGx5ZTZhR0dNT2JKNlBPbmZjQUdqS200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2iMA0G
CSqGSIb3DQEBCwUAA4IBAQBui4+h4/9tvB2ZrF+Vw+0GsX5Jdu7weEGF4bPF2mKo
CTqedYIhEK1i3HMtDbpvy3qfT5Km/ITX8wNcmFoTqgkGq9xDFGmSckcdeMoYzLJE
CmDLKM1IYF6PCDlzA7DiqY1u2q5k6aCrHq59VHTLbbtneaszrCkU+hyyOf44S9Fk
bkL5P1Ps4CJYR+yFWrDJmSgUfsdFfRBr4RAlEL7tNL1r3ZSMWBqz9eo61QedbLhd
g3HJsZtzkpURL7fO+nB3xebSu5UGEC66GLV870kh6SDqE80CfEi+GyincxaY6oBc
rtrV+ld2D6RlQ5dJc66mHd3BlsGKPiHFh2jEP/MTwgeg
-----END CERTIFICATE-----