Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/DhKLRJT2ltwYLgRl7D0eF7S8IJc.roa
File:                     DhKLRJT2ltwYLgRl7D0eF7S8IJc.roa (raw, json)
Hash identifier:          wkzDuQvhRxps3W9y9aLTCG32Rt6wi9M/E0GhrUrmoNo=
Subject key identifier:   0E:12:8B:44:94:F6:96:DC:18:2E:04:65:EC:3D:1E:17:B4:BC:20:97
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019D2421AA33E1EBADF8501DF34DC3DD0EEB
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/DhKLRJT2ltwYLgRl7D0eF7S8IJc.roa
Signing time:             Wed 25 Mar 2026 08:34:39 +0000
ROA not before:           Wed 25 Mar 2026 08:34:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.56.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:21:aa:33:e1:eb:ad:f8:50:1d:f3:4d:c3:dd:0e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Mar 25 08:34:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e128b4494f696dc182e0465ec3d1e17b4bc2097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:38:4e:b9:cf:9e:81:2e:ef:4a:bb:60:25:97:
                    8e:46:25:1c:60:1e:2b:89:f3:38:45:50:cf:d5:35:
                    6e:1f:d9:4d:1f:e3:58:04:12:d1:99:36:27:54:99:
                    de:90:f0:2d:11:47:af:15:7a:bc:7f:cc:5b:4a:e5:
                    8a:3d:d7:66:88:1a:81:70:67:05:b3:4c:b0:05:6b:
                    1b:e5:3a:e8:50:3c:b4:e8:e1:46:29:bb:44:b5:78:
                    53:df:27:2e:53:6e:4c:14:a6:b9:19:ce:4b:f4:3f:
                    66:a8:8d:7e:55:9f:dd:56:85:2a:d5:7b:4c:0f:45:
                    69:13:ba:43:27:67:c3:9a:89:b1:82:fe:60:15:1f:
                    cf:ec:b2:70:13:91:48:70:2f:be:b7:ee:bc:ab:b5:
                    13:d6:cc:8f:f7:04:e6:19:52:c3:07:be:b7:f2:69:
                    bd:f2:8b:80:48:9a:94:01:3d:64:24:8f:63:57:0c:
                    da:f2:16:f6:0c:99:6d:07:31:2c:74:ce:5e:32:27:
                    b5:f7:fc:32:4e:78:94:2c:87:63:11:9c:78:af:f2:
                    0e:2c:55:63:d1:c0:c9:96:a4:03:ee:ff:86:da:13:
                    48:18:7d:5d:29:82:36:bb:95:51:34:61:95:8a:21:
                    b0:f1:8d:7d:e5:0f:6f:8e:82:04:ee:67:68:19:d1:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:12:8B:44:94:F6:96:DC:18:2E:04:65:EC:3D:1E:17:B4:BC:20:97
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/DhKLRJT2ltwYLgRl7D0eF7S8IJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:80:c2:4e:d1:5d:ba:65:3e:47:0a:09:b9:aa:e5:75:45:0c:
         6a:c8:67:36:0b:d1:68:e6:04:b7:67:51:0c:43:c9:80:18:c5:
         bc:e6:c7:2d:bd:ca:c9:20:e9:21:96:d6:8c:33:b6:3b:43:71:
         56:4a:40:2a:d7:1c:e6:24:c2:eb:d2:cb:99:8c:e0:af:bd:ac:
         13:2b:6e:c3:1c:b1:b6:10:b9:14:8b:ed:ab:b9:aa:6e:2e:cc:
         cb:d1:19:cd:3a:ec:18:cb:87:b6:e7:16:1f:ae:25:78:1b:00:
         f2:75:df:e5:f3:72:01:cb:78:30:b8:31:36:76:83:fa:6c:f1:
         67:94:db:2b:65:70:81:21:7a:f8:e2:3b:1e:1d:fa:38:a4:29:
         b8:41:7e:a3:7f:e9:f2:5d:e6:2f:24:15:07:ab:29:cd:e4:31:
         b7:25:e3:c0:3d:fa:21:2c:ad:5e:19:16:12:c2:47:01:df:8e:
         e6:10:91:8a:4d:bc:08:20:e3:30:46:90:40:e6:f0:2b:15:ac:
         09:b2:e2:ae:e6:31:c8:88:91:35:bc:a9:23:59:0e:f9:c9:bb:
         1b:6f:d3:a5:d5:45:6c:40:c9:9c:5f:a2:56:e5:7f:21:73:5c:
         ab:8e:56:3e:00:bc:e5:97:18:c8:c6:2e:08:6c:40:26:a0:d5:
         a0:2c:ba:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kIaoz4eut+FAd803D3Q7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMzI1MDgzNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTEyOGI0NDk0ZjY5NmRjMTgyZTA0NjVlYzNkMWUxN2I0YmMyMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvThOuc+egS7vSrtgJZeORiUcYB4r
ifM4RVDP1TVuH9lNH+NYBBLRmTYnVJnekPAtEUevFXq8f8xbSuWKPddmiBqBcGcF
s0ywBWsb5TroUDy06OFGKbtEtXhT3ycuU25MFKa5Gc5L9D9mqI1+VZ/dVoUq1XtM
D0VpE7pDJ2fDmomxgv5gFR/P7LJwE5FIcC++t+68q7UT1syP9wTmGVLDB7638mm9
8ouASJqUAT1kJI9jVwza8hb2DJltBzEsdM5eMie19/wyTniULIdjEZx4r/IOLFVj
0cDJlqQD7v+G2hNIGH1dKYI2u5VRNGGViiGw8Y195Q9vjoIE7mdoGdH6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4Si0SU9pbcGC4EZew9Hhe0vCCXMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvRGhLTFJKVDJsdHdZTGdSbDdEMGVGN1M4SUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgZMA0G
CSqGSIb3DQEBCwUAA4IBAQCWgMJO0V26ZT5HCgm5quV1RQxqyGc2C9Fo5gS3Z1EM
Q8mAGMW85sctvcrJIOkhltaMM7Y7Q3FWSkAq1xzmJMLr0suZjOCvvawTK27DHLG2
ELkUi+2ruapuLszL0RnNOuwYy4e25xYfriV4GwDydd/l83IBy3gwuDE2doP6bPFn
lNsrZXCBIXr44jseHfo4pCm4QX6jf+nyXeYvJBUHqynN5DG3JePAPfohLK1eGRYS
wkcB347mEJGKTbwIIOMwRpBA5vArFawJsuKu5jHIiJE1vKkjWQ75ybsbb9Ol1UVs
QMmcX6JW5X8hc1yrjlY+ALzllxjIxi4IbEAmoNWgLLp5
-----END CERTIFICATE-----