Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dny3tReQLhVMkluPT2fnIL0-PDE.roa
File:                     dny3tReQLhVMkluPT2fnIL0-PDE.roa (raw, json)
Hash identifier:          n9SThQXODaWNDc9q3fwExfhrE1fksgEVeXfy0EUzNVw=
Subject key identifier:   76:7C:B7:B5:17:90:2E:15:4C:92:5B:8F:4F:67:E7:20:BD:3E:3C:31
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019D24071C67E4A47FE3B9F2DB9156C3F300
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dny3tReQLhVMkluPT2fnIL0-PDE.roa
Signing time:             Wed 25 Mar 2026 08:05:38 +0000
ROA not before:           Wed 25 Mar 2026 08:05:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402309
IP address blocks:        45.141.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:07:1c:67:e4:a4:7f:e3:b9:f2:db:91:56:c3:f3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 25 08:05:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=767cb7b517902e154c925b8f4f67e720bd3e3c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c1:21:79:e9:7e:97:a0:35:3a:d0:a0:ef:a3:
                    2a:c2:b9:52:40:30:45:dc:22:78:8a:45:5b:81:b0:
                    f9:29:ac:b0:e4:d6:95:0b:26:3c:5b:9e:5a:fa:15:
                    cc:75:11:95:72:8c:67:2d:70:15:62:5d:2c:fd:93:
                    8c:cf:95:1f:67:30:00:5a:91:ae:13:7a:15:f3:bb:
                    84:4b:42:81:c9:5f:25:dd:c4:e6:e8:93:e4:c5:f1:
                    c2:ba:23:f4:3d:96:b2:f2:ba:50:d3:1d:da:62:76:
                    db:ef:62:eb:b7:af:44:cd:9e:20:ee:ab:62:49:a9:
                    25:d6:30:76:9d:9d:16:84:df:21:4d:99:a5:c2:5b:
                    7b:c7:87:e7:33:33:e0:8f:ca:95:e3:f8:5c:75:cd:
                    8c:b5:9a:1b:c8:1d:9a:51:76:97:76:8e:34:e1:c7:
                    ac:a3:11:f4:bb:59:3c:e8:40:2a:fd:68:44:64:2f:
                    b5:f0:8b:b4:e1:7e:b5:45:d9:9b:95:cd:28:a2:df:
                    3d:5d:26:63:8c:66:f2:05:97:88:b4:90:24:e8:65:
                    8c:02:69:13:e4:29:18:9b:e3:19:30:ad:43:e7:85:
                    7e:7f:6f:0f:dd:87:34:b2:44:11:dd:97:be:b0:19:
                    e6:2d:be:76:7f:30:d2:76:d3:7d:48:ce:de:49:4f:
                    e4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:7C:B7:B5:17:90:2E:15:4C:92:5B:8F:4F:67:E7:20:BD:3E:3C:31
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/dny3tReQLhVMkluPT2fnIL0-PDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:53:77:dd:43:20:d3:8e:23:b5:23:3e:16:07:d2:ce:ff:ed:
         36:45:a7:1c:ee:54:ea:ff:64:d3:b7:62:e3:76:00:4f:b9:63:
         33:d4:8f:e2:e2:33:ff:a2:26:00:71:6b:89:17:f3:cc:b7:ea:
         ac:f0:fd:ce:3a:0d:58:ef:10:b8:04:f9:57:c4:98:df:e7:ee:
         19:71:74:1d:6a:04:13:89:c7:74:ed:59:ac:07:fb:5c:a0:c2:
         a5:2f:f0:37:2f:f6:25:d3:d1:9e:b0:c0:27:2e:ed:29:70:e9:
         2a:92:57:e0:58:1c:cc:67:dc:06:b3:d6:ac:d7:ee:28:e8:49:
         1c:bd:6b:ab:e4:49:69:46:b1:28:85:cd:22:7c:f0:d6:e8:e5:
         78:cf:81:ca:a3:1f:6e:34:b0:1d:f2:cb:58:24:11:fb:16:0d:
         64:d8:3e:5f:7b:fe:29:14:7a:76:83:5c:33:87:ce:6a:c5:b3:
         ff:ab:d8:65:f6:24:9b:82:82:9a:28:7e:d5:e7:c0:43:9f:26:
         12:81:b0:d2:9f:44:82:cc:d5:2e:b6:5a:fb:2c:5d:a0:1a:c5:
         f7:22:79:e7:c4:8b:b4:a5:c2:26:62:2d:e8:37:59:af:eb:f8:
         77:7c:a9:e7:c9:48:e0:20:d1:3a:31:a7:1f:dd:3a:2a:38:31:
         da:65:26:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kBxxn5KR/47ny25FWw/MAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMzI1MDgwNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjdjYjdiNTE3OTAyZTE1NGM5MjViOGY0ZjY3ZTcyMGJkM2UzYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssEheel+l6A1OtCg76MqwrlSQDBF
3CJ4ikVbgbD5Kayw5NaVCyY8W55a+hXMdRGVcoxnLXAVYl0s/ZOMz5UfZzAAWpGu
E3oV87uES0KByV8l3cTm6JPkxfHCuiP0PZay8rpQ0x3aYnbb72Lrt69EzZ4g7qti
Sakl1jB2nZ0WhN8hTZmlwlt7x4fnMzPgj8qV4/hcdc2MtZobyB2aUXaXdo404ces
oxH0u1k86EAq/WhEZC+18Iu04X61Rdmblc0oot89XSZjjGbyBZeItJAk6GWMAmkT
5CkYm+MZMK1D54V+f28P3Yc0skQR3Ze+sBnmLb52fzDSdtN9SM7eSU/kpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ8t7UXkC4VTJJbj09n5yC9PjwxMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvZG55M3RSZVFMaFZNa2x1UFQyZm5JTDAtUERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY2qMA0G
CSqGSIb3DQEBCwUAA4IBAQCRU3fdQyDTjiO1Iz4WB9LO/+02Racc7lTq/2TTt2Lj
dgBPuWMz1I/i4jP/oiYAcWuJF/PMt+qs8P3OOg1Y7xC4BPlXxJjf5+4ZcXQdagQT
icd07VmsB/tcoMKlL/A3L/Yl09GesMAnLu0pcOkqklfgWBzMZ9wGs9as1+4o6Ekc
vWur5ElpRrEohc0ifPDW6OV4z4HKox9uNLAd8stYJBH7Fg1k2D5fe/4pFHp2g1wz
h85qxbP/q9hl9iSbgoKaKH7V58BDnyYSgbDSn0SCzNUutlr7LF2gGsX3InnnxIu0
pcImYi3oN1mv6/h3fKnnyUjgINE6Macf3ToqODHaZSZ8
-----END CERTIFICATE-----