Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/u312KxFFDJlfhr5LqS3Q2p_us5w.roa
File:                     u312KxFFDJlfhr5LqS3Q2p_us5w.roa (raw, json)
Hash identifier:          5O6DXvEWzNyBl60bcUjdQcMwnkfMPhxzOuDi1SOM5Ro=
Subject key identifier:   BB:7D:76:2B:11:45:0C:99:5F:86:BE:4B:A9:2D:D0:DA:9F:EE:B3:9C
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       019DFC664FA84F2A22B41CAD7FDAA7E70962
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/u312KxFFDJlfhr5LqS3Q2p_us5w.roa
Signing time:             Wed 06 May 2026 08:27:36 +0000
ROA not before:           Wed 06 May 2026 08:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48763
IP address blocks:        217.171.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:66:4f:a8:4f:2a:22:b4:1c:ad:7f:da:a7:e7:09:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: May  6 08:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb7d762b11450c995f86be4ba92dd0da9feeb39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4a:f6:97:03:27:c9:5f:52:00:dc:9a:35:c3:
                    c9:71:f1:23:f9:56:c7:19:6b:a5:62:2e:8b:7a:eb:
                    f1:c4:d6:6a:ae:92:22:5f:06:64:6c:dc:37:96:a4:
                    8c:73:e9:fe:12:07:5f:e7:4d:9c:f8:d9:a4:6d:2a:
                    e7:44:6c:4a:6e:5c:fa:44:db:64:b9:09:9f:f3:16:
                    76:65:18:9d:60:31:fa:82:f0:15:22:33:b4:c2:c4:
                    ba:99:ec:bc:c4:33:85:47:2e:cd:c7:d1:82:01:08:
                    c4:40:5c:38:74:b9:86:15:1c:c1:b5:98:9d:d5:90:
                    fc:ef:c5:99:cb:69:12:59:9e:56:a7:70:ef:44:46:
                    cb:1b:d1:b0:85:3d:24:9c:5b:99:73:6c:ab:26:77:
                    77:99:65:82:9a:b6:ee:7d:73:0b:f0:d0:3d:a6:a2:
                    5f:28:1a:34:04:fb:87:63:28:6d:77:6c:42:1a:54:
                    9d:01:68:7a:70:20:2c:46:55:52:a3:d2:f5:fb:30:
                    ca:0b:cd:eb:e9:dd:8e:05:89:2e:eb:7a:47:8c:be:
                    61:66:ce:5a:1c:54:4c:4f:14:4f:87:46:6b:f4:30:
                    47:b0:84:1b:ca:4b:e8:fb:0b:3b:83:c9:3f:2c:bf:
                    13:3e:1a:93:b7:81:a0:3b:25:5a:77:a0:98:b5:43:
                    87:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:7D:76:2B:11:45:0C:99:5F:86:BE:4B:A9:2D:D0:DA:9F:EE:B3:9C
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/u312KxFFDJlfhr5LqS3Q2p_us5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.171.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:b0:25:52:fa:d3:8d:46:f5:52:d8:b2:e6:fc:e4:93:98:b3:
         75:d7:1e:f0:6e:43:46:6c:91:40:6e:03:ca:4a:e4:9a:4d:29:
         cd:62:1c:86:8e:98:6c:7a:d1:7a:30:a3:d6:d4:ee:97:b7:b8:
         71:c3:c6:fc:a2:16:a0:73:f5:3f:c8:18:cd:22:b3:fb:18:aa:
         0a:07:9c:52:23:68:10:1f:52:1e:8c:7b:ed:e8:be:5a:16:80:
         4c:db:e4:d8:6b:d9:39:0f:4a:6b:da:6a:1c:cf:0d:17:b0:64:
         fe:3e:8d:79:3a:aa:06:a5:63:b2:ae:2d:0c:e1:95:0c:13:b7:
         f3:96:f9:68:2f:01:29:a4:fa:09:8c:05:52:ef:00:28:b2:1f:
         54:ae:d7:4d:94:07:a2:62:5a:9f:6e:ec:e3:90:00:f8:d0:a8:
         cf:94:6c:2f:6e:ed:24:d7:2d:d6:d1:a2:dc:ea:7c:92:fd:27:
         57:b7:af:75:96:d7:af:81:02:de:0a:d5:c8:b7:2d:fe:49:90:
         b6:df:2c:32:03:3c:20:2e:56:8e:a6:c7:71:02:03:53:3f:23:
         a2:fd:df:52:1e:66:24:9b:c2:11:ba:d6:ff:16:46:25:60:3c:
         97:d7:73:8d:52:e5:a1:7f:4f:55:fe:57:97:86:03:f3:d3:1d:
         00:97:ce:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ38Zk+oTyoitBytf9qn5wliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjYwNTA2MDgyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjdkNzYyYjExNDUwYzk5NWY4NmJlNGJhOTJkZDBkYTlmZWViMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkr2lwMnyV9SANyaNcPJcfEj+VbH
GWulYi6LeuvxxNZqrpIiXwZkbNw3lqSMc+n+Egdf502c+NmkbSrnRGxKblz6RNtk
uQmf8xZ2ZRidYDH6gvAVIjO0wsS6mey8xDOFRy7Nx9GCAQjEQFw4dLmGFRzBtZid
1ZD878WZy2kSWZ5Wp3DvREbLG9GwhT0knFuZc2yrJnd3mWWCmrbufXML8NA9pqJf
KBo0BPuHYyhtd2xCGlSdAWh6cCAsRlVSo9L1+zDKC83r6d2OBYku63pHjL5hZs5a
HFRMTxRPh0Zr9DBHsIQbykvo+ws7g8k/LL8TPhqTt4GgOyVad6CYtUOHqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLt9disRRQyZX4a+S6kt0Nqf7rOcMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvdTMxMkt4RkZESmxmaHI1THFTM1EycF91czV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2auTMA0G
CSqGSIb3DQEBCwUAA4IBAQBJsCVS+tONRvVS2LLm/OSTmLN11x7wbkNGbJFAbgPK
SuSaTSnNYhyGjphsetF6MKPW1O6Xt7hxw8b8ohagc/U/yBjNIrP7GKoKB5xSI2gQ
H1IejHvt6L5aFoBM2+TYa9k5D0pr2moczw0XsGT+Po15OqoGpWOyri0M4ZUME7fz
lvloLwEppPoJjAVS7wAosh9UrtdNlAeiYlqfbuzjkAD40KjPlGwvbu0k1y3W0aLc
6nyS/SdXt691ltevgQLeCtXIty3+SZC23ywyAzwgLlaOpsdxAgNTPyOi/d9SHmYk
m8IRutb/FkYlYDyX13ONUuWhf09V/leXhgPz0x0Al861
-----END CERTIFICATE-----