Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/DJwvXIkA1SG74GASfuKEW7UX7cg.roa
File:                     DJwvXIkA1SG74GASfuKEW7UX7cg.roa (raw, json)
Hash identifier:          wSfIhoq013SDvKlMc53vdtZko4rBxdt5e4YHfgQWP9Y=
Subject key identifier:   0C:9C:2F:5C:89:00:D5:21:BB:E0:60:12:7E:E2:84:5B:B5:17:ED:C8
Certificate issuer:       /CN=794838864d6805162693bdf249f3b8ac31f680bd
Certificate serial:       019DDCF27054599419F7C07A5621EA18B220
Authority key identifier: 79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/DJwvXIkA1SG74GASfuKEW7UX7cg.roa
Signing time:             Thu 30 Apr 2026 05:52:49 +0000
ROA not before:           Thu 30 Apr 2026 05:52:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136557
IP address blocks:        201.78.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dc:f2:70:54:59:94:19:f7:c0:7a:56:21:ea:18:b2:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794838864d6805162693bdf249f3b8ac31f680bd
        Validity
            Not Before: Apr 30 05:52:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c9c2f5c8900d521bbe060127ee2845bb517edc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:db:be:b6:63:23:d8:ae:ee:ac:1a:87:33:03:
                    ec:e4:57:96:b4:5a:e6:ff:2d:f9:b1:4a:fc:82:ee:
                    e4:b7:f1:3f:8a:31:94:9c:9a:5b:36:4e:96:51:53:
                    c0:69:d7:e6:07:2b:37:32:fe:78:05:a0:21:7d:b3:
                    d0:f3:0f:9f:e5:06:20:5f:ed:e8:9b:05:cf:a8:0b:
                    e1:3d:0a:d9:b6:9f:ef:fb:13:5b:e4:25:e0:5c:69:
                    18:98:32:2f:69:1a:46:81:14:c8:b1:dd:66:3a:10:
                    6a:01:98:3b:1b:45:21:3f:19:9e:0c:7d:34:ec:71:
                    12:5f:8c:f5:a4:e9:6e:c4:97:08:57:6c:44:a0:e7:
                    81:69:31:fd:fa:df:ac:06:01:3e:e5:80:af:28:5b:
                    32:76:c0:be:05:01:51:bf:86:58:a4:f3:da:04:b8:
                    1a:b8:02:bf:18:12:57:fe:d9:ab:eb:06:71:2b:82:
                    73:9a:97:84:6f:20:3d:04:4c:10:67:a3:7a:3d:1c:
                    7c:d8:95:78:fd:3c:9e:fb:ad:b4:79:cb:28:c2:90:
                    99:a7:08:b8:fb:0e:ce:07:20:03:26:f9:5c:27:98:
                    9f:f1:43:e8:1b:d7:22:cd:4d:9f:90:89:ba:d7:03:
                    2d:de:98:c5:de:52:bd:c1:11:e4:80:e9:e4:3f:7d:
                    1d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9C:2F:5C:89:00:D5:21:BB:E0:60:12:7E:E2:84:5B:B5:17:ED:C8
            X509v3 Authority Key Identifier:
                keyid:79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/DJwvXIkA1SG74GASfuKEW7UX7cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.78.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:cd:12:09:75:0e:7d:ad:ee:f5:e5:24:52:b7:04:9f:6c:e2:
         72:5b:b7:c2:ae:e2:5b:96:44:d7:9f:34:5f:01:a9:e2:06:98:
         78:57:4f:c5:12:e5:37:87:72:fd:ef:6c:7c:7e:59:05:98:d3:
         1d:02:19:38:3b:5b:ae:00:aa:c2:63:ee:9b:37:14:0e:a1:ad:
         c0:3c:fe:a5:52:60:ce:ec:da:67:23:47:9a:50:f6:ad:c6:87:
         ab:a0:bf:3f:df:56:e9:fd:99:ed:9a:f0:9b:47:8a:43:29:d4:
         f8:f5:d0:f7:a6:bb:bc:63:14:91:2a:3e:b3:ee:6f:e4:a6:0e:
         47:63:05:98:e0:94:fb:ba:8d:b1:18:80:11:f4:63:27:eb:52:
         14:a1:c7:30:f1:05:b7:01:00:49:99:c8:f3:e5:23:47:40:7a:
         f8:d5:df:fd:c9:be:0e:19:ee:3d:48:76:bc:40:ed:ce:e6:da:
         26:8c:fb:28:7c:d1:be:97:36:20:cd:30:10:43:1f:31:e7:bd:
         eb:74:cf:1d:6a:4f:9f:d9:ca:4d:dc:5a:3f:bd:d8:1c:25:90:
         92:12:d0:be:dc:a8:13:63:49:71:c6:c8:74:8e:e2:04:00:cd:
         c5:a9:bd:cd:75:b9:65:80:13:fe:c8:35:0b:aa:4f:3c:9a:ba:
         8b:af:b1:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3c8nBUWZQZ98B6ViHqGLIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDgzODg2NGQ2ODA1MTYyNjkzYmRmMjQ5ZjNiOGFjMzFm
NjgwYmQwHhcNMjYwNDMwMDU1MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzljMmY1Yzg5MDBkNTIxYmJlMDYwMTI3ZWUyODQ1YmI1MTdlZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtu+tmMj2K7urBqHMwPs5FeWtFrm
/y35sUr8gu7kt/E/ijGUnJpbNk6WUVPAadfmBys3Mv54BaAhfbPQ8w+f5QYgX+3o
mwXPqAvhPQrZtp/v+xNb5CXgXGkYmDIvaRpGgRTIsd1mOhBqAZg7G0UhPxmeDH00
7HESX4z1pOluxJcIV2xEoOeBaTH9+t+sBgE+5YCvKFsydsC+BQFRv4ZYpPPaBLga
uAK/GBJX/tmr6wZxK4JzmpeEbyA9BEwQZ6N6PRx82JV4/Tye+620ecsowpCZpwi4
+w7OByADJvlcJ5if8UPoG9cizU2fkIm61wMt3pjF3lK9wRHkgOnkP30dwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAycL1yJANUhu+BgEn7ihFu1F+3IMB8GA1UdIwQY
MBaAFHlIOIZNaAUWJpO98knzuKwx9oC9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYt
YTBlNzBlNTA1NmVmLzEvREp3dlhJa0ExU0c3NEdBU2Z1S0VXN1VYN2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYtYTBlNzBlNTA1NmVm
LzEvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBVzRIJdQ59re715SRStwSfbOJyW7fCruJblkTXnzRf
AaniBph4V0/FEuU3h3L972x8flkFmNMdAhk4O1uuAKrCY+6bNxQOoa3APP6lUmDO
7NpnI0eaUPatxoeroL8/31bp/ZntmvCbR4pDKdT49dD3pru8YxSRKj6z7m/kpg5H
YwWY4JT7uo2xGIAR9GMn61IUoccw8QW3AQBJmcjz5SNHQHr41d/9yb4OGe49SHa8
QO3O5tomjPsofNG+lzYgzTAQQx8x573rdM8dak+f2cpN3Fo/vdgcJZCSEtC+3KgT
Y0lxxsh0juIEAM3Fqb3NdbllgBP+yDULqk88mrqLr7HL
-----END CERTIFICATE-----