Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/AhAcdKgAbaxev6WZheq94rPVhy4.roa
File:                     AhAcdKgAbaxev6WZheq94rPVhy4.roa (raw, json)
Hash identifier:          jnz0tuvjSI9nchLY2GePdtWDuCFuuGK4nahWThqEMJU=
Subject key identifier:   02:10:1C:74:A8:00:6D:AC:5E:BF:A5:99:85:EA:BD:E2:B3:D5:87:2E
Certificate issuer:       /CN=877af274b731134ccbc26728f937da03058dd73b
Certificate serial:       019DF88A63628C8710559126EA0684E7929A
Authority key identifier: 87:7A:F2:74:B7:31:13:4C:CB:C2:67:28:F9:37:DA:03:05:8D:D7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/AhAcdKgAbaxev6WZheq94rPVhy4.roa
Signing time:             Tue 05 May 2026 14:28:31 +0000
ROA not before:           Tue 05 May 2026 14:28:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        217.180.16.0/24 maxlen: 24
                          217.180.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:8a:63:62:8c:87:10:55:91:26:ea:06:84:e7:92:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877af274b731134ccbc26728f937da03058dd73b
        Validity
            Not Before: May  5 14:28:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02101c74a8006dac5ebfa59985eabde2b3d5872e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:52:6c:e4:4e:f0:7d:09:1e:48:7d:20:73:fe:
                    c2:84:a9:7f:39:10:cf:a7:87:c3:0f:b6:2d:70:db:
                    47:7b:d9:56:a7:ad:f2:af:31:11:07:86:e2:2f:f0:
                    8a:b3:f0:cc:64:04:4c:e0:ae:44:2e:17:c1:f1:24:
                    3b:0b:9d:3b:3c:68:54:c3:57:e5:2b:ba:b7:68:85:
                    c7:36:37:b2:d2:97:c1:57:9f:93:b8:f6:ec:8a:e9:
                    d7:f3:3a:e5:42:e0:7e:e9:42:41:9d:a4:76:56:64:
                    ec:eb:b5:76:41:4c:1c:be:b5:e7:82:23:d7:33:de:
                    1b:50:24:63:c8:f2:6d:59:e4:ba:4c:9b:03:ac:eb:
                    7b:8a:3e:50:0b:a4:b4:e9:13:6e:61:d3:75:97:55:
                    b5:86:24:c2:5b:42:ae:18:2b:a5:28:79:84:46:e2:
                    2f:79:c5:b2:b4:31:56:4a:d2:b9:67:53:dc:9d:23:
                    8a:ae:34:07:41:a0:f1:c7:fb:23:79:ff:17:e7:67:
                    5b:ba:66:55:8b:86:20:5e:82:e1:01:99:63:b1:43:
                    0a:a7:4e:8c:bd:1e:93:66:28:da:47:04:bf:86:fa:
                    74:18:41:1d:81:4c:d9:e6:f0:12:2c:6b:aa:8d:ad:
                    1b:65:f5:76:f9:22:64:71:eb:84:2f:6f:e6:f3:ea:
                    f9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:10:1C:74:A8:00:6D:AC:5E:BF:A5:99:85:EA:BD:E2:B3:D5:87:2E
            X509v3 Authority Key Identifier:
                keyid:87:7A:F2:74:B7:31:13:4C:CB:C2:67:28:F9:37:DA:03:05:8D:D7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/AhAcdKgAbaxev6WZheq94rPVhy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:fa:f6:21:78:e9:a6:9d:b2:ad:b2:d0:69:58:f4:16:c5:cc:
         2e:34:9d:d3:c4:14:90:a0:ff:ef:c4:6e:d3:cf:f0:ea:31:25:
         f4:b4:6c:4b:94:70:56:30:0b:62:92:bb:d7:83:46:6e:c9:ee:
         5e:de:2a:2f:57:d6:97:43:63:30:a0:4b:1f:19:f1:55:f7:f1:
         37:ce:6c:07:49:35:a3:6b:4f:30:6e:56:98:18:61:e8:a4:11:
         64:6b:41:94:98:e1:2e:62:e9:51:9c:e0:8c:3c:78:88:f8:2c:
         24:3d:6b:a6:fd:cf:13:f1:2a:0a:e3:11:2e:85:95:c6:cc:1a:
         03:6f:2d:23:bc:8b:fc:34:25:ec:0a:74:58:56:f1:a6:ef:96:
         31:4c:5a:c9:3d:0a:f4:38:25:67:73:e6:0f:b8:17:65:1a:d8:
         4b:8d:0b:12:38:e7:9f:ae:f6:fd:d4:0c:a4:17:ab:2e:59:04:
         d2:23:40:d7:d7:fc:63:1b:5f:7e:13:e1:aa:f9:cd:03:d1:a2:
         04:ad:da:51:ad:77:97:1a:a8:c4:5a:9f:0f:5d:25:53:06:35:
         5d:e1:38:9b:79:5f:c4:c9:59:dd:4a:ed:76:16:f2:48:4b:e4:
         9d:f5:42:5f:48:37:38:44:b9:30:4d:36:0e:a4:75:e5:6c:3a:
         2b:6e:6d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34imNijIcQVZEm6gaE55KaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2FmMjc0YjczMTEzNGNjYmMyNjcyOGY5MzdkYTAzMDU4
ZGQ3M2IwHhcNMjYwNTA1MTQyODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjEwMWM3NGE4MDA2ZGFjNWViZmE1OTk4NWVhYmRlMmIzZDU4NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FJs5E7wfQkeSH0gc/7ChKl/ORDP
p4fDD7YtcNtHe9lWp63yrzERB4biL/CKs/DMZARM4K5ELhfB8SQ7C507PGhUw1fl
K7q3aIXHNjey0pfBV5+TuPbsiunX8zrlQuB+6UJBnaR2VmTs67V2QUwcvrXngiPX
M94bUCRjyPJtWeS6TJsDrOt7ij5QC6S06RNuYdN1l1W1hiTCW0KuGCulKHmERuIv
ecWytDFWStK5Z1PcnSOKrjQHQaDxx/sjef8X52dbumZVi4YgXoLhAZljsUMKp06M
vR6TZijaRwS/hvp0GEEdgUzZ5vASLGuqja0bZfV2+SJkceuEL2/m8+r5swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIQHHSoAG2sXr+lmYXqveKz1YcuMB8GA1UdIwQY
MBaAFId68nS3MRNMy8JnKPk32gMFjdc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNyeWRMY3hFMHpMd21jby1UZmFBd1dOMXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82ODk4MTYtNjM5OS00MzI1LTkyODYt
ZjEzYWUzMmMxOGYwLzEvQWhBY2RLZ0FiYXhldjZXWmhlcTk0clBWaHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82ODk4MTYtNjM5OS00MzI1LTkyODYtZjEzYWUzMmMxOGYw
LzEvaDNyeWRMY3hFMHpMd21jby1UZmFBd1dOMXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2bQQMA0G
CSqGSIb3DQEBCwUAA4IBAQAs+vYheOmmnbKtstBpWPQWxcwuNJ3TxBSQoP/vxG7T
z/DqMSX0tGxLlHBWMAtikrvXg0Zuye5e3iovV9aXQ2MwoEsfGfFV9/E3zmwHSTWj
a08wblaYGGHopBFka0GUmOEuYulRnOCMPHiI+CwkPWum/c8T8SoK4xEuhZXGzBoD
by0jvIv8NCXsCnRYVvGm75YxTFrJPQr0OCVnc+YPuBdlGthLjQsSOOefrvb91Ayk
F6suWQTSI0DX1/xjG19+E+Gq+c0D0aIErdpRrXeXGqjEWp8PXSVTBjVd4TibeV/E
yVndSu12FvJIS+Sd9UJfSDc4RLkwTTYOpHXlbDorbm0U
-----END CERTIFICATE-----