Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/0LQRzIDRNUdWBd9Dydr2N_iC5jw.roa
File:                     0LQRzIDRNUdWBd9Dydr2N_iC5jw.roa (raw, json)
Hash identifier:          JhEvtgcGlQ0ucbJzBQZW4Y2YIF7BmFzYqZx6rOiR+Uc=
Subject key identifier:   D0:B4:11:CC:80:D1:35:47:56:05:DF:43:C9:DA:F6:37:F8:82:E6:3C
Certificate issuer:       /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial:       019DF88C38596BEF8F49355957FF8A82930D
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/0LQRzIDRNUdWBd9Dydr2N_iC5jw.roa
Signing time:             Tue 05 May 2026 14:30:32 +0000
ROA not before:           Tue 05 May 2026 14:30:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        159.253.164.0/24 maxlen: 24
                          159.253.165.0/24 maxlen: 24
                          159.253.166.0/24 maxlen: 24
                          159.253.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:8c:38:59:6b:ef:8f:49:35:59:57:ff:8a:82:93:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d894365b28a082834a751a97771b791124524dec
        Validity
            Not Before: May  5 14:30:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0b411cc80d135475605df43c9daf637f882e63c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b2:aa:d7:e0:34:02:54:43:24:51:cb:be:ad:
                    33:bc:4d:c1:b1:82:6d:f0:16:9d:87:06:5d:e3:5d:
                    bc:f9:60:73:a4:be:c6:36:f3:19:dc:05:ec:e0:4f:
                    c1:99:52:c9:3b:02:6e:f3:c9:72:d2:7a:e7:63:ce:
                    81:3f:7d:5c:b7:b4:64:3d:41:08:ea:eb:55:c2:4d:
                    51:1f:1c:51:2a:90:82:01:30:2b:2e:6a:ba:a6:84:
                    1d:38:f6:ed:82:69:14:ed:5a:dc:06:30:e4:d3:57:
                    f1:69:dc:d5:4f:85:7f:a8:db:79:c7:d5:5a:3c:85:
                    69:23:ec:43:01:e5:38:fd:14:9d:a1:a1:c9:2a:e4:
                    2b:2d:11:cf:d7:87:ea:6e:ea:d2:a3:22:73:01:86:
                    27:6e:92:0a:a1:42:7b:c2:39:31:4b:9e:76:e2:10:
                    90:c7:c5:35:fe:e4:09:83:1b:0a:4f:ea:9d:6f:77:
                    f6:b2:a2:ec:4d:01:ac:67:d8:48:a4:73:cd:52:bc:
                    8c:0a:e9:34:40:5c:2a:0b:70:2d:16:23:ed:56:da:
                    35:c4:6b:1c:d7:50:6b:c4:88:a2:79:66:32:44:27:
                    3a:7c:96:a4:a7:06:ed:21:06:29:cb:3d:32:5c:58:
                    2a:66:78:6b:ba:60:2c:9b:cb:68:16:3a:af:97:16:
                    4b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B4:11:CC:80:D1:35:47:56:05:DF:43:C9:DA:F6:37:F8:82:E6:3C
            X509v3 Authority Key Identifier:
                keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/0LQRzIDRNUdWBd9Dydr2N_iC5jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:77:0e:68:b3:92:67:e5:f7:76:b5:d6:d8:24:b4:57:a6:c5:
         d8:15:87:32:25:a0:3e:42:d1:ba:02:e3:16:ae:1e:e0:8c:78:
         93:08:4d:eb:76:fb:2d:ec:f4:b0:32:ee:57:7c:52:89:b2:64:
         0a:9b:f7:3f:98:12:90:f0:f7:9d:6f:1e:d9:51:fb:19:1b:b8:
         2d:b3:fb:2f:29:9b:ba:d8:fa:db:9d:69:99:2c:ec:26:4c:eb:
         e1:00:d0:8f:7c:31:20:64:46:dc:cf:91:0c:5c:d6:27:63:28:
         e4:08:57:86:89:f9:0b:ee:75:9b:a5:a0:54:98:de:58:ae:b2:
         b7:f5:46:32:b6:6f:41:60:b1:c4:12:e1:8e:d1:d6:9a:83:4f:
         af:63:99:d3:74:4d:f3:d5:4d:80:1a:6a:f2:d5:b5:9f:8e:d1:
         e8:e3:b1:4d:c6:15:fa:56:55:fb:28:68:ca:47:8e:63:f5:54:
         b9:b0:76:6c:ad:32:22:08:13:38:f8:1c:b7:da:16:05:9d:97:
         40:cf:10:78:ab:7a:4a:ee:04:b5:91:10:d4:f3:f4:e6:82:06:
         a4:76:e8:9b:99:84:8a:4a:0a:46:73:11:83:56:6a:7e:5b:60:
         52:f7:ac:11:f7:df:8f:f8:3d:04:d6:46:ad:3b:5d:f8:76:53:
         65:de:b0:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34jDhZa++PSTVZV/+KgpMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjYwNTA1MTQzMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGI0MTFjYzgwZDEzNTQ3NTYwNWRmNDNjOWRhZjYzN2Y4ODJlNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bKq1+A0AlRDJFHLvq0zvE3BsYJt
8BadhwZd4128+WBzpL7GNvMZ3AXs4E/BmVLJOwJu88ly0nrnY86BP31ct7RkPUEI
6utVwk1RHxxRKpCCATArLmq6poQdOPbtgmkU7VrcBjDk01fxadzVT4V/qNt5x9Va
PIVpI+xDAeU4/RSdoaHJKuQrLRHP14fqburSoyJzAYYnbpIKoUJ7wjkxS5524hCQ
x8U1/uQJgxsKT+qdb3f2sqLsTQGsZ9hIpHPNUryMCuk0QFwqC3AtFiPtVto1xGsc
11BrxIiieWYyRCc6fJakpwbtIQYpyz0yXFgqZnhrumAsm8toFjqvlxZLdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNC0EcyA0TVHVgXfQ8na9jf4guY8MB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvMExRUnpJRFJOVWRXQmQ5RHlkcjJOX2lDNWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCn/2kMA0G
CSqGSIb3DQEBCwUAA4IBAQBjdw5os5Jn5fd2tdbYJLRXpsXYFYcyJaA+QtG6AuMW
rh7gjHiTCE3rdvst7PSwMu5XfFKJsmQKm/c/mBKQ8Pedbx7ZUfsZG7gts/svKZu6
2PrbnWmZLOwmTOvhANCPfDEgZEbcz5EMXNYnYyjkCFeGifkL7nWbpaBUmN5YrrK3
9UYytm9BYLHEEuGO0daag0+vY5nTdE3z1U2AGmry1bWfjtHo47FNxhX6VlX7KGjK
R45j9VS5sHZsrTIiCBM4+By32hYFnZdAzxB4q3pK7gS1kRDU8/TmggakduibmYSK
SgpGcxGDVmp+W2BS96wR99+P+D0E1katO134dlNl3rAG
-----END CERTIFICATE-----