Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/aovwN91NEgZX2X3GP_tQlRsW1Ss.roa
File:                     aovwN91NEgZX2X3GP_tQlRsW1Ss.roa (raw, json)
Hash identifier:          gZykcCdPccmUB3tu5P6AdoMPNlZqzHGVugqjpjSgpVM=
Subject key identifier:   6A:8B:F0:37:DD:4D:12:06:57:D9:7D:C6:3F:FB:50:95:1B:16:D5:2B
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019E036170695F79CEB1CAD4A7A3588128E6
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/aovwN91NEgZX2X3GP_tQlRsW1Ss.roa
Signing time:             Thu 07 May 2026 16:59:37 +0000
ROA not before:           Thu 07 May 2026 16:59:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208751
IP address blocks:        153.76.5.0/24 maxlen: 24
                          2a0f:b240:6200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:51:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:61:70:69:5f:79:ce:b1:ca:d4:a7:a3:58:81:28:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: May  7 16:59:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a8bf037dd4d120657d97dc63ffb50951b16d52b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:37:fa:16:94:6c:69:18:2f:a5:84:89:bb:30:
                    9c:cd:48:36:2e:ea:f4:66:82:ac:c7:da:fa:2e:a3:
                    0a:dd:e3:96:7f:00:98:0e:91:60:32:77:b3:48:d8:
                    79:56:2c:ec:97:23:37:c6:55:69:aa:d3:18:a9:ca:
                    05:93:0c:71:79:cd:41:68:8c:b7:c9:0c:be:80:27:
                    cb:ee:71:93:c9:54:91:d5:dc:85:81:40:df:95:f9:
                    15:aa:ec:5b:34:af:05:f9:3f:d1:0d:78:4f:b4:0e:
                    a1:e1:4b:e8:53:00:18:03:4a:24:2f:d3:4a:01:0b:
                    0c:14:4b:1a:f6:e6:9f:81:35:e0:ea:91:f4:5a:12:
                    d7:81:02:a8:bc:b5:78:1a:74:c4:11:a6:90:3e:a8:
                    14:24:7f:50:a2:fd:a1:4a:ba:a7:c8:9e:66:bb:a0:
                    bc:62:c9:7c:ed:06:cd:0b:d8:8e:92:e5:b4:5e:29:
                    59:04:21:3b:f2:65:ad:5c:1c:4f:f4:21:0b:2a:63:
                    a2:1d:39:fc:35:c5:39:59:da:f5:20:27:00:3a:1f:
                    da:1e:34:71:8c:52:9c:3a:10:d6:fb:a6:ff:50:16:
                    41:74:57:f4:16:4b:ef:5e:ab:d0:b9:ed:f5:ca:8c:
                    c6:f9:16:77:5c:72:b0:25:47:61:ac:17:b6:53:43:
                    90:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8B:F0:37:DD:4D:12:06:57:D9:7D:C6:3F:FB:50:95:1B:16:D5:2B
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/aovwN91NEgZX2X3GP_tQlRsW1Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.5.0/24
                IPv6:
                  2a0f:b240:6200::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:e4:dd:54:40:d2:f5:40:5d:18:c0:42:71:a8:1d:03:d1:be:
         08:42:b5:cf:fb:bb:86:94:9a:7b:e9:98:ca:84:a6:83:aa:54:
         e2:c0:06:b4:71:39:3a:6d:fb:b2:d1:b2:85:16:24:1b:e0:1d:
         c2:53:bc:37:0c:cf:ae:e1:d8:cc:9c:e0:15:0d:3c:9c:4c:c4:
         ed:01:11:9e:8f:b8:fd:dc:b1:fc:63:24:9f:ac:77:c4:bd:27:
         9a:73:a0:c5:2d:6d:32:12:6c:d4:91:15:5c:a4:31:0d:82:ef:
         a5:25:4f:bf:51:c7:6f:14:14:77:7c:d7:d6:88:a8:da:02:2b:
         e2:d8:7e:80:0d:63:27:16:37:c3:62:f8:a1:c2:10:18:ba:2c:
         f6:07:29:ce:d4:1a:5b:19:f2:b4:49:3d:73:86:13:c2:48:a5:
         b6:78:8c:b7:6f:2a:ba:0c:76:24:94:de:c1:ef:8c:76:e9:2d:
         ef:45:ca:ab:d7:da:f0:71:50:e8:ac:33:e0:57:a3:8f:de:95:
         f6:33:6e:78:69:41:07:c3:be:93:f6:83:af:b4:60:a2:af:cc:
         52:d1:1e:b7:01:b0:e4:1e:06:bc:92:bc:a2:aa:b9:3a:59:a1:
         f8:ad:77:7c:85:fa:32:18:7b:fa:10:79:a4:45:df:0d:ca:f2:
         40:e4:4a:a4
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ4DYXBpX3nOscrUp6NYgSjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwNTA3MTY1OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YThiZjAzN2RkNGQxMjA2NTdkOTdkYzYzZmZiNTA5NTFiMTZkNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzf6FpRsaRgvpYSJuzCczUg2Lur0
ZoKsx9r6LqMK3eOWfwCYDpFgMnezSNh5VizslyM3xlVpqtMYqcoFkwxxec1BaIy3
yQy+gCfL7nGTyVSR1dyFgUDflfkVquxbNK8F+T/RDXhPtA6h4UvoUwAYA0okL9NK
AQsMFEsa9uafgTXg6pH0WhLXgQKovLV4GnTEEaaQPqgUJH9Qov2hSrqnyJ5mu6C8
Ysl87QbNC9iOkuW0XilZBCE78mWtXBxP9CELKmOiHTn8NcU5Wdr1ICcAOh/aHjRx
jFKcOhDW+6b/UBZBdFf0FkvvXqvQue31yozG+RZ3XHKwJUdhrBe2U0OQsQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGqL8DfdTRIGV9l9xj/7UJUbFtUrMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvYW92d045MU5FZ1pYMlgzR1BfdFFsUnNXMVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAmUwFMA4E
AgACMAgDBgAqD7JAYjANBgkqhkiG9w0BAQsFAAOCAQEAOOTdVEDS9UBdGMBCcagd
A9G+CEK1z/u7hpSae+mYyoSmg6pU4sAGtHE5Om37stGyhRYkG+AdwlO8NwzPruHY
zJzgFQ08nEzE7QERno+4/dyx/GMkn6x3xL0nmnOgxS1tMhJs1JEVXKQxDYLvpSVP
v1HHbxQUd3zX1oio2gIr4th+gA1jJxY3w2L4ocIQGLos9gcpztQaWxnytEk9c4YT
wkiltniMt28qugx2JJTewe+Mdukt70XKq9fa8HFQ6Kwz4Fejj96V9jNueGlBB8O+
k/aDr7Rgoq/MUtEetwGw5B4GvJK8oqq5Olmh+K13fIX6Mhh7+hB5pEXfDcryQORK
pA==
-----END CERTIFICATE-----