Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/5KIVeVQ6ATgB8-zTA_htC2jHMDw.roa
File:                     5KIVeVQ6ATgB8-zTA_htC2jHMDw.roa (raw, json)
Hash identifier:          zOXJ05ZKtRDWujtbHatrIa70pfwaUeWS9EUsC9cnW6o=
Subject key identifier:   E4:A2:15:79:54:3A:01:38:01:F3:EC:D3:03:F8:6D:0B:68:C7:30:3C
Certificate issuer:       /CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
Certificate serial:       019DF8068D74DB7FA6DAA1F026FC156165D5
Authority key identifier: A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/5KIVeVQ6ATgB8-zTA_htC2jHMDw.roa
Signing time:             Tue 05 May 2026 12:04:32 +0000
ROA not before:           Tue 05 May 2026 12:04:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47376
IP address blocks:        91.219.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:06:8d:74:db:7f:a6:da:a1:f0:26:fc:15:61:65:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
        Validity
            Not Before: May  5 12:04:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4a21579543a013801f3ecd303f86d0b68c7303c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:29:b8:64:d2:1c:99:69:13:9d:ab:63:66:3f:
                    db:96:8d:1c:df:e2:01:91:b1:9e:1a:30:03:48:b0:
                    90:8e:ac:44:4c:d8:99:1a:9e:21:79:29:bc:6b:1e:
                    da:b0:fc:cd:b0:4b:53:82:76:cf:c4:fd:28:85:1e:
                    b2:04:53:4e:04:4d:94:c2:8e:ff:22:60:7a:d3:1b:
                    7b:2a:25:2d:6d:29:f1:b6:f0:be:4c:b0:d4:8a:b2:
                    67:7b:cf:0e:10:8b:b8:a3:2c:f1:bd:9c:74:af:c3:
                    6c:83:3c:ee:7e:52:c9:82:c6:c1:83:ec:36:97:de:
                    f7:4d:56:a4:a8:43:cd:65:22:78:4d:6b:03:91:07:
                    fd:6b:ee:15:eb:4a:0c:6d:7a:7a:b4:2c:a8:a0:a8:
                    5a:41:de:9d:c9:10:fa:e1:ee:0e:44:0a:ca:64:10:
                    0a:2a:fe:27:1a:e5:76:6f:3c:52:db:74:e1:34:fc:
                    b9:c1:5b:52:f6:be:a6:bc:6e:ae:15:09:d2:8a:3f:
                    2d:45:a6:fd:36:67:7b:3b:40:f6:b9:ac:39:24:b3:
                    f0:6b:f3:67:72:c2:a2:7e:69:da:21:09:6d:30:19:
                    62:9d:8a:f8:0a:dd:88:94:6f:f0:e4:4e:65:88:e8:
                    c6:b7:d3:78:5f:64:05:ab:fe:b5:cb:a9:7e:29:89:
                    2d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A2:15:79:54:3A:01:38:01:F3:EC:D3:03:F8:6D:0B:68:C7:30:3C
            X509v3 Authority Key Identifier:
                keyid:A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/5KIVeVQ6ATgB8-zTA_htC2jHMDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:1a:a3:9d:be:ad:d1:bf:90:3c:7b:09:2b:6d:85:a0:7e:70:
         31:8b:fe:d0:ed:fb:e7:c1:d1:63:1c:30:6b:10:58:c8:40:72:
         f6:73:6f:1d:d6:e9:2e:83:bd:14:63:0a:3a:10:f7:ed:89:55:
         34:f0:21:98:91:41:8e:95:11:94:c6:41:9d:e8:1d:ff:a3:f8:
         35:ed:49:16:19:e9:bb:33:01:e8:ef:81:c5:19:f7:38:bd:bf:
         d9:e1:56:a8:41:db:a1:52:aa:33:7e:2c:b4:a5:c4:f0:8f:d0:
         48:15:89:3d:ad:d6:ae:03:0e:0c:85:2a:41:56:27:cf:ca:cb:
         e6:3b:cf:0a:aa:ca:2c:d3:0a:d3:bf:89:c2:75:60:8b:fc:46:
         05:1f:48:ec:9f:a9:5e:3c:56:63:c6:69:32:d8:ee:a9:54:a2:
         ad:f4:76:b6:e0:6e:61:84:95:1f:ba:3d:56:1f:72:21:82:94:
         0c:df:86:f5:82:d1:3c:2a:5c:8a:1b:87:76:cc:e6:3b:75:3b:
         2f:2f:3a:9e:6e:cd:89:bc:a2:0f:d4:3a:cd:bd:67:bc:ac:56:
         af:9e:89:00:52:63:7b:1f:eb:2b:8a:a0:21:89:e2:74:c8:a4:
         f6:c8:7a:f8:d4:40:8d:77:e4:e8:b4:7f:b2:dd:c9:71:5b:4f:
         69:32:a6:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34Bo1023+m2qHwJvwVYWXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWI2NzBlODE0NmVmNTI3NGFlNDVlYjMwZDI5ZTk3MDA2
NWJhMmMwHhcNMjYwNTA1MTIwNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEyMTU3OTU0M2EwMTM4MDFmM2VjZDMwM2Y4NmQwYjY4YzczMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Cm4ZNIcmWkTnatjZj/blo0c3+IB
kbGeGjADSLCQjqxETNiZGp4heSm8ax7asPzNsEtTgnbPxP0ohR6yBFNOBE2Uwo7/
ImB60xt7KiUtbSnxtvC+TLDUirJne88OEIu4oyzxvZx0r8NsgzzuflLJgsbBg+w2
l973TVakqEPNZSJ4TWsDkQf9a+4V60oMbXp6tCyooKhaQd6dyRD64e4ORArKZBAK
Kv4nGuV2bzxS23ThNPy5wVtS9r6mvG6uFQnSij8tRab9Nmd7O0D2uaw5JLPwa/Nn
csKifmnaIQltMBlinYr4Ct2IlG/w5E5liOjGt9N4X2QFq/61y6l+KYktRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSiFXlUOgE4AfPs0wP4bQtoxzA8MB8GA1UdIwQY
MBaAFKOrZw6BRu9SdK5F6zDSnpcAZbosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzIt
NjBkNWJlMWI3ZGE5LzEvNUtJVmVWUTZBVGdCOC16VEFfaHRDMmpITUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzItNjBkNWJlMWI3ZGE5
LzEvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9t0MA0G
CSqGSIb3DQEBCwUAA4IBAQBpGqOdvq3Rv5A8ewkrbYWgfnAxi/7Q7fvnwdFjHDBr
EFjIQHL2c28d1ukug70UYwo6EPftiVU08CGYkUGOlRGUxkGd6B3/o/g17UkWGem7
MwHo74HFGfc4vb/Z4VaoQduhUqozfiy0pcTwj9BIFYk9rdauAw4MhSpBVifPysvm
O88Kqsos0wrTv4nCdWCL/EYFH0jsn6lePFZjxmky2O6pVKKt9Ha24G5hhJUfuj1W
H3IhgpQM34b1gtE8KlyKG4d2zOY7dTsvLzqebs2JvKIP1DrNvWe8rFavnokAUmN7
H+sriqAhieJ0yKT2yHr41ECNd+TotH+y3clxW09pMqZ3
-----END CERTIFICATE-----