Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/5YHMBC0VodXZbHuQ51XhYOh2u3M.roa
File:                     5YHMBC0VodXZbHuQ51XhYOh2u3M.roa (raw, json)
Hash identifier:          k5Z/DaH5PMWSdfAyzNbmSPv5sh+fLZEdzkZBFkv5NY4=
Subject key identifier:   E5:81:CC:04:2D:15:A1:D5:D9:6C:7B:90:E7:55:E1:60:E8:76:BB:73
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       019CF62118776A500B777218DD54F8373DDB
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/5YHMBC0VodXZbHuQ51XhYOh2u3M.roa
Signing time:             Mon 16 Mar 2026 10:11:29 +0000
ROA not before:           Mon 16 Mar 2026 10:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        217.77.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 10:11:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:21:18:77:6a:50:0b:77:72:18:dd:54:f8:37:3d:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Mar 16 10:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e581cc042d15a1d5d96c7b90e755e160e876bb73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:3c:08:11:4a:48:74:b4:7e:8c:b2:15:61:54:
                    b4:0c:f2:25:ca:5f:f1:7e:6a:d0:b3:ce:e7:03:2a:
                    41:4f:21:f6:a8:86:71:35:ea:18:b8:b9:36:de:ab:
                    d8:01:18:93:16:3b:33:2c:42:c3:f6:99:cc:79:38:
                    b6:16:0d:2e:0e:d9:6c:64:30:1c:28:03:98:d2:ff:
                    62:68:f0:fe:b6:99:0b:af:18:e4:fd:21:da:d6:26:
                    99:c0:e6:e6:d5:79:7b:4e:4a:45:dd:87:84:5a:3a:
                    34:d8:e3:e4:07:40:9f:c3:30:de:c1:32:53:82:41:
                    d2:79:b1:8d:5d:ce:7b:78:64:f4:1f:e7:49:07:27:
                    b8:99:d3:93:3c:cb:04:92:9b:23:f8:bf:66:b3:32:
                    df:5c:80:ae:3e:76:bc:2b:87:41:89:b7:41:90:9e:
                    53:9f:c6:e3:53:14:54:5a:05:86:79:21:47:79:ca:
                    49:5d:8a:2c:d1:19:43:ff:27:a4:ea:0d:a7:28:81:
                    d3:22:85:c9:20:c3:cc:e8:fc:ae:18:1d:6e:d3:a3:
                    c8:55:a4:2e:26:1e:16:7f:3c:52:3f:68:7e:33:74:
                    c3:dd:a2:ec:05:2c:42:8e:54:d8:bf:05:dc:88:cf:
                    90:2b:bf:cf:4c:80:26:24:3a:12:c2:09:f4:f9:06:
                    bc:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:81:CC:04:2D:15:A1:D5:D9:6C:7B:90:E7:55:E1:60:E8:76:BB:73
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/5YHMBC0VodXZbHuQ51XhYOh2u3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.77.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:a7:96:01:59:b7:aa:ee:90:c0:57:fc:78:17:07:b0:7c:05:
         aa:29:01:51:5c:24:7b:4f:14:65:35:30:11:2c:5b:5f:48:4a:
         88:03:7f:53:2b:ae:3d:8d:2a:5b:82:8e:1d:87:a3:8b:a2:2f:
         d3:f4:98:e5:94:06:76:68:64:f2:03:42:15:9f:13:ba:2d:58:
         5e:21:54:15:0e:58:74:57:d7:0e:5d:d3:37:e2:01:fb:03:60:
         11:47:be:ad:07:b0:c2:b0:ce:50:1f:cc:ac:ef:85:55:ee:53:
         14:f1:b0:df:74:b5:d9:78:17:d8:6d:c2:98:57:ab:cd:3d:df:
         50:87:0e:36:97:54:bb:ce:db:99:ed:7d:1f:e9:3d:19:db:63:
         94:93:f1:1c:7c:6b:1d:9a:5a:46:58:29:88:d3:4b:0f:a1:b7:
         bc:3f:87:5d:e8:3c:ab:24:f7:4f:30:7b:c4:a1:fc:c3:cd:0b:
         8d:68:4d:4b:74:93:1f:a5:40:6f:68:7d:db:e4:74:9e:83:03:
         78:35:3a:0d:a6:2b:24:f0:96:07:65:92:59:2d:9c:cc:07:b1:
         ea:b1:af:2f:55:26:28:9b:75:e3:66:db:0e:94:b4:b6:76:4b:
         f0:da:65:40:e5:02:3e:3d:f8:03:bd:6c:63:52:bd:e8:20:0d:
         1c:3c:31:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2IRh3alALd3IY3VT4Nz3bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwMzE2MTAxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgxY2MwNDJkMTVhMWQ1ZDk2YzdiOTBlNzU1ZTE2MGU4NzZiYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+zwIEUpIdLR+jLIVYVS0DPIlyl/x
fmrQs87nAypBTyH2qIZxNeoYuLk23qvYARiTFjszLELD9pnMeTi2Fg0uDtlsZDAc
KAOY0v9iaPD+tpkLrxjk/SHa1iaZwObm1Xl7TkpF3YeEWjo02OPkB0CfwzDewTJT
gkHSebGNXc57eGT0H+dJBye4mdOTPMsEkpsj+L9mszLfXICuPna8K4dBibdBkJ5T
n8bjUxRUWgWGeSFHecpJXYos0RlD/yek6g2nKIHTIoXJIMPM6PyuGB1u06PIVaQu
Jh4WfzxSP2h+M3TD3aLsBSxCjlTYvwXciM+QK7/PTIAmJDoSwgn0+Qa8LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWBzAQtFaHV2Wx7kOdV4WDodrtzMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvNVlITUJDMFZvZFhaYkh1UTUxWGhZT2gydTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U0YMA0G
CSqGSIb3DQEBCwUAA4IBAQBmp5YBWbeq7pDAV/x4FwewfAWqKQFRXCR7TxRlNTAR
LFtfSEqIA39TK649jSpbgo4dh6OLoi/T9JjllAZ2aGTyA0IVnxO6LVheIVQVDlh0
V9cOXdM34gH7A2ARR76tB7DCsM5QH8ys74VV7lMU8bDfdLXZeBfYbcKYV6vNPd9Q
hw42l1S7ztuZ7X0f6T0Z22OUk/EcfGsdmlpGWCmI00sPobe8P4dd6DyrJPdPMHvE
ofzDzQuNaE1LdJMfpUBvaH3b5HSegwN4NToNpisk8JYHZZJZLZzMB7Hqsa8vVSYo
m3XjZtsOlLS2dkvw2mVA5QI+PfgDvWxjUr3oIA0cPDFH
-----END CERTIFICATE-----