Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1zTCfwCey7OcXXqpOW6RC-tfiQI.roa
File:                     1zTCfwCey7OcXXqpOW6RC-tfiQI.roa (raw, json)
Hash identifier:          FxC+QQ7hlJ5v53yA52kym9W6G9OMR5/nt99C3xRlD1Q=
Subject key identifier:   D7:34:C2:7F:00:9E:CB:B3:9C:5D:7A:A9:39:6E:91:0B:EB:5F:89:02
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019CBD8E528B3BE59A45BD8A6009E76F67C1
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1zTCfwCey7OcXXqpOW6RC-tfiQI.roa
Signing time:             Thu 05 Mar 2026 10:32:26 +0000
ROA not before:           Thu 05 Mar 2026 10:32:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32693
IP address blocks:        5.172.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:8e:52:8b:3b:e5:9a:45:bd:8a:60:09:e7:6f:67:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Mar  5 10:32:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d734c27f009ecbb39c5d7aa9396e910beb5f8902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9f:cb:fe:c0:26:79:45:de:c3:a8:aa:b1:6d:
                    60:62:a9:13:f1:c4:c4:a6:a0:29:bc:24:2b:7d:da:
                    11:91:91:30:2b:5e:86:0b:7e:c1:ed:76:a6:3e:43:
                    23:f2:5e:43:45:9c:c8:a2:fe:a1:f0:67:be:38:bb:
                    53:4a:ee:36:f2:ef:57:86:98:25:57:f2:b7:6a:15:
                    b0:87:ad:ee:1e:c6:dc:09:c1:d3:7c:66:ff:61:14:
                    f4:03:c1:a6:bc:a9:4e:2e:bb:a4:26:f2:76:9e:be:
                    28:25:2c:90:e9:c1:da:44:5f:8d:69:9a:33:20:cd:
                    8b:2e:7f:c1:6c:8d:15:5d:e6:db:95:36:50:ff:93:
                    aa:25:ac:f8:25:ae:dd:f1:09:fc:1d:7f:6b:5c:dc:
                    bf:c2:f3:dd:9c:d3:e3:f8:35:bc:fe:98:61:38:cf:
                    92:77:ae:24:1a:b4:a4:6b:69:2a:e9:a9:9a:d3:4d:
                    a1:cf:81:42:f9:4f:fd:e5:31:ab:a7:5e:19:84:24:
                    18:33:82:9a:f9:c8:e6:79:29:2a:96:4b:af:87:5f:
                    69:7f:ad:cd:b3:3f:ad:f2:07:8a:8c:8c:dd:70:35:
                    d2:bf:4c:e6:68:65:ba:83:5e:2f:9c:6e:f5:cf:2f:
                    ff:e9:28:a4:ac:0d:b6:20:38:7e:9a:83:a0:78:a5:
                    b5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:34:C2:7F:00:9E:CB:B3:9C:5D:7A:A9:39:6E:91:0B:EB:5F:89:02
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1zTCfwCey7OcXXqpOW6RC-tfiQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:64:4e:85:f4:40:3d:a3:77:b5:89:1c:7b:c1:0c:3c:a9:42:
         9e:8b:e5:20:92:dc:2f:28:a1:be:b9:8b:f4:0b:77:78:13:b2:
         c1:ea:a5:7e:73:fb:d7:d2:06:d4:db:88:02:be:09:b3:18:72:
         d3:16:ce:f4:ec:fa:fd:f0:85:c5:42:b0:10:4c:72:1e:59:43:
         51:29:a1:68:c3:1f:2b:78:80:05:eb:52:0e:b0:36:db:2e:46:
         df:44:da:80:44:b3:58:51:6c:0b:85:44:10:52:5a:3d:89:a3:
         3f:f2:9e:80:af:d9:92:ff:4b:75:18:7e:c6:c7:43:34:35:84:
         3f:42:5d:52:20:37:6e:8e:20:23:5c:54:0c:23:50:90:59:28:
         2b:81:75:e1:23:fb:fa:a0:86:d5:28:86:43:e0:54:72:86:47:
         bc:9d:64:bf:e0:f1:04:8e:1b:4a:8e:3c:6b:7c:fd:3c:aa:93:
         9e:ca:78:b0:9a:10:1b:d6:19:45:c8:40:7a:5b:7e:8a:d1:30:
         22:ce:95:2f:5b:62:af:25:f2:2a:e3:b8:da:3c:1a:9e:a8:32:
         89:dd:cc:d9:0e:c5:21:72:20:e4:87:9b:53:a7:fb:9e:2d:70:
         6a:b7:b0:3e:0b:50:0c:f4:b3:69:29:93:3c:08:30:0e:55:5b:
         96:86:3c:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9jlKLO+WaRb2KYAnnb2fBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMzA1MTAzMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM0YzI3ZjAwOWVjYmIzOWM1ZDdhYTkzOTZlOTEwYmViNWY4OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ/L/sAmeUXew6iqsW1gYqkT8cTE
pqApvCQrfdoRkZEwK16GC37B7XamPkMj8l5DRZzIov6h8Ge+OLtTSu428u9Xhpgl
V/K3ahWwh63uHsbcCcHTfGb/YRT0A8GmvKlOLrukJvJ2nr4oJSyQ6cHaRF+NaZoz
IM2LLn/BbI0VXebblTZQ/5OqJaz4Ja7d8Qn8HX9rXNy/wvPdnNPj+DW8/phhOM+S
d64kGrSka2kq6ama002hz4FC+U/95TGrp14ZhCQYM4Ka+cjmeSkqlkuvh19pf63N
sz+t8geKjIzdcDXSv0zmaGW6g14vnG71zy//6SikrA22IDh+moOgeKW1hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNc0wn8AnsuznF16qTlukQvrX4kCMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvMXpUQ2Z3Q2V5N09jWFhxcE9XNlJDLXRmaVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABawlMA0G
CSqGSIb3DQEBCwUAA4IBAQABZE6F9EA9o3e1iRx7wQw8qUKei+UgktwvKKG+uYv0
C3d4E7LB6qV+c/vX0gbU24gCvgmzGHLTFs707Pr98IXFQrAQTHIeWUNRKaFowx8r
eIAF61IOsDbbLkbfRNqARLNYUWwLhUQQUlo9iaM/8p6Ar9mS/0t1GH7Gx0M0NYQ/
Ql1SIDdujiAjXFQMI1CQWSgrgXXhI/v6oIbVKIZD4FRyhke8nWS/4PEEjhtKjjxr
fP08qpOeyniwmhAb1hlFyEB6W36K0TAizpUvW2KvJfIq47jaPBqeqDKJ3czZDsUh
ciDkh5tTp/ueLXBqt7A+C1AM9LNpKZM8CDAOVVuWhjxj
-----END CERTIFICATE-----