Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/08XAlzKSYNE016X0de3V2wH0-yI.roa
File:                     08XAlzKSYNE016X0de3V2wH0-yI.roa (raw, json)
Hash identifier:          NShco3dRqa4rTDJnBirNacN88JNOj0uhfboy7wGzKZ0=
Subject key identifier:   D3:C5:C0:97:32:92:60:D1:34:D7:A5:F4:75:ED:D5:DB:01:F4:FB:22
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019E4A156768FE5636051A3378F80E482C16
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/08XAlzKSYNE016X0de3V2wH0-yI.roa
Signing time:             Thu 21 May 2026 10:29:37 +0000
ROA not before:           Thu 21 May 2026 10:29:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        79.172.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:15:67:68:fe:56:36:05:1a:33:78:f8:0e:48:2c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 21 10:29:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3c5c097329260d134d7a5f475edd5db01f4fb22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:ba:59:eb:de:6d:67:3a:19:51:3c:04:a1:
                    23:73:6d:be:44:84:c6:c1:76:ad:33:b6:be:c5:4f:
                    71:55:9f:ef:78:0b:93:30:78:49:5f:ef:f5:4e:dd:
                    c8:00:c2:f7:d6:25:b1:e2:e3:ef:a3:6b:bb:a2:2e:
                    19:80:36:10:14:69:30:da:41:5e:66:7e:ee:f7:b6:
                    29:2f:ea:b0:46:c4:f2:9f:77:f2:cb:11:2d:8e:dc:
                    19:9a:a7:c2:77:41:44:1e:b3:50:b6:e4:82:6f:b2:
                    56:8a:a6:3b:0c:14:05:13:fe:d0:fa:b2:03:db:e8:
                    22:41:88:30:d2:27:47:a9:61:80:df:72:72:aa:dd:
                    1d:54:d4:e1:96:8b:ae:c1:9c:46:33:66:84:c4:93:
                    ff:d1:c9:7a:f2:e9:1f:57:56:31:62:2c:90:f1:9b:
                    e5:32:ab:33:16:ff:d6:05:c7:80:fd:f7:d2:bd:ca:
                    91:ca:3c:16:e2:20:c0:51:4a:19:b9:f6:a1:35:f9:
                    5a:71:0c:03:e2:9d:5d:1b:51:b6:dd:92:ba:11:ae:
                    65:c3:b8:e8:aa:12:ea:cc:3a:df:0b:05:5c:9c:87:
                    ac:ae:c1:6e:61:9a:91:d7:10:86:f8:3c:5b:19:e1:
                    bd:1b:3f:0a:ce:c5:82:98:26:d1:4c:d0:64:cc:8f:
                    27:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C5:C0:97:32:92:60:D1:34:D7:A5:F4:75:ED:D5:DB:01:F4:FB:22
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/08XAlzKSYNE016X0de3V2wH0-yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:0e:21:10:e4:0c:fe:bc:3c:8b:b8:c8:7a:83:dc:72:9f:e1:
         fe:26:8d:98:81:22:2f:fa:79:bd:aa:c1:66:fb:19:10:21:94:
         9e:65:b1:fa:07:44:ea:c1:4c:85:19:aa:e7:1a:0b:ae:27:84:
         6c:d9:e6:ee:d2:ff:36:5f:3a:83:5f:88:03:e5:ad:c1:b9:97:
         fb:2e:e6:d5:fd:39:74:6f:11:09:00:33:a1:48:50:95:41:10:
         5c:bb:01:7b:6b:58:0a:8e:ab:93:29:bf:f2:0e:84:b3:d7:0c:
         65:78:ea:2c:ee:46:a6:af:df:f6:47:41:2d:83:49:7e:99:1d:
         52:b0:e9:dd:50:ad:9b:ea:5c:d1:4e:44:25:53:f3:e3:cc:9a:
         78:53:ef:97:17:b3:1b:b9:e5:07:a5:20:f5:04:11:37:7a:46:
         6f:49:98:c6:20:c0:92:35:72:76:2e:33:67:87:4d:49:6e:22:
         40:ab:84:aa:0b:e0:be:91:dd:9a:9a:59:e8:34:69:97:b6:2e:
         6b:4f:03:09:6d:f5:45:ca:33:14:05:a0:13:9a:6f:a5:ea:13:
         3b:bf:d3:ff:2a:92:3c:a4:7f:c8:3b:90:4c:98:a1:17:92:96:
         70:c6:c5:73:2e:5e:77:79:57:64:36:87:7d:91:11:f2:ea:23:
         09:fc:15:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KFWdo/lY2BRozePgOSCwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNTIxMTAyOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M1YzA5NzMyOTI2MGQxMzRkN2E1ZjQ3NWVkZDVkYjAxZjRmYjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUe6WevebWc6GVE8BKEjc22+RITG
wXatM7a+xU9xVZ/veAuTMHhJX+/1Tt3IAML31iWx4uPvo2u7oi4ZgDYQFGkw2kFe
Zn7u97YpL+qwRsTyn3fyyxEtjtwZmqfCd0FEHrNQtuSCb7JWiqY7DBQFE/7Q+rID
2+giQYgw0idHqWGA33Jyqt0dVNThlouuwZxGM2aExJP/0cl68ukfV1YxYiyQ8Zvl
MqszFv/WBceA/ffSvcqRyjwW4iDAUUoZufahNflacQwD4p1dG1G23ZK6Ea5lw7jo
qhLqzDrfCwVcnIesrsFuYZqR1xCG+DxbGeG9Gz8KzsWCmCbRTNBkzI8n6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPFwJcykmDRNNel9HXt1dsB9PsiMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMDhYQWx6S1NZTkUwMTZYMGRlM1Yyd0gwLXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6z7MA0G
CSqGSIb3DQEBCwUAA4IBAQBhDiEQ5Az+vDyLuMh6g9xyn+H+Jo2YgSIv+nm9qsFm
+xkQIZSeZbH6B0TqwUyFGarnGguuJ4Rs2ebu0v82XzqDX4gD5a3BuZf7LubV/Tl0
bxEJADOhSFCVQRBcuwF7a1gKjquTKb/yDoSz1wxleOos7kamr9/2R0Etg0l+mR1S
sOndUK2b6lzRTkQlU/PjzJp4U++XF7MbueUHpSD1BBE3ekZvSZjGIMCSNXJ2LjNn
h01JbiJAq4SqC+C+kd2amlnoNGmXti5rTwMJbfVFyjMUBaATmm+l6hM7v9P/KpI8
pH/IO5BMmKEXkpZwxsVzLl53eVdkNod9kRHy6iMJ/BU3
-----END CERTIFICATE-----