Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3L7x9MX5-S4PN1PZE2Zr4P6Pzrs.roa
File:                     3L7x9MX5-S4PN1PZE2Zr4P6Pzrs.roa (raw, json)
Hash identifier:          QvwKopx4w426q5M2HiBqTEs5qxm6QtQVTUrEwBKO1t8=
Subject key identifier:   DC:BE:F1:F4:C5:F9:F9:2E:0F:37:53:D9:13:66:6B:E0:FE:8F:CE:BB
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019D28FB1D834B41D731A0A908A886903C1E
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3L7x9MX5-S4PN1PZE2Zr4P6Pzrs.roa
Signing time:             Thu 26 Mar 2026 07:10:38 +0000
ROA not before:           Thu 26 Mar 2026 07:10:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        79.172.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:fb:1d:83:4b:41:d7:31:a0:a9:08:a8:86:90:3c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Mar 26 07:10:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcbef1f4c5f9f92e0f3753d913666be0fe8fcebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4a:e6:dc:3b:9e:26:f9:ce:b4:12:20:4b:d8:
                    7e:ec:c0:6a:63:d1:ba:3a:d0:b9:66:7f:a6:32:16:
                    30:95:6a:28:ae:25:90:51:28:93:07:f3:cb:cb:be:
                    a3:ee:c3:05:a2:58:02:11:7d:c2:52:0a:af:92:e0:
                    38:36:25:26:da:12:30:11:0c:18:8f:f7:ed:29:6f:
                    3b:f7:15:6b:55:69:e4:0e:5c:c7:91:a8:8e:8c:24:
                    11:19:a4:fe:51:b0:a4:d4:79:63:0a:1a:ee:ac:9f:
                    ef:97:9c:c8:ff:a8:31:a9:64:6b:6f:53:06:7c:2d:
                    96:b7:b7:33:98:0f:c1:b4:22:ad:5a:93:05:7e:5b:
                    cf:3c:b6:26:31:13:79:f3:7a:ca:02:56:a5:6f:5b:
                    28:f4:9a:4f:74:dd:f7:16:4f:6b:c3:a2:a0:b7:c7:
                    8d:f1:fb:55:27:cf:4b:ce:85:7d:76:34:42:ec:98:
                    87:31:71:22:9a:80:12:d7:a7:0e:24:8c:08:ab:2e:
                    65:28:bc:02:8c:e0:19:40:73:1a:5d:d5:d7:3a:c9:
                    42:a7:cd:e6:a1:ad:1e:8a:90:4e:15:5d:ca:a7:a7:
                    dc:87:8d:88:cc:b3:81:72:4a:d9:41:62:e6:bb:b1:
                    06:0f:ab:5b:e9:17:42:d6:45:04:66:ee:f9:0b:3a:
                    86:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BE:F1:F4:C5:F9:F9:2E:0F:37:53:D9:13:66:6B:E0:FE:8F:CE:BB
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3L7x9MX5-S4PN1PZE2Zr4P6Pzrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:59:ab:b0:21:26:37:15:ed:a3:4a:ab:e2:49:4c:8b:1b:91:
         d5:75:d0:d5:1b:6d:e0:09:4f:d2:e9:1f:fb:33:1d:3c:3d:1b:
         91:c8:05:f2:da:0b:51:87:8e:76:23:61:7f:60:9b:70:e6:3f:
         19:fa:63:79:4d:4c:19:3d:ff:d0:88:94:f9:14:f6:26:58:f7:
         16:9d:23:0c:cf:89:bc:cd:41:c6:62:cd:55:dc:76:82:e9:1f:
         b4:29:fe:bd:ac:97:76:47:68:b3:d8:bd:c8:56:bc:d1:d1:c7:
         14:b0:29:06:0a:44:41:fc:99:64:7a:3c:b5:63:09:00:56:52:
         8f:83:f6:fa:3f:0f:e2:08:61:dc:22:13:73:ce:03:47:d8:c8:
         43:55:6a:78:3e:48:ba:df:92:43:fb:7b:e6:d2:fa:5b:95:92:
         8b:f4:da:d7:94:36:0c:01:79:27:86:f4:84:8b:36:53:72:7b:
         3f:1c:88:7d:a8:67:3e:2e:37:51:c8:d9:3b:07:a1:b6:8d:00:
         50:ed:7a:58:7e:5b:de:5e:56:b3:8b:cd:17:83:1b:b3:96:78:
         9d:a0:fc:cd:2f:e4:7a:81:06:4f:c4:64:02:94:9a:75:1a:dd:
         80:c4:38:f6:e4:d8:0b:a4:b3:36:1b:d5:68:b8:5e:62:1a:b2:
         61:43:14:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0o+x2DS0HXMaCpCKiGkDweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMzI2MDcxMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JlZjFmNGM1ZjlmOTJlMGYzNzUzZDkxMzY2NmJlMGZlOGZjZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiErm3DueJvnOtBIgS9h+7MBqY9G6
OtC5Zn+mMhYwlWooriWQUSiTB/PLy76j7sMFolgCEX3CUgqvkuA4NiUm2hIwEQwY
j/ftKW879xVrVWnkDlzHkaiOjCQRGaT+UbCk1HljChrurJ/vl5zI/6gxqWRrb1MG
fC2Wt7czmA/BtCKtWpMFflvPPLYmMRN583rKAlalb1so9JpPdN33Fk9rw6Kgt8eN
8ftVJ89LzoV9djRC7JiHMXEimoAS16cOJIwIqy5lKLwCjOAZQHMaXdXXOslCp83m
oa0eipBOFV3Kp6fch42IzLOBckrZQWLmu7EGD6tb6RdC1kUEZu75CzqG1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNy+8fTF+fkuDzdT2RNma+D+j867MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvM0w3eDlNWDUtUzRQTjFQWkUyWnI0UDZQenJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zIMA0G
CSqGSIb3DQEBCwUAA4IBAQAhWauwISY3Fe2jSqviSUyLG5HVddDVG23gCU/S6R/7
Mx08PRuRyAXy2gtRh452I2F/YJtw5j8Z+mN5TUwZPf/QiJT5FPYmWPcWnSMMz4m8
zUHGYs1V3HaC6R+0Kf69rJd2R2iz2L3IVrzR0ccUsCkGCkRB/Jlkejy1YwkAVlKP
g/b6Pw/iCGHcIhNzzgNH2MhDVWp4Pki635JD+3vm0vpblZKL9NrXlDYMAXknhvSE
izZTcns/HIh9qGc+LjdRyNk7B6G2jQBQ7XpYflveXlazi80XgxuzlnidoPzNL+R6
gQZPxGQClJp1Gt2AxDj25NgLpLM2G9VouF5iGrJhQxR5
-----END CERTIFICATE-----