Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/FsSNPUWjwDIlPVEHY__f13MutvI.roa
File:                     FsSNPUWjwDIlPVEHY__f13MutvI.roa (raw, json)
Hash identifier:          ParcKE8qGlMpeOMYcmP/zF1xOvvVsHqjFGUJ9CbIYcQ=
Subject key identifier:   16:C4:8D:3D:45:A3:C0:32:25:3D:51:07:63:FF:DF:D7:73:2E:B6:F2
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019CE410E2A66A4ECB3CB6032265BD64CCB4
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/FsSNPUWjwDIlPVEHY__f13MutvI.roa
Signing time:             Thu 12 Mar 2026 22:00:37 +0000
ROA not before:           Thu 12 Mar 2026 22:00:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214891
IP address blocks:        138.124.254.0/24 maxlen: 24
                          138.124.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e4:10:e2:a6:6a:4e:cb:3c:b6:03:22:65:bd:64:cc:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Mar 12 22:00:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16c48d3d45a3c032253d510763ffdfd7732eb6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5c:30:76:83:7d:8e:59:0b:84:ee:f5:67:f3:
                    26:cf:81:15:0b:41:b1:38:93:fd:dd:77:b7:36:ae:
                    10:86:80:92:a0:d0:b5:ff:3b:74:e6:53:31:ff:54:
                    52:66:ee:5a:56:e8:8b:7c:2c:8a:01:4a:07:59:a7:
                    8d:4f:0a:68:37:82:89:8a:7b:b0:76:22:ac:7a:eb:
                    d4:a8:c2:50:dd:97:0a:bf:95:e3:ab:83:6b:75:66:
                    bc:94:f6:84:8a:c1:93:57:82:a8:4b:8b:74:0e:6f:
                    0e:b0:c5:bc:ad:d2:b9:16:31:3e:08:4f:91:3b:f7:
                    22:53:0a:78:95:cb:b6:ee:52:4c:aa:31:92:96:e3:
                    e0:e9:e8:6d:8f:c0:f7:5b:e8:4f:da:95:1e:3a:b0:
                    8b:99:5c:d4:e3:e0:ab:a6:60:4d:67:1f:d2:57:1c:
                    d4:03:9c:2b:99:fe:9c:a1:8a:54:7d:df:6c:af:b1:
                    78:d4:06:5d:9e:c2:5e:aa:3a:ae:80:d4:46:33:cf:
                    19:37:79:a7:3a:60:d7:42:63:00:41:48:38:0a:d1:
                    1a:81:2d:85:1e:30:c0:15:2c:7d:97:93:26:38:00:
                    97:41:92:d9:62:1b:e2:e9:0d:f1:a7:c3:f1:3b:1e:
                    ca:c0:65:84:c5:31:19:a5:be:c1:f6:6a:01:26:d5:
                    6d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C4:8D:3D:45:A3:C0:32:25:3D:51:07:63:FF:DF:D7:73:2E:B6:F2
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/FsSNPUWjwDIlPVEHY__f13MutvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:6b:bb:68:35:9c:ac:29:7c:29:04:73:38:aa:26:bf:08:26:
         51:ef:4a:81:e5:40:40:57:60:00:e9:f0:7f:9e:d2:51:ee:34:
         8b:3b:0f:c7:4c:c7:84:70:0d:9f:85:5b:91:b6:2b:93:ce:fa:
         22:8f:11:89:d9:43:d1:a9:85:4f:eb:88:4e:34:b5:a4:92:a1:
         9b:ef:b9:88:ff:a7:36:d4:69:da:52:ff:ce:54:80:50:3f:65:
         d1:50:2b:52:80:89:2a:3e:e2:1e:65:02:81:9a:1e:01:a1:64:
         d9:64:5d:e3:53:bb:0d:6b:0d:2e:da:90:30:1b:b1:9c:bf:a1:
         44:44:16:88:f6:ab:37:10:7d:f1:ff:5d:e0:51:ee:49:63:d3:
         7c:8e:c1:1d:de:54:5c:40:5f:23:dc:a2:e9:ce:71:63:92:a3:
         94:bd:00:47:42:03:5c:e5:48:9b:f4:5c:9e:35:ca:52:51:25:
         95:3a:30:8d:a1:08:de:a3:05:2b:fc:80:3a:f2:bf:49:8f:09:
         2f:24:bd:62:82:e7:7e:8a:40:47:27:74:0d:56:30:8a:00:8d:
         fe:01:2e:23:1b:2b:e8:4d:b0:2a:82:27:e3:03:93:c7:73:dd:
         4d:56:f4:cf:20:b7:27:d1:20:ad:53:3b:05:99:ec:58:47:ae:
         a9:d6:d1:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzkEOKmak7LPLYDImW9ZMy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMzEyMjIwMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmM0OGQzZDQ1YTNjMDMyMjUzZDUxMDc2M2ZmZGZkNzczMmViNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFwwdoN9jlkLhO71Z/Mmz4EVC0Gx
OJP93Xe3Nq4QhoCSoNC1/zt05lMx/1RSZu5aVuiLfCyKAUoHWaeNTwpoN4KJinuw
diKseuvUqMJQ3ZcKv5Xjq4NrdWa8lPaEisGTV4KoS4t0Dm8OsMW8rdK5FjE+CE+R
O/ciUwp4lcu27lJMqjGSluPg6ehtj8D3W+hP2pUeOrCLmVzU4+CrpmBNZx/SVxzU
A5wrmf6coYpUfd9sr7F41AZdnsJeqjqugNRGM88ZN3mnOmDXQmMAQUg4CtEagS2F
HjDAFSx9l5MmOACXQZLZYhvi6Q3xp8PxOx7KwGWExTEZpb7B9moBJtVtTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbEjT1Fo8AyJT1RB2P/39dzLrbyMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvRnNTTlBVV2p3RElsUFZFSFlfX2YxM011dHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBinz+MA0G
CSqGSIb3DQEBCwUAA4IBAQBla7toNZysKXwpBHM4qia/CCZR70qB5UBAV2AA6fB/
ntJR7jSLOw/HTMeEcA2fhVuRtiuTzvoijxGJ2UPRqYVP64hONLWkkqGb77mI/6c2
1GnaUv/OVIBQP2XRUCtSgIkqPuIeZQKBmh4BoWTZZF3jU7sNaw0u2pAwG7Gcv6FE
RBaI9qs3EH3x/13gUe5JY9N8jsEd3lRcQF8j3KLpznFjkqOUvQBHQgNc5Uib9Fye
NcpSUSWVOjCNoQjeowUr/IA68r9JjwkvJL1igud+ikBHJ3QNVjCKAI3+AS4jGyvo
TbAqgifjA5PHc91NVvTPILcn0SCtUzsFmexYR66p1tHQ
-----END CERTIFICATE-----