Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IHQ60fO3PiKQ3-XtXnQ8-tKlFo4.roa
File:                     IHQ60fO3PiKQ3-XtXnQ8-tKlFo4.roa (raw, json)
Hash identifier:          VUY4u2fqVh4aaq4h0Od2hP+Dwz4kdETj3l9n1FLl2Os=
Subject key identifier:   20:74:3A:D1:F3:B7:3E:22:90:DF:E5:ED:5E:74:3C:FA:D2:A5:16:8E
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019CAD47C17B72FA3861FB6924352C314442
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IHQ60fO3PiKQ3-XtXnQ8-tKlFo4.roa
Signing time:             Mon 02 Mar 2026 06:41:26 +0000
ROA not before:           Mon 02 Mar 2026 06:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        77.246.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 15:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:47:c1:7b:72:fa:38:61:fb:69:24:35:2c:31:44:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Mar  2 06:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20743ad1f3b73e2290dfe5ed5e743cfad2a5168e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:af:7f:f8:2c:38:c5:e0:ac:02:df:e1:c4:02:
                    f4:73:6f:b3:e4:48:89:5a:5e:bc:7c:45:ca:d4:6f:
                    3c:24:50:87:df:a7:df:53:4b:39:60:b1:c0:cd:5b:
                    de:f6:f6:24:a3:69:01:5f:27:dc:d5:6b:40:ad:90:
                    ca:e1:b9:95:42:fc:13:b4:f5:76:f0:91:45:53:6e:
                    54:31:3f:12:54:ff:cd:d9:35:c0:bc:94:80:4c:27:
                    aa:df:6b:5d:ff:b9:fd:fa:cd:2f:a7:d3:68:6f:04:
                    ee:89:8d:bc:5c:e0:33:19:d0:76:fa:fd:ea:db:b8:
                    db:34:1b:97:de:43:19:33:b7:a4:f9:33:4f:d6:50:
                    d5:e2:8f:0d:ca:29:7b:02:24:86:27:15:2b:ce:d3:
                    b6:33:52:73:8a:d6:d0:9b:a2:e0:75:52:a8:9e:e1:
                    4c:f9:93:3c:7a:8c:66:07:79:fb:13:f6:e7:4c:15:
                    9e:aa:05:8b:ac:de:b4:75:20:d6:15:e5:55:ef:5c:
                    4d:9f:ca:96:d4:1b:42:d3:d7:0a:f5:1f:07:a6:17:
                    24:0e:a7:46:7e:15:de:f7:b6:49:55:1d:47:7e:34:
                    52:b0:27:e0:51:b8:47:d0:cd:89:b5:63:0a:3e:b6:
                    c7:ff:77:7f:b1:1b:16:58:28:e6:94:13:2d:02:c0:
                    24:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:74:3A:D1:F3:B7:3E:22:90:DF:E5:ED:5E:74:3C:FA:D2:A5:16:8E
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/IHQ60fO3PiKQ3-XtXnQ8-tKlFo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ec:39:82:a7:b3:3e:a2:1a:ee:10:df:65:57:80:f7:ce:09:
         ff:2b:c4:1d:7c:5c:b0:d3:ae:3e:da:54:6b:39:9f:e3:9b:e5:
         d1:e6:74:f6:c4:a3:d4:eb:97:59:58:7a:66:c1:ec:59:ec:2b:
         b5:35:93:f3:fb:ca:a5:ec:18:8e:6e:de:b6:57:bf:c2:f1:8c:
         04:90:0a:67:66:be:dd:75:1d:9c:7b:d4:04:cd:00:b3:83:f1:
         a3:c4:c7:f9:a0:59:74:be:08:c3:08:42:a6:20:e5:9a:ee:0b:
         0c:03:de:7c:84:e0:6e:87:67:68:b3:40:3e:2b:1d:13:a8:63:
         99:20:31:c3:21:0f:45:4a:43:82:69:57:f8:f7:5d:f8:94:b1:
         bd:69:03:cc:f1:0e:87:8a:c8:67:88:4d:09:33:ea:69:b8:49:
         d7:5b:e7:0d:52:8f:d6:b2:32:ba:40:fe:b9:d5:21:5e:aa:c8:
         41:ca:a5:96:7d:59:35:32:f9:20:e7:6e:e9:66:06:01:3e:79:
         ed:1b:4a:3d:fe:84:83:e0:b1:7a:4c:d2:c3:bb:02:31:dd:88:
         38:08:33:41:23:6a:b5:81:22:39:98:ee:ea:34:09:ce:53:cf:
         60:fb:b9:66:86:fc:2e:60:ec:f9:3a:c6:cf:34:4a:4c:01:ab:
         f1:1c:8b:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZytR8F7cvo4YftpJDUsMURCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwMzAyMDY0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDc0M2FkMWYzYjczZTIyOTBkZmU1ZWQ1ZTc0M2NmYWQyYTUxNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw69/+Cw4xeCsAt/hxAL0c2+z5EiJ
Wl68fEXK1G88JFCH36ffU0s5YLHAzVve9vYko2kBXyfc1WtArZDK4bmVQvwTtPV2
8JFFU25UMT8SVP/N2TXAvJSATCeq32td/7n9+s0vp9NobwTuiY28XOAzGdB2+v3q
27jbNBuX3kMZM7ek+TNP1lDV4o8Nyil7AiSGJxUrztO2M1JzitbQm6LgdVKonuFM
+ZM8eoxmB3n7E/bnTBWeqgWLrN60dSDWFeVV71xNn8qW1BtC09cK9R8HphckDqdG
fhXe97ZJVR1HfjRSsCfgUbhH0M2JtWMKPrbH/3d/sRsWWCjmlBMtAsAkMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCB0OtHztz4ikN/l7V50PPrSpRaOMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvSUhRNjBmTzNQaUtRMy1YdFhuUTgtdEtsRm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbdMA0G
CSqGSIb3DQEBCwUAA4IBAQAV7DmCp7M+ohruEN9lV4D3zgn/K8QdfFyw064+2lRr
OZ/jm+XR5nT2xKPU65dZWHpmwexZ7Cu1NZPz+8ql7BiObt62V7/C8YwEkApnZr7d
dR2ce9QEzQCzg/GjxMf5oFl0vgjDCEKmIOWa7gsMA958hOBuh2dos0A+Kx0TqGOZ
IDHDIQ9FSkOCaVf49134lLG9aQPM8Q6HishniE0JM+ppuEnXW+cNUo/WsjK6QP65
1SFeqshByqWWfVk1Mvkg527pZgYBPnntG0o9/oSD4LF6TNLDuwIx3Yg4CDNBI2q1
gSI5mO7qNAnOU89g+7lmhvwuYOz5OsbPNEpMAavxHIvj
-----END CERTIFICATE-----