Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/IR-d51vm-EzO-y0ahHT7GPsKa_s.roa
File:                     IR-d51vm-EzO-y0ahHT7GPsKa_s.roa (raw, json)
Hash identifier:          9bFsqn1B7GFofQPFT4XuTf48JjlvEIGyTh6l5dNJXig=
Subject key identifier:   21:1F:9D:E7:5B:E6:F8:4C:CE:FB:2D:1A:84:74:FB:18:FB:0A:6B:FB
Certificate issuer:       /CN=c25ed6de23b320e302888f9427723f2201f2919f
Certificate serial:       019D2980C762037E6B4AD75124AFE916630C
Authority key identifier: C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/IR-d51vm-EzO-y0ahHT7GPsKa_s.roa
Signing time:             Thu 26 Mar 2026 09:36:38 +0000
ROA not before:           Thu 26 Mar 2026 09:36:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        140.150.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:80:c7:62:03:7e:6b:4a:d7:51:24:af:e9:16:63:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25ed6de23b320e302888f9427723f2201f2919f
        Validity
            Not Before: Mar 26 09:36:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=211f9de75be6f84ccefb2d1a8474fb18fb0a6bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:90:86:99:47:cf:5c:03:4e:5a:e4:ed:84:c5:
                    8d:a7:05:f5:09:fc:59:6d:1a:4d:82:4c:36:52:1a:
                    0e:2e:5c:7c:0e:fe:63:39:49:16:cb:4a:1b:7b:04:
                    b9:95:04:ac:11:15:b3:0b:54:7f:bc:a5:39:c2:f7:
                    25:72:36:90:4a:0f:86:2e:ba:2f:b1:3c:a5:f1:35:
                    d0:76:81:78:7d:bc:cf:a5:8c:5b:50:50:7e:a2:d7:
                    16:4a:79:ce:5d:bd:49:a2:bd:f5:1e:ae:81:bb:44:
                    f5:0d:9e:2d:f4:6d:1b:7c:bc:32:b1:c1:38:09:d2:
                    de:e4:ec:6b:a7:2d:30:2d:c4:af:b9:c4:ec:5f:57:
                    99:cf:03:ad:51:87:5c:59:12:d8:aa:f7:11:1c:2e:
                    21:7b:17:70:36:ee:ea:15:3d:9f:bb:8f:48:53:14:
                    3f:75:30:f7:05:e5:a9:db:da:a0:e0:e1:96:34:24:
                    7c:f6:00:06:1a:bd:81:20:e9:ab:b2:09:11:78:af:
                    a3:29:5e:26:a8:35:ff:ec:2c:da:2a:d1:58:a7:74:
                    f0:f8:7b:3f:fe:f7:01:9c:14:57:4a:c8:21:6f:08:
                    71:82:31:18:dd:01:d8:58:8a:60:52:19:88:09:29:
                    f8:7d:68:d3:e3:84:35:01:f2:09:d7:90:c0:42:72:
                    7b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1F:9D:E7:5B:E6:F8:4C:CE:FB:2D:1A:84:74:FB:18:FB:0A:6B:FB
            X509v3 Authority Key Identifier:
                keyid:C2:5E:D6:DE:23:B3:20:E3:02:88:8F:94:27:72:3F:22:01:F2:91:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/IR-d51vm-EzO-y0ahHT7GPsKa_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fd4401-78f2-465a-9dc0-33caae0e4376/1/wl7W3iOzIOMCiI-UJ3I_IgHykZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7d:83:96:a7:d1:da:6b:26:01:03:14:f7:7a:a2:1a:39:9e:78:
         d5:c3:e5:ff:28:0f:d2:7d:dc:d2:0c:24:67:60:c2:8c:ae:79:
         ec:ba:21:1a:90:a6:9a:86:c0:4c:bb:42:02:83:16:83:52:a3:
         be:67:9c:2e:b3:10:42:20:22:c3:c6:7a:ba:64:83:fa:24:5b:
         01:fd:6b:d6:e7:6a:1f:3e:4a:8a:18:bb:23:7b:35:59:ee:fd:
         2d:b6:e5:d0:0d:0a:12:24:22:93:2d:6b:50:02:ae:35:1a:53:
         3b:23:57:c1:19:f2:38:05:ad:e4:7a:64:d0:f6:2a:66:ab:85:
         16:7f:e8:ae:f5:25:b9:7b:67:15:fa:e8:8e:60:02:44:c7:3d:
         52:f3:8c:77:81:45:06:d3:a0:cf:df:3c:ed:dc:bb:c3:de:bf:
         a9:0a:4e:ad:e3:c1:c0:7d:44:0a:b0:f1:2d:29:3a:be:4a:89:
         6a:1a:23:ea:7e:b3:90:24:0f:f0:47:fd:12:ec:5f:1b:4d:e8:
         05:44:90:e8:33:bd:d1:30:55:95:ec:71:60:cf:6a:d3:a1:99:
         7c:9c:6f:26:4a:7d:13:8a:12:7a:2e:7a:65:71:ab:53:a4:ee:
         e7:c7:a5:e2:10:6b:6e:2b:b4:93:c4:f2:e7:2b:c5:54:46:f8:
         e8:d4:cf:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pgMdiA35rStdRJK/pFmMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWVkNmRlMjNiMzIwZTMwMjg4OGY5NDI3NzIzZjIyMDFm
MjkxOWYwHhcNMjYwMzI2MDkzNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFmOWRlNzViZTZmODRjY2VmYjJkMWE4NDc0ZmIxOGZiMGE2YmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZCGmUfPXANOWuTthMWNpwX1CfxZ
bRpNgkw2UhoOLlx8Dv5jOUkWy0obewS5lQSsERWzC1R/vKU5wvclcjaQSg+GLrov
sTyl8TXQdoF4fbzPpYxbUFB+otcWSnnOXb1Jor31Hq6Bu0T1DZ4t9G0bfLwyscE4
CdLe5Oxrpy0wLcSvucTsX1eZzwOtUYdcWRLYqvcRHC4hexdwNu7qFT2fu49IUxQ/
dTD3BeWp29qg4OGWNCR89gAGGr2BIOmrsgkReK+jKV4mqDX/7CzaKtFYp3Tw+Hs/
/vcBnBRXSsghbwhxgjEY3QHYWIpgUhmICSn4fWjT44Q1AfIJ15DAQnJ7lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEfnedb5vhMzvstGoR0+xj7Cmv7MB8GA1UdIwQY
MBaAFMJe1t4jsyDjAoiPlCdyPyIB8pGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2w3VzNpT3pJT01DaUktVUozSV9JZ0h5a1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mZDQ0MDEtNzhmMi00NjVhLTlkYzAt
MzNjYWFlMGU0Mzc2LzEvSVItZDUxdm0tRXpPLXkwYWhIVDdHUHNLYV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mZDQ0MDEtNzhmMi00NjVhLTlkYzAtMzNjYWFlMGU0Mzc2
LzEvd2w3VzNpT3pJT01DaUktVUozSV9JZ0h5a1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEjJYwMA0G
CSqGSIb3DQEBCwUAA4IBAQB9g5an0dprJgEDFPd6oho5nnjVw+X/KA/SfdzSDCRn
YMKMrnnsuiEakKaahsBMu0ICgxaDUqO+Z5wusxBCICLDxnq6ZIP6JFsB/WvW52of
PkqKGLsjezVZ7v0ttuXQDQoSJCKTLWtQAq41GlM7I1fBGfI4Ba3kemTQ9ipmq4UW
f+iu9SW5e2cV+uiOYAJExz1S84x3gUUG06DP3zzt3LvD3r+pCk6t48HAfUQKsPEt
KTq+SolqGiPqfrOQJA/wR/0S7F8bTegFRJDoM73RMFWV7HFgz2rToZl8nG8mSn0T
ihJ6LnplcatTpO7nx6XiEGtuK7STxPLnK8VURvjo1M+j
-----END CERTIFICATE-----