Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/DWNuRY1r8tf3Tdip4NbEEpKfawU.roa
File:                     DWNuRY1r8tf3Tdip4NbEEpKfawU.roa (raw, json)
Hash identifier:          av56Q4cIXGA49OJ7BsvLwUDroTg1do1F9K99esHPwiI=
Subject key identifier:   0D:63:6E:45:8D:6B:F2:D7:F7:4D:D8:A9:E0:D6:C4:12:92:9F:6B:05
Certificate issuer:       /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial:       019DAAE634A08B56377291BCA1231CF6122B
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/DWNuRY1r8tf3Tdip4NbEEpKfawU.roa
Signing time:             Mon 20 Apr 2026 12:38:26 +0000
ROA not before:           Mon 20 Apr 2026 12:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        159.253.164.0/24 maxlen: 24
                          159.253.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:e6:34:a0:8b:56:37:72:91:bc:a1:23:1c:f6:12:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d894365b28a082834a751a97771b791124524dec
        Validity
            Not Before: Apr 20 12:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d636e458d6bf2d7f74dd8a9e0d6c412929f6b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:be:c4:67:53:e4:fc:ed:d9:e8:6a:4d:56:84:
                    73:15:05:bf:47:6f:f5:60:c6:4b:15:a4:3c:a6:3a:
                    2c:2d:73:71:a1:f0:95:b5:67:fd:24:76:44:05:5c:
                    b9:83:cb:20:f9:be:c0:79:fc:f4:b8:f2:c7:d2:e0:
                    97:ef:b3:09:20:c4:27:27:8c:98:33:80:53:8d:e3:
                    57:a0:fd:42:08:6a:9f:ad:5f:94:de:7f:c9:ac:1b:
                    cf:06:7e:4e:55:2d:fb:90:4b:14:dd:a7:94:bb:c6:
                    6e:b6:ec:80:02:8b:85:93:48:b7:ee:ca:df:76:9b:
                    27:58:26:9a:a0:0d:1f:73:b6:a7:c7:58:c7:ef:82:
                    8d:69:b2:0f:b3:10:71:3f:84:f8:60:fa:1f:95:e1:
                    90:6d:00:bd:6b:d5:99:69:c5:57:95:2f:fc:34:ab:
                    76:4a:46:f0:6a:ec:c7:c5:97:08:3b:08:ac:f2:c9:
                    64:2f:10:d2:24:98:b8:13:5b:84:0a:27:8d:95:ac:
                    94:f4:f9:30:dd:24:5b:bf:b4:1d:11:38:2e:a9:ee:
                    3f:7e:d3:cc:5e:e4:23:d8:6e:17:50:ce:42:82:09:
                    10:fd:18:38:d7:69:f7:1b:7d:e3:ac:10:f1:22:9e:
                    18:9b:d9:1c:eb:fe:2c:ed:52:4d:95:54:d2:90:a9:
                    b1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:63:6E:45:8D:6B:F2:D7:F7:4D:D8:A9:E0:D6:C4:12:92:9F:6B:05
            X509v3 Authority Key Identifier:
                keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/DWNuRY1r8tf3Tdip4NbEEpKfawU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:20:e9:52:68:ad:ba:ad:a5:ec:07:c8:f0:57:cd:1a:61:a0:
         62:82:c1:64:76:85:56:ca:73:d0:19:46:ff:df:c4:bd:71:0b:
         df:6f:1d:49:6a:af:69:12:22:1c:b8:32:c6:fb:1d:98:fc:8e:
         3e:af:31:9f:1c:d7:11:f7:b1:c2:30:6b:05:d7:02:e5:0b:9b:
         f0:9c:c0:97:c0:8e:e0:0b:42:26:b2:d6:ce:53:cd:02:13:38:
         27:f9:81:ad:90:2f:6e:22:33:c6:63:c2:cc:ed:49:fb:39:93:
         26:bf:29:7e:92:f8:31:b1:92:e1:75:01:6d:ea:83:cf:56:62:
         46:d4:bb:ce:7f:bf:df:38:5f:36:7a:43:b1:13:35:53:4b:1f:
         65:fa:49:c9:3c:96:1e:15:08:58:08:db:e9:4d:0c:58:93:e0:
         96:4e:62:04:2b:88:c5:e4:65:bf:28:32:48:1b:26:2b:ab:65:
         53:be:0c:dd:84:65:36:43:19:88:fe:d0:03:88:dc:17:b2:91:
         6f:74:68:b4:99:9c:2c:76:fa:bd:5d:92:09:c8:18:7a:0d:6b:
         d7:2e:8a:bc:4c:c3:63:1d:9a:a8:e7:10:b2:9b:d3:15:5b:90:
         83:10:61:79:90:5e:fb:b7:2b:61:d9:3b:32:20:6e:e0:00:58:
         4f:d6:bb:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2q5jSgi1Y3cpG8oSMc9hIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjYwNDIwMTIzODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDYzNmU0NThkNmJmMmQ3Zjc0ZGQ4YTllMGQ2YzQxMjkyOWY2YjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb7EZ1Pk/O3Z6GpNVoRzFQW/R2/1
YMZLFaQ8pjosLXNxofCVtWf9JHZEBVy5g8sg+b7Aefz0uPLH0uCX77MJIMQnJ4yY
M4BTjeNXoP1CCGqfrV+U3n/JrBvPBn5OVS37kEsU3aeUu8ZutuyAAouFk0i37srf
dpsnWCaaoA0fc7anx1jH74KNabIPsxBxP4T4YPofleGQbQC9a9WZacVXlS/8NKt2
SkbwauzHxZcIOwis8slkLxDSJJi4E1uECieNlayU9Pkw3SRbv7QdETguqe4/ftPM
XuQj2G4XUM5CggkQ/Rg412n3G33jrBDxIp4Ym9kc6/4s7VJNlVTSkKmxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1jbkWNa/LX903YqeDWxBKSn2sFMB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvRFdOdVJZMXI4dGYzVGRpcDROYkVFcEtmYXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn/2kMA0G
CSqGSIb3DQEBCwUAA4IBAQAcIOlSaK26raXsB8jwV80aYaBigsFkdoVWynPQGUb/
38S9cQvfbx1Jaq9pEiIcuDLG+x2Y/I4+rzGfHNcR97HCMGsF1wLlC5vwnMCXwI7g
C0ImstbOU80CEzgn+YGtkC9uIjPGY8LM7Un7OZMmvyl+kvgxsZLhdQFt6oPPVmJG
1LvOf7/fOF82ekOxEzVTSx9l+knJPJYeFQhYCNvpTQxYk+CWTmIEK4jF5GW/KDJI
GyYrq2VTvgzdhGU2QxmI/tADiNwXspFvdGi0mZwsdvq9XZIJyBh6DWvXLoq8TMNj
HZqo5xCym9MVW5CDEGF5kF77tyth2TsyIG7gAFhP1rv4
-----END CERTIFICATE-----