Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/6B4kFs8m6XNqOOXEEwtoCnODGNs.roa
File:                     6B4kFs8m6XNqOOXEEwtoCnODGNs.roa (raw, json)
Hash identifier:          ii2wo/z5TVJ2lcGEsUjXOcj+E4rGSY8QRKqGHtg/05U=
Subject key identifier:   E8:1E:24:16:CF:26:E9:73:6A:38:E5:C4:13:0B:68:0A:73:83:18:DB
Certificate issuer:       /CN=729ca63e6d2b504449217dc0788c9d37489b4c45
Certificate serial:       019D5EE651C878BBB032EE03701AC59E5026
Authority key identifier: 72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/6B4kFs8m6XNqOOXEEwtoCnODGNs.roa
Signing time:             Sun 05 Apr 2026 18:27:25 +0000
ROA not before:           Sun 05 Apr 2026 18:27:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        212.108.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 14:30:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:e6:51:c8:78:bb:b0:32:ee:03:70:1a:c5:9e:50:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729ca63e6d2b504449217dc0788c9d37489b4c45
        Validity
            Not Before: Apr  5 18:27:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e81e2416cf26e9736a38e5c4130b680a738318db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:56:89:99:79:75:d8:57:f4:01:2d:a5:36:3a:
                    8e:8e:a7:c0:22:f5:4e:f0:14:43:a7:09:e5:a9:38:
                    a9:76:f3:e1:e3:2d:fe:1b:39:ce:ca:2c:97:6c:7a:
                    cc:64:8a:59:10:ee:a6:38:3d:25:23:8a:33:e2:47:
                    6c:d6:bd:99:97:42:1a:78:d6:2b:78:02:c4:91:c1:
                    a8:42:9e:6a:7e:3a:75:05:69:6e:ae:cd:1e:fc:bb:
                    c8:89:41:72:82:12:a8:98:92:0f:cf:c5:9f:83:a9:
                    d1:58:c1:15:33:00:60:a2:9d:b6:25:93:e6:c7:8f:
                    dc:80:69:94:e1:e8:fe:bc:56:f9:13:02:e0:08:77:
                    c8:88:d8:46:2a:49:40:af:38:99:36:03:40:ba:10:
                    70:65:17:33:f1:c6:86:45:bb:a7:31:af:0d:7a:8a:
                    36:59:39:58:a5:22:e5:33:6a:4d:85:23:dc:0b:1c:
                    98:ea:e0:47:f5:30:e2:63:27:16:9e:f6:3a:8a:84:
                    ad:ac:30:f2:a6:0f:cc:6e:da:24:4c:87:de:2b:36:
                    c1:10:06:62:d3:50:c6:17:23:42:c2:4c:a2:a9:b0:
                    f3:36:f6:15:e5:f8:7b:5d:70:9f:0b:a6:2e:f4:b3:
                    e6:95:64:3c:5c:7e:f6:b8:6c:c0:f4:fd:52:d9:05:
                    2e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:1E:24:16:CF:26:E9:73:6A:38:E5:C4:13:0B:68:0A:73:83:18:DB
            X509v3 Authority Key Identifier:
                keyid:72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/6B4kFs8m6XNqOOXEEwtoCnODGNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:71:32:33:37:c3:41:42:52:69:6a:aa:0d:11:fd:40:90:1a:
         26:23:1f:f9:3b:ed:40:c7:06:1f:22:b3:5f:ee:23:de:bb:23:
         11:0a:01:95:6d:03:bd:c1:e1:0e:f4:b8:b9:0f:1f:db:79:19:
         c8:6c:59:88:2d:47:aa:07:da:c4:68:49:66:f7:3e:5d:aa:53:
         9c:f3:97:8b:ca:9d:26:5f:25:f2:bd:21:19:19:9d:97:53:14:
         e2:32:ed:2e:dc:44:b1:18:22:f9:c5:30:f8:19:bc:83:8c:92:
         64:63:7b:f6:76:ea:73:f0:a9:84:35:05:77:b0:d9:2d:e3:5f:
         b5:8b:5a:7e:fe:58:ca:b9:68:7e:51:06:3c:8b:a7:45:33:06:
         58:80:f3:7f:26:e5:07:d9:f5:ab:67:f9:bc:18:6a:7f:e1:f5:
         a6:6b:e3:06:9c:b2:4c:f5:9c:9c:15:ae:a1:f4:47:75:af:be:
         b8:a6:1e:ab:cc:fd:7b:59:1b:86:12:71:35:75:a2:dd:f3:9e:
         99:1a:fa:62:48:ed:ee:d7:8d:01:24:38:11:fc:12:77:0f:e4:
         9f:10:61:ef:9c:8f:a7:50:55:dc:75:19:17:56:da:70:48:4e:
         45:a8:af:aa:9b:04:2e:b6:b2:ac:0d:00:59:ba:88:87:a1:c5:
         fb:65:0a:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1e5lHIeLuwMu4DcBrFnlAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWNhNjNlNmQyYjUwNDQ0OTIxN2RjMDc4OGM5ZDM3NDg5
YjRjNDUwHhcNMjYwNDA1MTgyNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODFlMjQxNmNmMjZlOTczNmEzOGU1YzQxMzBiNjgwYTczODMxOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VaJmXl12Ff0AS2lNjqOjqfAIvVO
8BRDpwnlqTipdvPh4y3+GznOyiyXbHrMZIpZEO6mOD0lI4oz4kds1r2Zl0IaeNYr
eALEkcGoQp5qfjp1BWlurs0e/LvIiUFyghKomJIPz8Wfg6nRWMEVMwBgop22JZPm
x4/cgGmU4ej+vFb5EwLgCHfIiNhGKklArziZNgNAuhBwZRcz8caGRbunMa8Neoo2
WTlYpSLlM2pNhSPcCxyY6uBH9TDiYycWnvY6ioStrDDypg/MbtokTIfeKzbBEAZi
01DGFyNCwkyiqbDzNvYV5fh7XXCfC6Yu9LPmlWQ8XH72uGzA9P1S2QUutQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgeJBbPJulzajjlxBMLaApzgxjbMB8GA1UdIwQY
MBaAFHKcpj5tK1BESSF9wHiMnTdIm0xFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2Ut
NTU5ZTNkNzZjNWI2LzEvNkI0a0ZzOG02WE5xT09YRUV3dG9Dbk9ER05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2UtNTU5ZTNkNzZjNWI2
LzEvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxiMA0G
CSqGSIb3DQEBCwUAA4IBAQCPcTIzN8NBQlJpaqoNEf1AkBomIx/5O+1AxwYfIrNf
7iPeuyMRCgGVbQO9weEO9Li5Dx/beRnIbFmILUeqB9rEaElm9z5dqlOc85eLyp0m
XyXyvSEZGZ2XUxTiMu0u3ESxGCL5xTD4GbyDjJJkY3v2dupz8KmENQV3sNkt41+1
i1p+/ljKuWh+UQY8i6dFMwZYgPN/JuUH2fWrZ/m8GGp/4fWma+MGnLJM9ZycFa6h
9Ed1r764ph6rzP17WRuGEnE1daLd856ZGvpiSO3u140BJDgR/BJ3D+SfEGHvnI+n
UFXcdRkXVtpwSE5FqK+qmwQutrKsDQBZuoiHocX7ZQqo
-----END CERTIFICATE-----