Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b23fAPd7Ap7Sc5q28rHcvOTi3BE.roa
File:                     b23fAPd7Ap7Sc5q28rHcvOTi3BE.roa (raw, json)
Hash identifier:          0sMgcZHUeGQg6Q2efrmrk6bTNAnPAkojPNM2iAkGivo=
Subject key identifier:   6F:6D:DF:00:F7:7B:02:9E:D2:73:9A:B6:F2:B1:DC:BC:E4:E2:DC:11
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019CB57B10901A84EE3F71D9C97ECEF8CFE6
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b23fAPd7Ap7Sc5q28rHcvOTi3BE.roa
Signing time:             Tue 03 Mar 2026 20:54:27 +0000
ROA not before:           Tue 03 Mar 2026 20:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206604
IP address blocks:        2a0d:d940:2005::/48 maxlen: 48
                          2a0d:d940:2007::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:7b:10:90:1a:84:ee:3f:71:d9:c9:7e:ce:f8:cf:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar  3 20:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f6ddf00f77b029ed2739ab6f2b1dcbce4e2dc11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:56:60:d8:00:2d:6f:ad:1f:75:10:9b:f5:00:
                    7d:e8:b0:d9:05:63:7e:f2:97:22:4e:10:87:3d:50:
                    d1:eb:a2:2e:40:55:bd:5b:94:19:47:80:8a:3e:3c:
                    37:ea:44:68:64:32:61:5e:e9:92:5d:58:96:03:cb:
                    a6:43:71:04:f0:3e:f1:bb:da:34:0d:49:1a:16:57:
                    4a:e2:55:2c:cb:82:59:b8:45:5b:da:8b:d0:db:46:
                    7e:86:87:8f:b5:b6:aa:f0:aa:7d:f9:d8:1f:46:4f:
                    c8:d4:32:2a:b5:5a:89:1a:79:bd:e6:ca:5a:bc:63:
                    2b:97:b2:4c:21:e1:5f:f1:eb:89:0a:5e:90:e2:f6:
                    0e:3f:70:f0:8f:bc:ac:39:58:b1:83:0c:14:2e:c1:
                    dc:dd:eb:b9:e6:17:39:5b:c5:91:47:ef:d9:3a:50:
                    d6:e3:fe:44:64:2b:e5:f3:8b:9f:16:7d:47:59:6d:
                    58:bc:7e:26:99:67:55:a8:6a:80:3d:54:7c:b5:31:
                    e9:8d:34:f9:4c:f0:fe:a8:6d:30:3d:b1:09:12:55:
                    99:a1:44:f9:e4:16:41:0a:41:4e:4f:7b:b1:41:94:
                    53:e4:87:59:7a:94:84:66:3a:17:22:fa:b6:29:a7:
                    4c:25:6a:9a:01:99:a4:15:18:50:7d:e4:bc:91:5e:
                    00:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6D:DF:00:F7:7B:02:9E:D2:73:9A:B6:F2:B1:DC:BC:E4:E2:DC:11
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b23fAPd7Ap7Sc5q28rHcvOTi3BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2005::/48
                  2a0d:d940:2007::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:cc:9c:72:a5:ea:68:35:91:13:3f:82:9b:53:81:75:eb:d2:
         d2:45:6b:b8:0d:c4:88:0d:12:9c:ff:a2:17:63:47:6f:7e:bf:
         97:50:66:58:0a:a2:8a:ac:ae:c8:3d:ea:6f:26:fd:c7:65:c9:
         d9:1d:d9:d2:e0:1a:d8:c2:1d:84:f7:fd:88:1b:b8:85:39:54:
         23:bf:6e:9a:09:bc:75:6f:10:29:72:06:e1:32:cc:fb:d9:58:
         07:36:36:4c:34:65:2f:cd:94:32:db:b5:ce:a0:e8:9c:53:75:
         fd:b4:29:5c:3a:64:24:2d:a8:34:97:6f:73:ff:48:4e:d4:d0:
         75:66:0a:83:3c:6f:cc:f9:9c:a5:5f:9f:0b:3f:fb:c9:05:32:
         3e:6d:60:86:f3:1f:a2:e5:a8:a0:ca:e7:bd:27:1f:5d:13:f4:
         ba:34:0a:20:36:1c:e7:7e:db:08:88:1d:5d:53:dd:f8:30:ab:
         fc:50:05:86:96:24:54:56:1c:e5:82:b8:90:42:58:7b:d6:77:
         ff:b1:d8:c4:06:5f:32:34:a5:32:18:2b:88:34:c7:a3:04:2d:
         2d:ca:57:9d:78:0a:7c:a2:4b:63:fc:1c:4e:c9:ec:7e:16:17:
         89:17:9a:93:82:c1:0c:82:6a:bc:f9:ad:95:44:9b:fe:ef:aa:
         d7:a2:4c:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy1exCQGoTuP3HZyX7O+M/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzAzMjA1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZkZGYwMGY3N2IwMjllZDI3MzlhYjZmMmIxZGNiY2U0ZTJkYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlZg2AAtb60fdRCb9QB96LDZBWN+
8pciThCHPVDR66IuQFW9W5QZR4CKPjw36kRoZDJhXumSXViWA8umQ3EE8D7xu9o0
DUkaFldK4lUsy4JZuEVb2ovQ20Z+hoePtbaq8Kp9+dgfRk/I1DIqtVqJGnm95spa
vGMrl7JMIeFf8euJCl6Q4vYOP3Dwj7ysOVixgwwULsHc3eu55hc5W8WRR+/ZOlDW
4/5EZCvl84ufFn1HWW1YvH4mmWdVqGqAPVR8tTHpjTT5TPD+qG0wPbEJElWZoUT5
5BZBCkFOT3uxQZRT5IdZepSEZjoXIvq2KadMJWqaAZmkFRhQfeS8kV4ADQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG9t3wD3ewKe0nOatvKx3Lzk4twRMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvYjIzZkFQZDdBcDdTYzVxMjhySGN2T1RpM0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQCAF
AwcAKg3ZQCAHMA0GCSqGSIb3DQEBCwUAA4IBAQCxzJxypepoNZETP4KbU4F169LS
RWu4DcSIDRKc/6IXY0dvfr+XUGZYCqKKrK7IPepvJv3HZcnZHdnS4BrYwh2E9/2I
G7iFOVQjv26aCbx1bxApcgbhMsz72VgHNjZMNGUvzZQy27XOoOicU3X9tClcOmQk
Lag0l29z/0hO1NB1ZgqDPG/M+ZylX58LP/vJBTI+bWCG8x+i5aigyue9Jx9dE/S6
NAogNhznftsIiB1dU934MKv8UAWGliRUVhzlgriQQlh71nf/sdjEBl8yNKUyGCuI
NMejBC0tyledeAp8oktj/BxOyex+FheJF5qTgsEMgmq8+a2VRJv+76rXokxR
-----END CERTIFICATE-----