Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/SoTDVF-vjEYHi67nDfcRlGbTXr0.roa
File:                     SoTDVF-vjEYHi67nDfcRlGbTXr0.roa (raw, json)
Hash identifier:          TQ9Y9JIBeUPae6BjJeYoVgEw4M6tL3rY17ZPfSth9eU=
Subject key identifier:   4A:84:C3:54:5F:AF:8C:46:07:8B:AE:E7:0D:F7:11:94:66:D3:5E:BD
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       019D34827310A4BD86EFB362C9523D38F6B4
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/SoTDVF-vjEYHi67nDfcRlGbTXr0.roa
Signing time:             Sat 28 Mar 2026 12:54:17 +0000
ROA not before:           Sat 28 Mar 2026 12:54:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207754
IP address blocks:        2a14:a900::/29 maxlen: 32
                          2a14:a900::/32 maxlen: 32
                          2a14:a900::/48 maxlen: 48
                          2a14:a900:e7f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:34:82:73:10:a4:bd:86:ef:b3:62:c9:52:3d:38:f6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Mar 28 12:54:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a84c3545faf8c46078baee70df7119466d35ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:95:39:10:83:e6:ff:e5:69:72:4d:ad:2f:79:
                    4e:fa:54:08:5d:32:fb:2b:58:ac:51:10:ea:fb:7d:
                    80:02:67:1d:62:43:1f:78:e1:10:fc:ba:75:4a:49:
                    c0:bd:f5:b2:ab:2d:ec:cd:3b:78:8b:3e:05:d5:8e:
                    67:8f:5d:30:f0:c7:5e:e9:d6:59:66:5c:c4:3d:d4:
                    41:69:d9:ea:7b:b8:26:d4:ca:59:58:85:83:cb:1a:
                    7d:20:36:a9:7d:85:1f:e5:8e:72:a8:8d:f5:1c:39:
                    30:21:6f:d5:63:b9:67:42:37:8d:06:52:54:1d:4c:
                    af:47:1d:e2:f0:3e:f3:5e:65:76:9d:d5:f6:bf:97:
                    8c:e2:77:5d:5d:bb:4b:4d:28:55:34:91:b1:df:05:
                    24:d2:3b:da:28:9c:bb:2b:6d:7d:a5:d7:0e:07:d6:
                    bb:1d:81:26:69:ca:f2:f4:4a:b0:93:2e:9b:6f:11:
                    f3:4c:b0:0a:c8:b1:a1:4a:79:a6:db:b1:e1:b6:e2:
                    1d:e3:fb:87:03:2b:66:38:c1:10:1f:2d:fd:eb:0c:
                    69:89:86:eb:e4:4a:d6:91:dc:99:b2:0b:da:c7:55:
                    aa:90:9c:2c:fa:2b:3f:92:03:82:40:79:15:a3:47:
                    52:3a:1a:d0:2c:50:6b:c2:45:20:1c:ad:96:40:e6:
                    46:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:84:C3:54:5F:AF:8C:46:07:8B:AE:E7:0D:F7:11:94:66:D3:5E:BD
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/SoTDVF-vjEYHi67nDfcRlGbTXr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:f7:7b:61:76:d5:f7:77:79:1f:22:12:d7:a0:74:40:79:f3:
         df:a9:ba:8d:6b:06:7b:80:fc:ac:45:a8:f7:b2:85:32:86:26:
         c0:1d:fa:5d:da:b1:1e:fe:e3:67:a6:04:af:04:0a:36:d8:e5:
         4b:b5:6f:78:4e:59:f2:bb:3c:ed:44:f8:8d:2e:62:6a:09:de:
         68:94:53:fa:a1:2a:7e:43:70:28:c0:0e:f3:1c:52:b4:73:46:
         f6:10:0e:96:80:bb:6c:d0:6b:a9:41:ab:50:c8:6f:cf:8f:2b:
         45:93:d4:2f:63:0f:67:1d:14:9c:8a:f9:7c:a8:90:d6:5a:82:
         5f:ce:58:fe:e2:4a:5b:ab:f3:e9:e9:c0:55:81:72:85:b8:db:
         13:7c:23:3a:b9:8f:dd:60:1a:ab:e4:7b:82:81:ba:08:90:c5:
         88:01:c7:5c:28:b2:d7:a2:f1:e0:e4:77:f3:2a:d2:ac:2a:70:
         5e:0c:d5:ec:e6:19:9a:b9:ce:d1:8b:6e:51:c5:59:22:9e:27:
         18:48:a4:0b:37:78:bc:18:56:aa:3f:41:ec:a9:d5:81:c3:a5:
         10:0b:51:8f:d1:2a:b7:d4:7f:a3:bc:68:72:2c:13:74:5a:a5:
         2e:77:95:d0:96:7e:fe:04:0e:7d:de:aa:b8:51:ec:c2:20:23:
         50:24:95:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ00gnMQpL2G77NiyVI9OPa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjYwMzI4MTI1NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg0YzM1NDVmYWY4YzQ2MDc4YmFlZTcwZGY3MTE5NDY2ZDM1ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupU5EIPm/+Vpck2tL3lO+lQIXTL7
K1isURDq+32AAmcdYkMfeOEQ/Lp1SknAvfWyqy3szTt4iz4F1Y5nj10w8Mde6dZZ
ZlzEPdRBadnqe7gm1MpZWIWDyxp9IDapfYUf5Y5yqI31HDkwIW/VY7lnQjeNBlJU
HUyvRx3i8D7zXmV2ndX2v5eM4nddXbtLTShVNJGx3wUk0jvaKJy7K219pdcOB9a7
HYEmacry9Eqwky6bbxHzTLAKyLGhSnmm27HhtuId4/uHAytmOMEQHy396wxpiYbr
5ErWkdyZsgvax1WqkJws+is/kgOCQHkVo0dSOhrQLFBrwkUgHK2WQOZGuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEqEw1Rfr4xGB4uu5w33EZRm0169MB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvU29URFZGLXZqRVlIaTY3bkRmY1JsR2JUWHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSpADAN
BgkqhkiG9w0BAQsFAAOCAQEAP/d7YXbV93d5HyIS16B0QHnz36m6jWsGe4D8rEWo
97KFMoYmwB36XdqxHv7jZ6YErwQKNtjlS7VveE5Z8rs87UT4jS5iagneaJRT+qEq
fkNwKMAO8xxStHNG9hAOloC7bNBrqUGrUMhvz48rRZPUL2MPZx0UnIr5fKiQ1lqC
X85Y/uJKW6vz6enAVYFyhbjbE3wjOrmP3WAaq+R7goG6CJDFiAHHXCiy16Lx4OR3
8yrSrCpwXgzV7OYZmrnO0YtuUcVZIp4nGEikCzd4vBhWqj9B7KnVgcOlEAtRj9Eq
t9R/o7xociwTdFqlLneV0JZ+/gQOfd6quFHswiAjUCSV/g==
-----END CERTIFICATE-----