Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NOlWV4yi2GQXYgn32dj0jgB7998.roa
File:                     NOlWV4yi2GQXYgn32dj0jgB7998.roa (raw, json)
Hash identifier:          +A9OKzXSboj7UImlB43KMIhbrm8rtlIhNas4YNf19W8=
Subject key identifier:   34:E9:56:57:8C:A2:D8:64:17:62:09:F7:D9:D8:F4:8E:00:7B:F7:DF
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019EA698C64B1DA0B97C391D4D0567CB1D07
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NOlWV4yi2GQXYgn32dj0jgB7998.roa
Signing time:             Mon 08 Jun 2026 09:38:10 +0000
ROA not before:           Mon 08 Jun 2026 09:38:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216215
IP address blocks:        2a05:9a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:98:c6:4b:1d:a0:b9:7c:39:1d:4d:05:67:cb:1d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun  8 09:38:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34e956578ca2d864176209f7d9d8f48e007bf7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:88:c0:69:64:2e:68:cd:26:83:7b:54:4d:
                    d1:9b:1f:73:8d:a0:c2:35:1c:f1:06:20:67:7d:ad:
                    dd:b6:60:23:2e:71:51:0b:aa:64:50:90:db:94:92:
                    75:b8:46:a3:fd:38:d8:bd:94:b9:c2:98:aa:24:76:
                    74:f5:a2:0b:fc:22:ae:d8:1f:aa:6b:a8:ca:4d:2c:
                    04:6d:63:69:aa:a9:3d:e1:0c:e1:4d:ef:96:9b:2f:
                    76:c2:1e:97:97:d1:67:23:5b:6f:40:db:28:1a:31:
                    ad:c9:07:27:7a:f8:e2:3a:5a:bc:20:82:30:c7:4f:
                    c3:5e:6f:9d:1b:16:91:94:93:89:c2:75:c0:e2:69:
                    cf:40:2b:c6:0c:4d:57:a7:ce:5b:14:20:a9:89:58:
                    52:99:d4:26:67:85:ca:a6:39:52:bb:ca:50:da:e0:
                    fe:97:a4:07:f4:9e:ce:7a:21:4b:c1:4a:ea:6a:6e:
                    c4:38:3b:33:db:00:66:7b:27:c1:b4:c4:7c:d5:4f:
                    10:62:34:a6:3a:34:e6:a9:ef:28:d0:1d:35:17:df:
                    9e:33:ed:5e:3d:e0:54:76:e2:21:e9:df:c6:2e:9b:
                    cd:08:9b:84:16:79:c9:70:26:36:2d:ef:19:23:96:
                    df:94:c7:3b:31:f9:29:0f:41:d9:86:85:e4:e9:8f:
                    41:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E9:56:57:8C:A2:D8:64:17:62:09:F7:D9:D8:F4:8E:00:7B:F7:DF
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NOlWV4yi2GQXYgn32dj0jgB7998.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:23:35:09:97:95:40:9d:c0:42:8a:f7:0f:e7:3a:4b:c7:dd:
         23:66:b6:43:83:76:cb:e8:82:a8:d4:45:10:8f:84:be:c4:4b:
         61:ac:d1:61:2c:52:dd:3c:33:6f:a3:33:2b:ce:29:e5:d6:49:
         9b:85:03:b8:fd:75:60:b0:7b:f1:3e:d8:c6:3d:c7:c1:b0:e3:
         d2:47:08:1f:e9:e4:03:25:e6:1b:a2:3b:b2:1d:7d:04:26:7f:
         31:23:8e:5f:12:b8:32:29:24:5a:e3:4a:c4:b3:d6:73:f8:0b:
         3c:3a:92:05:2e:ee:31:00:b4:c4:6a:56:96:61:b8:d8:df:35:
         75:d6:d5:97:89:ba:b2:88:e3:1d:b8:3c:e6:f4:bf:5c:b7:1f:
         ed:df:46:96:c9:ee:95:c6:2b:ab:81:62:0c:26:1a:96:41:34:
         02:df:cc:47:0b:a7:c7:8a:ad:8b:48:3e:c5:be:ee:c3:90:aa:
         80:9d:02:79:00:c6:5c:d5:2f:28:5e:e2:52:58:85:d5:32:5e:
         db:1d:61:59:52:d3:c7:a5:96:f1:77:ba:82:93:3d:97:4d:8e:
         9f:d2:fb:da:de:65:61:44:14:b3:27:5d:63:8b:c0:61:5c:e7:
         3a:eb:cf:ab:b8:f3:c8:fc:37:74:07:8e:ad:90:47:36:e3:af:
         98:19:71:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6mmMZLHaC5fDkdTQVnyx0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjA4MDkzODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU5NTY1NzhjYTJkODY0MTc2MjA5ZjdkOWQ4ZjQ4ZTAwN2JmN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW2IwGlkLmjNJoN7VE3Rmx9zjaDC
NRzxBiBnfa3dtmAjLnFRC6pkUJDblJJ1uEaj/TjYvZS5wpiqJHZ09aIL/CKu2B+q
a6jKTSwEbWNpqqk94QzhTe+Wmy92wh6Xl9FnI1tvQNsoGjGtyQcnevjiOlq8IIIw
x0/DXm+dGxaRlJOJwnXA4mnPQCvGDE1Xp85bFCCpiVhSmdQmZ4XKpjlSu8pQ2uD+
l6QH9J7OeiFLwUrqam7EODsz2wBmeyfBtMR81U8QYjSmOjTmqe8o0B01F9+eM+1e
PeBUduIh6d/GLpvNCJuEFnnJcCY2Le8ZI5bflMc7MfkpD0HZhoXk6Y9BXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDTpVleMothkF2IJ99nY9I4Ae/ffMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTk9sV1Y0eWkyR1FYWWduMzJkajBqZ0I3OTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWaQDAN
BgkqhkiG9w0BAQsFAAOCAQEAIyM1CZeVQJ3AQor3D+c6S8fdI2a2Q4N2y+iCqNRF
EI+EvsRLYazRYSxS3Twzb6MzK84p5dZJm4UDuP11YLB78T7Yxj3HwbDj0kcIH+nk
AyXmG6I7sh19BCZ/MSOOXxK4MikkWuNKxLPWc/gLPDqSBS7uMQC0xGpWlmG42N81
ddbVl4m6sojjHbg85vS/XLcf7d9GlsnulcYrq4FiDCYalkE0At/MRwunx4qti0g+
xb7uw5CqgJ0CeQDGXNUvKF7iUliF1TJe2x1hWVLTx6WW8Xe6gpM9l02On9L72t5l
YUQUsyddY4vAYVznOuvPq7jzyPw3dAeOrZBHNuOvmBlxSw==
-----END CERTIFICATE-----