Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jtYBOlsZD9BKCzFck6z87RZpbXo.roa
File:                     jtYBOlsZD9BKCzFck6z87RZpbXo.roa (raw, json)
Hash identifier:          a7L5hbJAJYgeqShAaw8x+eOpTtPBMZWLKiwCFvOvHUY=
Subject key identifier:   8E:D6:01:3A:5B:19:0F:D0:4A:0B:31:5C:93:AC:FC:ED:16:69:6D:7A
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019EE18853C8DDBA84ABF2C71D3008A55CF0
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jtYBOlsZD9BKCzFck6z87RZpbXo.roa
Signing time:             Fri 19 Jun 2026 20:17:48 +0000
ROA not before:           Fri 19 Jun 2026 20:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        2a10:3c82::/32 maxlen: 32
                          2a10:3c83::/32 maxlen: 32
                          2a10:3c86::/32 maxlen: 32
                          2a10:3c87::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e1:88:53:c8:dd:ba:84:ab:f2:c7:1d:30:08:a5:5c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 19 20:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ed6013a5b190fd04a0b315c93acfced16696d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:af:e1:37:df:0f:5d:55:cc:34:68:2e:7a:38:
                    08:4b:81:bb:65:ed:fb:60:70:db:a2:0d:57:0d:b0:
                    40:29:42:5e:9d:97:9b:0e:19:97:8f:32:a0:b0:5a:
                    d1:8c:e8:62:6b:eb:43:18:b2:9b:36:51:f7:a9:f4:
                    1c:68:b7:cc:b8:f8:18:7d:fd:1c:3a:96:c0:0f:79:
                    95:16:24:fa:71:c3:99:1a:a2:86:b9:8a:b3:f2:78:
                    71:99:ed:0e:44:62:b3:88:27:fc:b7:65:0a:34:88:
                    79:57:a9:93:a8:f2:c2:a3:bd:6f:8e:07:f3:47:14:
                    b8:01:35:78:aa:75:2c:0d:21:db:fd:54:8e:f0:c5:
                    45:00:3b:da:f6:a3:c4:06:37:ef:bc:80:0e:6a:53:
                    c4:ce:0a:57:1e:7a:d1:18:bb:fc:23:f2:01:a3:89:
                    75:55:6a:2f:e8:47:4e:2a:d5:3b:b3:f1:bb:3c:a7:
                    38:f9:90:e5:ba:59:d8:96:94:be:f5:ef:50:df:6d:
                    c1:4d:75:74:3a:17:d2:09:87:b2:05:a1:5f:05:0b:
                    21:1f:a8:8f:a8:c7:e2:ef:03:c7:77:fd:c7:4e:d3:
                    e4:79:92:3d:15:60:9d:b5:fa:34:1c:3b:79:2c:4e:
                    c4:2c:40:8a:f6:9a:96:31:0f:a6:ad:cf:a2:fa:7e:
                    ab:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:D6:01:3A:5B:19:0F:D0:4A:0B:31:5C:93:AC:FC:ED:16:69:6D:7A
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jtYBOlsZD9BKCzFck6z87RZpbXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3c82::/31
                  2a10:3c86::/31

    Signature Algorithm: sha256WithRSAEncryption
         5e:2b:a1:f4:33:f0:7a:71:b3:84:9d:b5:c6:10:e4:df:f6:92:
         13:88:78:82:74:e8:d3:36:ba:1c:b3:6a:b1:2f:92:74:c7:ae:
         b9:5e:f4:c3:dd:7f:a9:45:b5:16:03:14:83:82:2f:d2:d7:e1:
         5a:d6:87:e2:13:06:6c:fe:ae:23:10:c0:34:41:f8:8e:12:dd:
         d7:85:87:82:0d:c8:94:ee:d2:bf:ca:7d:49:24:5a:2b:49:15:
         03:ee:f7:44:3d:b1:74:a2:1e:21:db:e9:10:1e:d8:4f:f5:e1:
         e5:a3:b3:14:ba:26:dd:f3:b8:c9:c7:f2:23:66:62:7a:b8:86:
         73:90:0b:b3:a7:71:dc:ee:29:43:33:72:63:e1:b1:7d:13:dc:
         63:b6:71:be:3a:82:e7:4b:16:f2:08:6a:b5:85:f0:b7:87:cb:
         99:e0:05:29:a2:ed:fc:62:4c:ba:7c:1a:98:81:ae:d3:f7:6d:
         e0:a8:89:fe:c9:b9:8d:4f:b1:4d:7f:5e:b3:19:36:6f:6f:c2:
         4c:f5:19:97:87:34:53:21:c3:c6:5b:84:8c:24:5b:3d:2b:d4:
         62:91:88:ff:c0:05:10:6a:e1:73:a7:e5:46:bd:7d:49:0f:b0:
         e8:82:dd:ba:f7:89:aa:56:4d:91:71:b9:dc:63:ff:25:d1:0c:
         de:7a:3a:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ7hiFPI3bqEq/LHHTAIpVzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjE5MjAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWQ2MDEzYTViMTkwZmQwNGEwYjMxNWM5M2FjZmNlZDE2Njk2ZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6/hN98PXVXMNGguejgIS4G7Ze37
YHDbog1XDbBAKUJenZebDhmXjzKgsFrRjOhia+tDGLKbNlH3qfQcaLfMuPgYff0c
OpbAD3mVFiT6ccOZGqKGuYqz8nhxme0ORGKziCf8t2UKNIh5V6mTqPLCo71vjgfz
RxS4ATV4qnUsDSHb/VSO8MVFADva9qPEBjfvvIAOalPEzgpXHnrRGLv8I/IBo4l1
VWov6EdOKtU7s/G7PKc4+ZDlulnYlpS+9e9Q323BTXV0OhfSCYeyBaFfBQshH6iP
qMfi7wPHd/3HTtPkeZI9FWCdtfo0HDt5LE7ELECK9pqWMQ+mrc+i+n6rqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI7WATpbGQ/QSgsxXJOs/O0WaW16MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvanRZQk9sc1pEOUJLQ3pGY2s2ejg3UlpwYlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUBKhA8ggMF
ASoQPIYwDQYJKoZIhvcNAQELBQADggEBAF4rofQz8Hpxs4SdtcYQ5N/2khOIeIJ0
6NM2uhyzarEvknTHrrle9MPdf6lFtRYDFIOCL9LX4VrWh+ITBmz+riMQwDRB+I4S
3deFh4INyJTu0r/KfUkkWitJFQPu90Q9sXSiHiHb6RAe2E/14eWjsxS6Jt3zuMnH
8iNmYnq4hnOQC7OncdzuKUMzcmPhsX0T3GO2cb46gudLFvIIarWF8LeHy5ngBSmi
7fxiTLp8GpiBrtP3beCoif7JuY1PsU1/XrMZNm9vwkz1GZeHNFMhw8ZbhIwkWz0r
1GKRiP/ABRBq4XOn5Ua9fUkPsOiC3br3iapWTZFxudxj/yXRDN56OqY=
-----END CERTIFICATE-----