Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bDqehv-L-gpmy2f6tCgYpNfSY8g.roa
File:                     bDqehv-L-gpmy2f6tCgYpNfSY8g.roa (raw, json)
Hash identifier:          q/ItbJkPl3hPXHnLP+1Umv3w88TYukseKTWgdWG5dUk=
Subject key identifier:   6C:3A:9E:86:FF:8B:FA:0A:66:CB:67:FA:B4:28:18:A4:D7:D2:63:C8
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019CBBC923F547F1CD64ACEAF89840DB03EC
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bDqehv-L-gpmy2f6tCgYpNfSY8g.roa
Signing time:             Thu 05 Mar 2026 02:17:27 +0000
ROA not before:           Thu 05 Mar 2026 02:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401243
IP address blocks:        2a13:a5c7:3600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bb:c9:23:f5:47:f1:cd:64:ac:ea:f8:98:40:db:03:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Mar  5 02:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c3a9e86ff8bfa0a66cb67fab42818a4d7d263c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:63:0c:44:e9:81:26:0f:83:7e:0f:d1:b8:49:
                    56:f6:d0:32:1d:fc:d3:08:41:42:6b:f4:70:4b:8f:
                    ee:6c:9b:04:bf:c8:9c:71:94:b7:99:96:68:76:89:
                    9e:8e:4a:b8:86:b5:3f:51:19:3d:23:75:9d:5e:70:
                    09:72:db:6c:5b:ee:63:4f:ad:ef:80:0c:c3:cc:b6:
                    cc:ff:ce:9a:5b:a9:6b:c8:85:5a:e1:4b:eb:78:40:
                    ba:6d:c4:66:62:84:84:74:c1:df:40:5a:53:0a:28:
                    58:df:4c:7b:7b:88:09:c3:c5:7e:b4:9a:8d:07:42:
                    13:ab:0a:8f:dd:d8:d0:c6:62:15:7b:3d:25:6b:b1:
                    d9:5c:45:32:1d:3f:83:b5:e4:ab:2c:14:1f:86:e2:
                    97:21:17:dc:4e:bb:ba:ca:35:6d:27:2e:67:16:9e:
                    36:67:84:8b:ab:40:c2:99:10:b3:b9:df:5e:8c:80:
                    53:ff:7f:53:58:3b:00:42:4c:b4:04:62:68:eb:cb:
                    28:1d:b7:86:77:7b:86:7c:7b:ec:d1:90:25:fc:82:
                    81:d6:c9:78:9f:1f:54:a9:b2:3c:ec:c6:ea:64:c1:
                    ad:20:61:bf:b4:34:ac:4f:fe:16:34:54:f6:9c:ef:
                    a9:00:94:63:b7:ef:34:0b:49:0c:ec:c9:4c:7d:1e:
                    b9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:3A:9E:86:FF:8B:FA:0A:66:CB:67:FA:B4:28:18:A4:D7:D2:63:C8
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bDqehv-L-gpmy2f6tCgYpNfSY8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:3600::/40

    Signature Algorithm: sha256WithRSAEncryption
         a7:29:53:69:27:d0:48:78:dc:74:d7:a0:aa:e2:e9:41:5b:0a:
         29:ca:e2:ea:b6:28:c2:d1:c3:69:be:fc:66:5b:bc:e4:a8:80:
         d9:74:6d:c9:67:08:f6:b5:be:bd:66:96:a4:ac:c6:1e:e6:ab:
         22:e9:4a:98:d1:07:f9:26:32:93:36:3d:5b:aa:b6:dc:3b:46:
         60:f1:be:4e:fb:65:d2:3b:71:14:c0:b2:9f:2b:7c:ee:20:62:
         4c:6c:23:9a:5d:b4:f3:a3:86:33:37:75:8a:1a:2a:db:55:09:
         d9:25:35:de:ef:0f:54:ec:d4:7e:57:c0:94:1b:72:21:4e:94:
         0f:a8:e5:b0:b7:b0:37:b0:53:8c:05:20:06:61:76:7a:65:9b:
         16:2d:f2:4b:ce:e6:ff:f5:3b:2c:d1:4b:6a:6f:b2:6c:21:c2:
         99:33:6e:03:26:f9:48:5e:8a:aa:30:9c:37:09:df:28:d2:10:
         27:79:52:1f:55:88:03:56:eb:55:8c:40:ff:92:56:4a:85:17:
         ad:a6:ce:28:83:9b:7b:fb:64:88:25:68:87:6d:56:29:3e:d8:
         6d:b2:90:61:e8:d4:05:59:4b:ba:4e:6f:9a:62:a5:3b:dd:92:
         22:79:a7:7d:09:6b:0b:30:9b:96:4f:7a:c6:95:36:2b:55:da:
         b3:69:56:1f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZy7ySP1R/HNZKzq+JhA2wPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjYwMzA1MDIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzNhOWU4NmZmOGJmYTBhNjZjYjY3ZmFiNDI4MThhNGQ3ZDI2M2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmMMROmBJg+Dfg/RuElW9tAyHfzT
CEFCa/RwS4/ubJsEv8iccZS3mZZodomejkq4hrU/URk9I3WdXnAJcttsW+5jT63v
gAzDzLbM/86aW6lryIVa4UvreEC6bcRmYoSEdMHfQFpTCihY30x7e4gJw8V+tJqN
B0ITqwqP3djQxmIVez0la7HZXEUyHT+DteSrLBQfhuKXIRfcTru6yjVtJy5nFp42
Z4SLq0DCmRCzud9ejIBT/39TWDsAQky0BGJo68soHbeGd3uGfHvs0ZAl/IKB1sl4
nx9UqbI87MbqZMGtIGG/tDSsT/4WNFT2nO+pAJRjt+80C0kM7MlMfR65uwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGw6nob/i/oKZstn+rQoGKTX0mPIMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvYkRxZWh2LUwtZ3BteTJmNnRDZ1lwTmZTWThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxzYw
DQYJKoZIhvcNAQELBQADggEBAKcpU2kn0Eh43HTXoKri6UFbCinK4uq2KMLRw2m+
/GZbvOSogNl0bclnCPa1vr1mlqSsxh7mqyLpSpjRB/kmMpM2PVuqttw7RmDxvk77
ZdI7cRTAsp8rfO4gYkxsI5pdtPOjhjM3dYoaKttVCdklNd7vD1Ts1H5XwJQbciFO
lA+o5bC3sDewU4wFIAZhdnplmxYt8kvO5v/1OyzRS2pvsmwhwpkzbgMm+Uheiqow
nDcJ3yjSECd5Uh9ViANW61WMQP+SVkqFF62mziiDm3v7ZIglaIdtVik+2G2ykGHo
1AVZS7pOb5pipTvdkiJ5p30Jawswm5ZPesaVNitV2rNpVh8=
-----END CERTIFICATE-----