Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/RXH1E0juuTjk09gdd34VSaLqezE.roa
File:                     RXH1E0juuTjk09gdd34VSaLqezE.roa (raw, json)
Hash identifier:          DZRkuPFfVpgIXoaL3urk2cfBtZs5W6fdoPmvj+H+iwE=
Subject key identifier:   45:71:F5:13:48:EE:B9:38:E4:D3:D8:1D:77:7E:15:49:A2:EA:7B:31
Certificate issuer:       /CN=51306f5f46dbdb4136042a2be38d05d222a7c761
Certificate serial:       019ED0EE4403A2AE3D32C354BB4B9B5735F6
Authority key identifier: 51:30:6F:5F:46:DB:DB:41:36:04:2A:2B:E3:8D:05:D2:22:A7:C7:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTBvX0bb20E2BCor440F0iKnx2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/RXH1E0juuTjk09gdd34VSaLqezE.roa
Signing time:             Tue 16 Jun 2026 14:55:36 +0000
ROA not before:           Tue 16 Jun 2026 14:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211585
IP address blocks:        2001:67c:878::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/UTBvX0bb20E2BCor440F0iKnx2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/UTBvX0bb20E2BCor440F0iKnx2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTBvX0bb20E2BCor440F0iKnx2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:ee:44:03:a2:ae:3d:32:c3:54:bb:4b:9b:57:35:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51306f5f46dbdb4136042a2be38d05d222a7c761
        Validity
            Not Before: Jun 16 14:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4571f51348eeb938e4d3d81d777e1549a2ea7b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2e:a5:2c:f9:5a:37:ea:36:1b:18:ce:1d:7f:
                    3a:c6:63:94:5e:8d:4f:fe:80:a9:81:8e:e3:79:d9:
                    95:e4:b7:75:95:a9:c1:ac:45:03:5f:30:55:89:9f:
                    45:2e:4a:52:a4:41:fa:2f:a1:12:1f:3b:aa:91:7c:
                    a1:1a:e1:09:5f:e6:b3:32:82:05:0b:32:7d:bd:35:
                    07:ca:04:79:d8:f1:16:dd:18:17:a4:5c:d9:6d:8f:
                    f9:61:79:db:3a:0c:36:72:b8:04:e5:3f:86:d1:45:
                    d9:1b:32:86:de:57:af:ba:9b:e0:c6:9f:51:f0:d3:
                    98:c1:10:83:19:57:9c:04:89:ba:7b:16:f4:2e:e2:
                    ca:fb:8b:3c:8e:f4:50:0e:20:70:7c:8f:1a:a7:30:
                    a9:33:5c:3b:59:db:0c:01:b4:4e:02:cd:9f:e0:27:
                    be:8b:d5:52:20:d4:1f:43:c7:d7:b8:b3:96:23:c0:
                    63:83:c5:ef:ac:ad:dc:63:50:39:56:90:28:cf:92:
                    06:cb:4f:8e:c1:4a:f4:4f:79:be:20:c0:31:c5:16:
                    c2:26:e5:5c:c8:6a:45:4c:f3:a2:69:94:b3:27:ac:
                    ab:c2:10:5e:f0:dc:e5:d0:45:88:62:7c:71:2d:83:
                    db:08:a5:8d:5e:13:17:ca:07:3f:db:ac:d5:44:9f:
                    07:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:71:F5:13:48:EE:B9:38:E4:D3:D8:1D:77:7E:15:49:A2:EA:7B:31
            X509v3 Authority Key Identifier:
                keyid:51:30:6F:5F:46:DB:DB:41:36:04:2A:2B:E3:8D:05:D2:22:A7:C7:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTBvX0bb20E2BCor440F0iKnx2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/RXH1E0juuTjk09gdd34VSaLqezE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2743eb-c96e-4924-85fc-60b3a59c6077/1/UTBvX0bb20E2BCor440F0iKnx2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:878::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:ec:96:1c:f3:a4:9a:60:93:46:8c:73:76:47:18:10:dc:b5:
         0c:b6:8b:0a:78:f3:11:48:c0:82:9e:14:5b:e7:a6:7c:f5:9a:
         c2:f6:f4:2e:81:d7:c4:55:ca:d2:df:bc:7e:1b:af:ba:a8:bb:
         77:b2:5b:f0:6d:c8:f7:d3:7c:57:3d:f8:2c:de:1c:dd:b0:e8:
         ed:26:df:1b:c6:d0:cc:13:ec:0f:d5:2b:2f:19:d1:ac:ee:5e:
         0c:32:3a:6b:c5:bb:cc:70:de:d2:89:fa:2b:04:a2:12:9b:ba:
         7c:79:31:39:22:d6:00:d8:46:02:7b:f9:35:6e:ff:28:51:a1:
         71:b5:34:e8:8c:76:36:f1:66:63:71:b7:e8:a8:3c:2b:53:96:
         13:8a:fa:cb:d0:af:eb:b9:2a:8f:d7:b8:8d:b6:58:60:c2:17:
         b6:09:1a:12:ac:ae:f7:cd:44:53:79:02:98:ab:84:cd:9d:3b:
         62:aa:ab:27:2c:39:9a:53:13:40:dc:ad:1a:33:83:47:fb:1a:
         1f:df:fe:03:a1:17:1a:31:a9:18:44:46:5d:4f:5d:09:4b:a9:
         97:aa:0d:ae:80:65:97:08:79:84:45:fe:3f:86:54:e9:55:11:
         6d:e6:14:08:56:3e:ae:8b:8f:f8:35:de:4c:e3:38:3c:a5:39:
         cf:f4:3a:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7Q7kQDoq49MsNUu0ubVzX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMzA2ZjVmNDZkYmRiNDEzNjA0MmEyYmUzOGQwNWQyMjJh
N2M3NjEwHhcNMjYwNjE2MTQ1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTcxZjUxMzQ4ZWViOTM4ZTRkM2Q4MWQ3NzdlMTU0OWEyZWE3YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS6lLPlaN+o2GxjOHX86xmOUXo1P
/oCpgY7jedmV5Ld1lanBrEUDXzBViZ9FLkpSpEH6L6ESHzuqkXyhGuEJX+azMoIF
CzJ9vTUHygR52PEW3RgXpFzZbY/5YXnbOgw2crgE5T+G0UXZGzKG3levupvgxp9R
8NOYwRCDGVecBIm6exb0LuLK+4s8jvRQDiBwfI8apzCpM1w7WdsMAbROAs2f4Ce+
i9VSINQfQ8fXuLOWI8Bjg8XvrK3cY1A5VpAoz5IGy0+OwUr0T3m+IMAxxRbCJuVc
yGpFTPOiaZSzJ6yrwhBe8Nzl0EWIYnxxLYPbCKWNXhMXygc/26zVRJ8HnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEVx9RNI7rk45NPYHXd+FUmi6nsxMB8GA1UdIwQY
MBaAFFEwb19G29tBNgQqK+ONBdIip8dhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVRCdlgwYmIyMEUyQkNvcjQ0MEYwaUtueDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNzQzZWItYzk2ZS00OTI0LTg1ZmMt
NjBiM2E1OWM2MDc3LzEvUlhIMUUwanV1VGprMDlnZGQzNFZTYUxxZXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNzQzZWItYzk2ZS00OTI0LTg1ZmMtNjBiM2E1OWM2MDc3
LzEvVVRCdlgwYmIyMEUyQkNvcjQ0MEYwaUtueDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAh4
MA0GCSqGSIb3DQEBCwUAA4IBAQCO7JYc86SaYJNGjHN2RxgQ3LUMtosKePMRSMCC
nhRb56Z89ZrC9vQugdfEVcrS37x+G6+6qLt3slvwbcj303xXPfgs3hzdsOjtJt8b
xtDME+wP1SsvGdGs7l4MMjprxbvMcN7SiforBKISm7p8eTE5ItYA2EYCe/k1bv8o
UaFxtTTojHY28WZjcbfoqDwrU5YTivrL0K/ruSqP17iNtlhgwhe2CRoSrK73zURT
eQKYq4TNnTtiqqsnLDmaUxNA3K0aM4NH+xof3/4DoRcaMakYREZdT10JS6mXqg2u
gGWXCHmERf4/hlTpVRFt5hQIVj6ui4/4Nd5M4zg8pTnP9Dpn
-----END CERTIFICATE-----