Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/Zod6GEOcMGfwO02xipiRUjS5UHo.roa
File:                     Zod6GEOcMGfwO02xipiRUjS5UHo.roa (raw, json)
Hash identifier:          pJwxMJ8KyAb6ixNPNoNOHcynw+GKshz9SMdlh6JQuFk=
Subject key identifier:   66:87:7A:18:43:9C:30:67:F0:3B:4D:B1:8A:98:91:52:34:B9:50:7A
Certificate issuer:       /CN=3b53867284132eeccd56e6b155cf7f627d264f40
Certificate serial:       019DA7CC5A0E45086015FA6B41F29499987E
Authority key identifier: 3B:53:86:72:84:13:2E:EC:CD:56:E6:B1:55:CF:7F:62:7D:26:4F:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/Zod6GEOcMGfwO02xipiRUjS5UHo.roa
Signing time:             Sun 19 Apr 2026 22:11:20 +0000
ROA not before:           Sun 19 Apr 2026 22:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210152
IP address blocks:        2001:67c:c14::/48 maxlen: 48
                          2a0a:3e40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a7:cc:5a:0e:45:08:60:15:fa:6b:41:f2:94:99:98:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b53867284132eeccd56e6b155cf7f627d264f40
        Validity
            Not Before: Apr 19 22:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66877a18439c3067f03b4db18a98915234b9507a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:80:1b:b0:35:dc:03:df:90:b2:67:68:49:b9:
                    d9:66:cf:8b:b2:17:a5:c8:84:cd:f2:96:f7:b7:38:
                    e3:1b:67:f7:26:84:ef:5d:55:62:00:6e:71:41:22:
                    bc:6b:27:b4:1d:79:48:a0:a3:f2:84:58:50:cc:78:
                    5b:7c:4b:84:21:6d:67:8f:18:59:3c:e5:bb:fd:c9:
                    d7:b1:39:3e:1f:fc:9c:df:24:45:1a:25:31:36:7c:
                    7d:3f:d1:65:de:a7:ed:a6:56:94:07:41:00:21:e0:
                    f8:66:cd:b2:56:a9:1f:41:09:52:29:f1:4e:15:98:
                    e0:b8:a3:f4:63:61:e3:12:b9:a0:a0:69:0f:76:6e:
                    87:6c:b6:00:b0:96:af:7f:4f:12:56:61:f8:3d:e1:
                    5a:28:be:c9:d6:97:bd:ac:e1:da:71:e4:7c:26:1c:
                    fa:1e:62:f4:b8:4b:2c:8b:50:fb:fb:a1:b6:64:30:
                    88:79:77:61:cc:ee:8d:fb:87:59:17:b9:27:27:ac:
                    57:54:7a:eb:89:cc:18:d4:9a:48:72:1f:f9:6d:68:
                    e7:b8:ce:04:cd:fd:74:e6:d9:e5:11:34:e4:0c:e8:
                    c5:3d:fa:55:23:9e:26:2b:5f:5e:a3:33:d1:e9:55:
                    55:a8:2d:85:b8:d5:cd:48:64:45:6d:e0:37:eb:df:
                    ac:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:87:7A:18:43:9C:30:67:F0:3B:4D:B1:8A:98:91:52:34:B9:50:7A
            X509v3 Authority Key Identifier:
                keyid:3B:53:86:72:84:13:2E:EC:CD:56:E6:B1:55:CF:7F:62:7D:26:4F:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/Zod6GEOcMGfwO02xipiRUjS5UHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3ad558-51a0-4800-bbf8-b20858e2993b/1/O1OGcoQTLuzNVuaxVc9_Yn0mT0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c14::/48
                  2a0a:3e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:27:0a:5d:32:f2:7f:b3:aa:72:2f:96:7e:3c:ff:9e:09:8c:
         b4:82:5c:26:a7:fc:fd:d1:40:37:4a:e1:7e:f9:09:3b:76:56:
         78:7f:94:8a:6f:b6:4c:b7:a4:3b:68:07:10:2e:aa:ac:70:0f:
         0b:72:a4:af:b9:27:30:ac:0d:b3:99:44:ee:a1:2a:c0:08:99:
         05:12:ae:9d:a0:4e:a8:80:58:7b:aa:4f:0d:de:83:e5:6a:69:
         76:e4:ce:c3:ef:6d:a1:33:d0:29:53:0e:3a:1e:17:a8:5a:46:
         5c:2a:0e:03:e4:1e:8a:50:83:73:02:55:e4:9f:50:30:43:bb:
         bd:aa:4f:8e:6a:29:85:58:18:99:fe:ab:20:c9:a0:9f:42:82:
         c7:da:55:b7:cc:16:be:b5:6f:69:af:d7:61:17:69:88:1a:95:
         0e:6a:ca:8c:2d:f6:7d:b0:93:04:b2:19:86:32:81:96:d9:5f:
         6d:26:0a:32:34:6c:7c:64:c7:fa:4e:1b:c2:36:78:e8:c2:eb:
         74:d6:7e:51:72:64:30:13:13:2c:4f:39:23:3b:30:0e:ee:5d:
         4a:44:a4:0a:22:a7:47:29:d7:15:c6:43:3b:04:c1:4e:a4:b3:
         6e:6a:28:dd:d2:47:84:31:ca:d4:89:36:b6:18:5a:e7:a3:17:
         7d:4f:5d:7b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ2nzFoORQhgFfprQfKUmZh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNTM4NjcyODQxMzJlZWNjZDU2ZTZiMTU1Y2Y3ZjYyN2Qy
NjRmNDAwHhcNMjYwNDE5MjIxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njg3N2ExODQzOWMzMDY3ZjAzYjRkYjE4YTk4OTE1MjM0Yjk1MDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YAbsDXcA9+QsmdoSbnZZs+Lshel
yITN8pb3tzjjG2f3JoTvXVViAG5xQSK8aye0HXlIoKPyhFhQzHhbfEuEIW1njxhZ
POW7/cnXsTk+H/yc3yRFGiUxNnx9P9Fl3qftplaUB0EAIeD4Zs2yVqkfQQlSKfFO
FZjguKP0Y2HjErmgoGkPdm6HbLYAsJavf08SVmH4PeFaKL7J1pe9rOHaceR8Jhz6
HmL0uEssi1D7+6G2ZDCIeXdhzO6N+4dZF7knJ6xXVHrricwY1JpIch/5bWjnuM4E
zf105tnlETTkDOjFPfpVI54mK19eozPR6VVVqC2FuNXNSGRFbeA369+sFQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFGaHehhDnDBn8DtNsYqYkVI0uVB6MB8GA1UdIwQY
MBaAFDtThnKEEy7szVbmsVXPf2J9Jk9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFPR2NvUVRMdXpOVnVheFZjOV9ZbjBtVDBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zYWQ1NTgtNTFhMC00ODAwLWJiZjgt
YjIwODU4ZTI5OTNiLzEvWm9kNkdFT2NNR2Z3TzAyeGlwaVJValM1VUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zYWQ1NTgtNTFhMC00ODAwLWJiZjgtYjIwODU4ZTI5OTNi
LzEvTzFPR2NvUVRMdXpOVnVheFZjOV9ZbjBtVDBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGfAwU
AwUDKgo+QDANBgkqhkiG9w0BAQsFAAOCAQEADScKXTLyf7Oqci+Wfjz/ngmMtIJc
Jqf8/dFAN0rhfvkJO3ZWeH+Uim+2TLekO2gHEC6qrHAPC3Kkr7knMKwNs5lE7qEq
wAiZBRKunaBOqIBYe6pPDd6D5WppduTOw+9toTPQKVMOOh4XqFpGXCoOA+QeilCD
cwJV5J9QMEO7vapPjmophVgYmf6rIMmgn0KCx9pVt8wWvrVvaa/XYRdpiBqVDmrK
jC32fbCTBLIZhjKBltlfbSYKMjRsfGTH+k4bwjZ46MLrdNZ+UXJkMBMTLE85Izsw
Du5dSkSkCiKnRynXFcZDOwTBTqSzbmoo3dJHhDHK1Ik2thha56MXfU9dew==
-----END CERTIFICATE-----