Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RQwRTmeCyMMDPLMYsp4rFnUl61g.roa
File:                     RQwRTmeCyMMDPLMYsp4rFnUl61g.roa (raw, json)
Hash identifier:          S2R4Lh98B0Y3nUv8WmC6vamlgCdH3IPX+M6yhS1hHgY=
Subject key identifier:   45:0C:11:4E:67:82:C8:C3:03:3C:B3:18:B2:9E:2B:16:75:25:EB:58
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EFE053B304E0E4EF80C7F3D4BE80E4511
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RQwRTmeCyMMDPLMYsp4rFnUl61g.roa
Signing time:             Thu 25 Jun 2026 09:03:36 +0000
ROA not before:           Thu 25 Jun 2026 09:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199133
IP address blocks:        2a10:ccc1:1333::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 08:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:05:3b:30:4e:0e:4e:f8:0c:7f:3d:4b:e8:0e:45:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 25 09:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=450c114e6782c8c3033cb318b29e2b167525eb58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5a:c2:6c:4a:4f:b1:32:9f:42:3a:26:e7:7c:
                    fc:de:94:87:96:b2:bb:cc:5d:62:7a:8b:18:cf:f2:
                    ad:79:0a:7a:03:5a:5e:d5:ea:76:3b:33:fa:31:8d:
                    83:c1:66:46:50:fc:de:1b:4f:aa:0c:41:56:1c:2c:
                    bd:ce:e0:d3:1c:09:6d:c0:d7:c9:0b:be:9d:21:a8:
                    17:d5:9e:17:f5:69:2d:b5:6c:72:01:4d:3c:6b:b3:
                    d6:ec:fe:34:37:b0:c9:a6:d6:ce:0d:ac:5d:3e:31:
                    46:be:4a:e9:a5:54:62:26:be:c3:69:79:c3:10:e1:
                    94:63:7b:33:47:f5:c7:ed:14:5f:5d:a6:65:9c:bb:
                    27:39:01:27:94:30:97:54:28:2d:83:9a:29:aa:a0:
                    e6:13:de:f5:a5:6b:6c:9e:07:6f:b4:3f:54:d3:46:
                    10:5c:79:5b:5e:1e:8e:94:98:1e:1f:b8:b3:d5:ce:
                    f7:e0:5c:0b:85:9d:0a:97:8d:74:e8:1c:c7:53:c6:
                    6e:c2:cd:2e:93:4c:2c:13:ff:52:a6:ad:bb:c7:9c:
                    10:68:b4:19:99:78:0c:0a:1d:e9:2c:55:6f:20:6f:
                    66:81:c5:7b:ac:f6:74:af:37:a8:78:e5:1a:fd:c2:
                    f1:9f:bd:80:cb:27:f8:a4:b0:ed:1a:36:60:fb:9f:
                    45:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0C:11:4E:67:82:C8:C3:03:3C:B3:18:B2:9E:2B:16:75:25:EB:58
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RQwRTmeCyMMDPLMYsp4rFnUl61g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc1:1333::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:ea:bd:ec:f8:a8:f8:b4:54:ff:22:9f:85:c3:76:cc:8b:62:
         97:65:89:dd:ec:93:0b:2f:98:e0:dc:3f:38:65:71:bb:e3:8c:
         ec:62:6a:b6:59:9d:0a:69:32:5f:cb:3d:e8:89:06:f8:f5:d5:
         19:00:6c:ab:7f:d3:67:b5:94:e3:ac:91:e2:de:cb:fe:9d:4c:
         c7:4e:60:96:ac:75:5d:b7:cf:73:02:c3:66:80:55:89:a6:d3:
         e0:50:fb:e2:dd:d4:44:e9:a1:89:f7:cf:e5:bd:5f:58:12:2b:
         53:c8:97:2e:cd:96:43:fe:37:5f:7f:8d:0c:8c:56:3d:26:7c:
         76:99:51:6c:c9:52:88:d4:8c:72:58:9c:2a:52:e5:09:17:8e:
         79:43:3a:a7:52:67:d5:73:0a:ee:81:86:b6:4c:ff:66:23:20:
         8e:34:6d:0e:7e:98:dd:4c:03:b5:12:14:85:ba:ce:07:e8:6e:
         4d:21:ea:8b:51:57:f5:d9:94:94:8e:24:e7:48:cd:fd:7f:bc:
         dc:58:89:53:72:ef:ed:5c:9e:f9:85:d7:cb:2f:5e:62:31:d6:
         25:ed:58:05:7d:a7:82:36:c0:3b:cd:97:05:21:91:17:0c:f2:
         d9:df:c4:5e:a9:07:e6:c8:d1:25:b5:80:b3:f8:77:bf:1a:f2:
         46:b5:e7:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7+BTswTg5O+Ax/PUvoDkURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjI1MDkwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBjMTE0ZTY3ODJjOGMzMDMzY2IzMThiMjllMmIxNjc1MjVlYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41rCbEpPsTKfQjom53z83pSHlrK7
zF1ieosYz/KteQp6A1pe1ep2OzP6MY2DwWZGUPzeG0+qDEFWHCy9zuDTHAltwNfJ
C76dIagX1Z4X9WkttWxyAU08a7PW7P40N7DJptbODaxdPjFGvkrppVRiJr7DaXnD
EOGUY3szR/XH7RRfXaZlnLsnOQEnlDCXVCgtg5opqqDmE971pWtsngdvtD9U00YQ
XHlbXh6OlJgeH7iz1c734FwLhZ0Kl4106BzHU8Zuws0uk0wsE/9Spq27x5wQaLQZ
mXgMCh3pLFVvIG9mgcV7rPZ0rzeoeOUa/cLxn72Ayyf4pLDtGjZg+59FLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEUMEU5ngsjDAzyzGLKeKxZ1JetYMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUlF3UlRtZUN5TU1EUExNWXNwNHJGblVsNjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMwRMz
MA0GCSqGSIb3DQEBCwUAA4IBAQCm6r3s+Kj4tFT/Ip+Fw3bMi2KXZYnd7JMLL5jg
3D84ZXG744zsYmq2WZ0KaTJfyz3oiQb49dUZAGyrf9NntZTjrJHi3sv+nUzHTmCW
rHVdt89zAsNmgFWJptPgUPvi3dRE6aGJ98/lvV9YEitTyJcuzZZD/jdff40MjFY9
Jnx2mVFsyVKI1IxyWJwqUuUJF455QzqnUmfVcwrugYa2TP9mIyCONG0OfpjdTAO1
EhSFus4H6G5NIeqLUVf12ZSUjiTnSM39f7zcWIlTcu/tXJ75hdfLL15iMdYl7VgF
faeCNsA7zZcFIZEXDPLZ38ReqQfmyNEltYCz+He/GvJGtecv
-----END CERTIFICATE-----