Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UxGkngsUCXDE1wXvxWo_fqBub9k.roa
File:                     UxGkngsUCXDE1wXvxWo_fqBub9k.roa (raw, json)
Hash identifier:          lwr+FCpA8a2+oieHL+GhefutHySCkAKAEuiHF0ZotcQ=
Subject key identifier:   53:11:A4:9E:0B:14:09:70:C4:D7:05:EF:C5:6A:3F:7E:A0:6E:6F:D9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019D85F4BC369D2992401FF62AB2EADF0F70
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UxGkngsUCXDE1wXvxWo_fqBub9k.roa
Signing time:             Mon 13 Apr 2026 08:28:21 +0000
ROA not before:           Mon 13 Apr 2026 08:28:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199243
IP address blocks:        2a10:ccc3:1300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Apr 2026 22:51:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:f4:bc:36:9d:29:92:40:1f:f6:2a:b2:ea:df:0f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 13 08:28:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5311a49e0b140970c4d705efc56a3f7ea06e6fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7a:0c:3f:31:71:e5:52:a8:ed:29:62:16:a2:
                    7e:aa:1a:70:56:1f:cc:1c:b8:a4:4f:95:13:a5:e7:
                    86:ed:30:72:73:3b:10:c1:50:5a:9d:2b:b5:b3:00:
                    9b:c4:b7:e9:ff:30:f0:47:26:45:94:ff:cd:28:c6:
                    6e:03:91:cf:f7:5a:e5:18:92:81:1e:1c:2a:64:11:
                    35:a9:07:ee:4c:6c:e9:1e:be:45:f4:f8:1d:50:da:
                    5c:97:6c:35:19:3e:75:c0:b8:5c:93:36:19:79:a4:
                    60:f9:ae:2a:58:54:ec:51:74:e1:6d:13:e0:28:68:
                    65:bb:56:88:b3:b5:a9:4c:9d:f0:c1:35:79:e4:86:
                    08:e1:fc:5d:74:f6:4e:ea:5c:8b:fb:28:c9:a9:ba:
                    12:74:a1:4f:e9:bd:f2:94:48:72:3d:8b:8b:c0:ec:
                    f2:cc:b3:87:bc:5a:67:ef:ae:53:dc:cb:a1:2b:52:
                    da:23:20:e4:3d:bf:63:4b:02:4f:93:1f:d1:72:e9:
                    9b:c9:d7:a5:f3:c3:df:1b:ed:1b:02:3f:5d:14:eb:
                    bd:ac:4f:70:10:8f:59:68:16:6a:1d:c0:d8:46:19:
                    65:2d:6f:60:51:61:16:95:dc:81:d5:43:c8:cc:e2:
                    32:af:39:30:26:02:a0:ee:7f:03:ea:5e:a0:c4:68:
                    be:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:11:A4:9E:0B:14:09:70:C4:D7:05:EF:C5:6A:3F:7E:A0:6E:6F:D9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UxGkngsUCXDE1wXvxWo_fqBub9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc3:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:e3:28:be:d5:cf:96:25:b9:c1:a3:fe:c0:b2:8c:79:cd:4a:
         b0:1e:aa:3a:d6:ec:65:57:cc:47:01:c7:e4:8d:de:e7:07:da:
         c4:86:c2:fd:68:76:f3:07:33:3f:1c:1d:b8:08:bc:e5:75:b0:
         55:f0:85:e1:74:34:dd:b9:93:76:17:df:a4:62:46:f3:4f:41:
         65:4c:81:66:cb:ba:6e:79:50:ba:ca:15:3d:32:ad:fe:20:9f:
         87:6b:aa:b2:cf:fa:c4:e5:9a:0e:91:de:ec:5f:81:e0:f6:e7:
         70:23:78:80:a2:86:1c:98:bb:dc:a6:ad:bd:52:cb:e2:d6:6f:
         e0:c5:7c:c2:eb:1a:bc:70:73:34:d8:dd:a2:dc:be:a6:f0:28:
         75:c9:18:b5:f2:b3:82:11:23:66:60:92:b2:b8:59:8c:17:79:
         3d:56:56:3b:da:78:7c:ae:4f:fa:a9:ea:5c:50:04:dd:a6:0b:
         dd:e0:28:97:fd:3a:a0:2b:23:fb:eb:b5:5b:9d:f1:6a:8a:d8:
         f8:c6:a7:bf:5e:c8:76:cf:94:e9:41:39:26:07:ae:39:11:f7:
         fe:ef:96:72:f2:44:ca:4d:f7:a5:89:72:ab:2d:0c:08:f7:0b:
         50:7d:e1:cb:ff:42:2a:69:3b:d1:4f:04:df:0c:24:88:46:76:
         d2:4b:34:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2F9Lw2nSmSQB/2KrLq3w9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNDEzMDgyODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzExYTQ5ZTBiMTQwOTcwYzRkNzA1ZWZjNTZhM2Y3ZWEwNmU2ZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnoMPzFx5VKo7SliFqJ+qhpwVh/M
HLikT5UTpeeG7TByczsQwVBanSu1swCbxLfp/zDwRyZFlP/NKMZuA5HP91rlGJKB
HhwqZBE1qQfuTGzpHr5F9PgdUNpcl2w1GT51wLhckzYZeaRg+a4qWFTsUXThbRPg
KGhlu1aIs7WpTJ3wwTV55IYI4fxddPZO6lyL+yjJqboSdKFP6b3ylEhyPYuLwOzy
zLOHvFpn765T3MuhK1LaIyDkPb9jSwJPkx/Rcumbydel88PfG+0bAj9dFOu9rE9w
EI9ZaBZqHcDYRhllLW9gUWEWldyB1UPIzOIyrzkwJgKg7n8D6l6gxGi+gQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFMRpJ4LFAlwxNcF78VqP36gbm/ZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVXhHa25nc1VDWERFMXdYdnhXb19mcUJ1YjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhDMwxMw
DQYJKoZIhvcNAQELBQADggEBAEbjKL7Vz5YlucGj/sCyjHnNSrAeqjrW7GVXzEcB
x+SN3ucH2sSGwv1odvMHMz8cHbgIvOV1sFXwheF0NN25k3YX36RiRvNPQWVMgWbL
um55ULrKFT0yrf4gn4drqrLP+sTlmg6R3uxfgeD253AjeICihhyYu9ymrb1Sy+LW
b+DFfMLrGrxwczTY3aLcvqbwKHXJGLXys4IRI2ZgkrK4WYwXeT1WVjvaeHyuT/qp
6lxQBN2mC93gKJf9OqArI/vrtVud8WqK2PjGp79eyHbPlOlBOSYHrjkR9/7vlnLy
RMpN96WJcqstDAj3C1B94cv/QippO9FPBN8MJIhGdtJLNMQ=
-----END CERTIFICATE-----