Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ihk6VgUJg9Ctci5orWeTBm3BUfo.roa
File:                     ihk6VgUJg9Ctci5orWeTBm3BUfo.roa (raw, json)
Hash identifier:          vqxgobIW5n3SnyWrzA/hU5GFPlx3tqwKfwv6IbOLUnk=
Subject key identifier:   8A:19:3A:56:05:09:83:D0:AD:72:2E:68:AD:67:93:06:6D:C1:51:FA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019F22DB501C869FEA3FAF44B6AFA39C97A9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ihk6VgUJg9Ctci5orWeTBm3BUfo.roa
Signing time:             Thu 02 Jul 2026 12:43:45 +0000
ROA not before:           Thu 02 Jul 2026 12:43:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197477
IP address blocks:        2a06:de01:70::/44 maxlen: 48
                          2a10:ccc0:150::/46 maxlen: 48
                          2a10:ccc2:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:22:db:50:1c:86:9f:ea:3f:af:44:b6:af:a3:9c:97:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul  2 12:43:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a193a56050983d0ad722e68ad6793066dc151fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:48:60:87:2b:7f:fe:e4:3b:ac:71:10:8f:c9:
                    46:99:9c:ec:7f:46:d2:25:bf:62:90:ec:ce:82:b0:
                    3e:a1:a6:fa:21:05:4a:87:14:f1:3d:2e:d6:de:37:
                    7c:d6:11:66:06:bc:9f:aa:7a:62:46:63:03:4c:51:
                    14:e2:65:36:d5:39:c3:b5:8c:ae:85:4a:e0:4f:0e:
                    79:cf:a6:ba:90:30:07:6a:20:f5:95:eb:3a:bb:34:
                    28:38:5f:f5:87:37:2c:b4:7a:a3:9b:3c:83:c9:10:
                    70:74:71:68:83:2c:71:0e:5f:5d:f7:57:c1:93:f1:
                    63:67:c9:1a:55:dc:af:ea:09:ba:4a:0b:24:11:e6:
                    fe:12:5b:cc:66:12:47:ba:cb:03:bf:91:65:4a:fe:
                    97:91:1e:fc:ac:92:36:e5:27:9b:f0:01:fc:f2:ba:
                    be:7a:52:b9:d5:85:ec:03:74:7f:03:c0:2a:48:ba:
                    6d:13:40:c3:a8:6a:cf:3f:4c:c1:87:cc:f7:95:2e:
                    9d:53:78:fe:8f:41:96:28:c9:a6:58:02:d9:ae:ad:
                    65:55:5a:e5:77:d9:12:0a:0c:c1:27:17:13:6a:ce:
                    e4:ca:97:bb:d4:27:66:8c:6d:ac:46:24:02:b4:31:
                    fb:ee:0c:bd:db:f4:0d:c9:8b:e3:76:b0:34:52:24:
                    8e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:19:3A:56:05:09:83:D0:AD:72:2E:68:AD:67:93:06:6D:C1:51:FA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ihk6VgUJg9Ctci5orWeTBm3BUfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:70::/44
                  2a10:ccc0:150::/46
                  2a10:ccc2:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         4f:58:f0:d5:ab:15:f0:1d:8b:4c:1c:e2:05:fc:db:ab:5a:9f:
         5c:05:b8:3a:ed:81:aa:50:14:7f:b1:81:40:86:77:dc:6c:e8:
         4e:b6:c1:2f:7a:ba:ee:12:5c:cb:c2:6e:3d:ce:28:c7:07:da:
         27:c2:c3:bc:b0:90:33:b0:5d:11:8e:6d:7d:fa:99:58:e3:98:
         34:26:8a:9b:5b:b2:20:e4:d2:c9:c0:12:ad:98:0b:07:8e:c1:
         fa:11:22:2a:57:a6:be:c5:a4:82:41:58:13:e6:00:04:a6:8d:
         01:07:7c:ef:b1:dc:dd:24:66:e0:9c:73:87:59:d9:fc:15:ef:
         f3:1a:e6:5f:2e:61:53:f1:e4:ec:68:4b:0f:f1:ed:27:11:11:
         58:d9:da:f9:63:49:a9:cc:8d:2b:fe:61:61:9f:cd:6d:fd:f0:
         e0:44:66:8a:27:f9:63:70:1b:98:e8:fa:54:de:14:ae:93:de:
         b7:aa:a4:c9:68:f1:0c:7e:24:0d:64:07:c1:36:c1:92:9d:fb:
         43:bd:58:39:e0:12:2d:ed:b8:90:db:52:c6:5b:e6:ee:59:24:
         03:71:a9:04:d3:65:be:67:af:36:f3:cf:ec:ad:bc:6c:73:e2:
         4a:67:1e:82:fe:3a:bb:60:1c:56:1f:af:f2:2b:84:5e:d2:44:
         3d:f2:d2:51
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ8i21Achp/qP69Etq+jnJepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNzAyMTI0MzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTE5M2E1NjA1MDk4M2QwYWQ3MjJlNjhhZDY3OTMwNjZkYzE1MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0hghyt//uQ7rHEQj8lGmZzsf0bS
Jb9ikOzOgrA+oab6IQVKhxTxPS7W3jd81hFmBryfqnpiRmMDTFEU4mU21TnDtYyu
hUrgTw55z6a6kDAHaiD1les6uzQoOF/1hzcstHqjmzyDyRBwdHFogyxxDl9d91fB
k/FjZ8kaVdyv6gm6SgskEeb+ElvMZhJHussDv5FlSv6XkR78rJI25Seb8AH88rq+
elK51YXsA3R/A8AqSLptE0DDqGrPP0zBh8z3lS6dU3j+j0GWKMmmWALZrq1lVVrl
d9kSCgzBJxcTas7kype71CdmjG2sRiQCtDH77gy92/QNyYvjdrA0UiSOlwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIoZOlYFCYPQrXIuaK1nkwZtwVH6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaWhrNlZnVUpnOUN0Y2k1b3JXZVRCbTNCVWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKgbeAQBw
AwcCKhDMwAFQAwcEKhDMwgAQMA0GCSqGSIb3DQEBCwUAA4IBAQBPWPDVqxXwHYtM
HOIF/NurWp9cBbg67YGqUBR/sYFAhnfcbOhOtsEverruElzLwm49zijHB9onwsO8
sJAzsF0Rjm19+plY45g0JoqbW7Ig5NLJwBKtmAsHjsH6ESIqV6a+xaSCQVgT5gAE
po0BB3zvsdzdJGbgnHOHWdn8Fe/zGuZfLmFT8eTsaEsP8e0nERFY2dr5Y0mpzI0r
/mFhn81t/fDgRGaKJ/ljcBuY6PpU3hSuk963qqTJaPEMfiQNZAfBNsGSnftDvVg5
4BIt7biQ21LGW+buWSQDcakE02W+Z68288/srbxsc+JKZx6C/jq7YBxWH6/yK4Re
0kQ98tJR
-----END CERTIFICATE-----
Generated at Thu Jul 2 22:10:59 2026 by rpki-client