Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vFvfdd3bn6qrbXAGjKBH_5abhMo.roa
File:                     vFvfdd3bn6qrbXAGjKBH_5abhMo.roa (raw, json)
Hash identifier:          xxyUtRixRCTxa5Rz9hO9P5Kfqh6A03ezDGrHjT6pF8g=
Subject key identifier:   BC:5B:DF:75:DD:DB:9F:AA:AB:6D:70:06:8C:A0:47:FF:96:9B:84:CA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019D5DFCE2F27711ECBC18FE26D6E664FF0D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vFvfdd3bn6qrbXAGjKBH_5abhMo.roa
Signing time:             Sun 05 Apr 2026 14:12:27 +0000
ROA not before:           Sun 05 Apr 2026 14:12:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199776
IP address blocks:        2a0e:97c0:bf0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Apr 2026 14:12:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5d:fc:e2:f2:77:11:ec:bc:18:fe:26:d6:e6:64:ff:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  5 14:12:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc5bdf75dddb9faaab6d70068ca047ff969b84ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:06:df:43:8e:82:1d:5b:7c:94:cd:ed:c4:93:
                    7b:c2:e3:7a:db:a1:f9:54:2d:0e:2f:8e:78:38:43:
                    bb:93:8b:bc:7e:e2:b4:b5:1a:e8:6a:ed:90:74:55:
                    b2:d5:75:e4:cf:f4:78:4b:64:33:d3:bd:dd:37:7a:
                    23:95:96:b8:a4:bb:2b:44:ac:86:d3:84:5b:16:46:
                    37:95:47:d6:2f:07:50:b5:35:8b:5e:63:e9:97:76:
                    44:8c:aa:5a:42:56:db:b3:5d:b7:b1:11:98:e7:68:
                    c3:23:48:99:19:39:14:66:02:2b:30:30:d4:94:82:
                    15:56:67:96:ae:3f:20:21:19:cc:e0:77:19:55:51:
                    ac:0b:fa:2b:a6:2d:8d:71:c6:80:f6:a3:f4:46:35:
                    a8:d7:cf:d3:6d:02:97:29:5b:41:94:0e:2e:08:01:
                    b2:2a:db:7a:37:91:6d:b0:43:16:f2:2a:c5:4c:a5:
                    7b:d5:ae:5c:1b:22:de:8f:64:dc:ff:ce:05:e3:b7:
                    9b:11:f9:ce:7a:6f:d2:1a:83:c2:e6:c9:68:c4:90:
                    a9:a8:50:9c:53:3d:59:df:d8:87:48:9d:ab:21:ed:
                    2f:d9:6a:b6:1d:4e:b9:21:ed:36:a2:62:0e:77:56:
                    fb:e6:c9:d5:0a:56:c2:24:a3:f8:a7:37:e5:39:66:
                    7d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:5B:DF:75:DD:DB:9F:AA:AB:6D:70:06:8C:A0:47:FF:96:9B:84:CA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vFvfdd3bn6qrbXAGjKBH_5abhMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:bf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:b3:7a:02:ef:e5:e3:e2:a8:f4:93:8f:41:59:9f:86:57:0c:
         5d:18:8d:86:a6:6f:04:65:8e:0d:a0:c3:d5:b0:1e:ad:98:49:
         83:32:71:af:24:18:4a:86:b9:42:11:99:4a:99:7d:6e:98:76:
         2b:4e:23:4d:c9:8d:0e:db:c5:6d:0f:8b:06:cb:73:d1:76:4d:
         db:e8:00:9f:96:ef:09:59:46:55:0a:10:c0:d2:c7:2d:d4:16:
         6c:a0:c0:8f:ad:c5:a5:7e:25:af:ae:09:90:58:7c:30:37:5e:
         68:7b:e6:6a:d2:2f:9b:85:7b:91:6b:5b:21:60:f1:85:1f:fa:
         8c:17:7e:11:97:5b:da:ac:e3:0c:08:ce:6e:1c:4e:c4:7d:05:
         64:24:e8:02:31:77:01:35:39:cf:b2:93:8f:fb:59:94:35:d2:
         d0:46:78:1a:d9:71:47:3a:95:5d:d3:1b:8e:72:38:d2:5b:bc:
         fc:e5:6a:ee:96:4d:a9:87:9d:ca:dc:9c:46:19:27:b0:a6:8e:
         cb:e0:d6:29:3b:63:2b:ca:c2:85:00:f1:f9:a3:75:3a:20:57:
         f4:7d:ec:35:f2:34:bf:dc:e2:0c:31:04:50:9f:83:fe:ab:ad:
         5e:ba:ff:22:14:dc:f2:f0:12:56:bf:4d:cf:69:fb:5b:88:b6:
         bc:d2:96:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1d/OLydxHsvBj+JtbmZP8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNDA1MTQxMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzViZGY3NWRkZGI5ZmFhYWI2ZDcwMDY4Y2EwNDdmZjk2OWI4NGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwbfQ46CHVt8lM3txJN7wuN626H5
VC0OL454OEO7k4u8fuK0tRroau2QdFWy1XXkz/R4S2Qz073dN3ojlZa4pLsrRKyG
04RbFkY3lUfWLwdQtTWLXmPpl3ZEjKpaQlbbs123sRGY52jDI0iZGTkUZgIrMDDU
lIIVVmeWrj8gIRnM4HcZVVGsC/orpi2NccaA9qP0RjWo18/TbQKXKVtBlA4uCAGy
Ktt6N5FtsEMW8irFTKV71a5cGyLej2Tc/84F47ebEfnOem/SGoPC5sloxJCpqFCc
Uz1Z39iHSJ2rIe0v2Wq2HU65Ie02omIOd1b75snVClbCJKP4pzflOWZ9CQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLxb33Xd25+qq21wBoygR/+Wm4TKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdkZ2ZmRkM2JuNnFyYlhBR2pLQkhfNWFiaE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAvw
MA0GCSqGSIb3DQEBCwUAA4IBAQBts3oC7+Xj4qj0k49BWZ+GVwxdGI2Gpm8EZY4N
oMPVsB6tmEmDMnGvJBhKhrlCEZlKmX1umHYrTiNNyY0O28VtD4sGy3PRdk3b6ACf
lu8JWUZVChDA0sct1BZsoMCPrcWlfiWvrgmQWHwwN15oe+Zq0i+bhXuRa1shYPGF
H/qMF34Rl1varOMMCM5uHE7EfQVkJOgCMXcBNTnPspOP+1mUNdLQRnga2XFHOpVd
0xuOcjjSW7z85Wrulk2ph53K3JxGGSewpo7L4NYpO2MrysKFAPH5o3U6IFf0few1
8jS/3OIMMQRQn4P+q61euv8iFNzy8BJWv03PaftbiLa80pZm
-----END CERTIFICATE-----