Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2C_emd4ekZM_83aRIdfSxkgRVJI.roa
File:                     2C_emd4ekZM_83aRIdfSxkgRVJI.roa (raw, json)
Hash identifier:          faSqDsD7XK7NOidWrl+W6xNOAKzKq5rAXiM/u5abqOw=
Subject key identifier:   D8:2F:DE:99:DE:1E:91:93:3F:F3:76:91:21:D7:D2:C6:48:11:54:92
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EDB997920C5D0E9AB98538A53E3EE11EE
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2C_emd4ekZM_83aRIdfSxkgRVJI.roa
Signing time:             Thu 18 Jun 2026 16:38:48 +0000
ROA not before:           Thu 18 Jun 2026 16:38:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:9801:214::/48 maxlen: 48
                          2a06:9801:280::/48 maxlen: 48
                          2a06:9801:2ba::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:db:99:79:20:c5:d0:e9:ab:98:53:8a:53:e3:ee:11:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 18 16:38:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d82fde99de1e91933ff3769121d7d2c648115492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:53:18:8a:10:d1:97:ee:bf:a2:d3:ae:f4:f4:
                    e2:d9:30:70:77:fe:5b:b0:7e:e0:7e:af:d2:00:01:
                    d1:b1:19:dc:5b:ba:91:85:f4:c1:5d:36:af:f3:f2:
                    78:b6:68:f1:4f:7f:14:1e:ec:1c:7b:bb:c9:22:d8:
                    73:48:7e:6d:ca:6f:25:b5:b3:a3:e7:31:d0:91:54:
                    f7:5a:01:c0:73:fe:bd:74:c1:8a:01:08:e9:5c:3d:
                    df:6b:67:d3:f4:fd:41:bb:2e:e5:80:19:40:68:1f:
                    2f:bd:d4:03:9a:dc:57:6b:96:f1:d4:6b:5c:f8:61:
                    9d:86:19:b6:25:d5:dd:d9:aa:3b:58:cc:cc:57:a9:
                    cd:00:99:e6:79:94:c8:86:0b:3a:fd:48:9a:89:46:
                    13:89:2b:54:ac:1e:c3:9c:f8:f9:a1:23:d1:01:b0:
                    08:93:a3:ab:0e:85:fd:ee:3e:0b:ac:c4:99:13:a1:
                    fe:d1:d6:f3:54:75:fe:92:72:0d:69:b3:ba:ba:f3:
                    7d:6b:6a:0c:f9:ba:8d:3a:4f:4f:e3:96:31:63:6a:
                    81:b4:ed:18:69:35:e7:8c:1d:28:14:f7:24:d3:46:
                    20:42:a9:bf:d4:5c:ba:a3:d0:ac:77:8f:5d:85:1a:
                    2e:5e:2f:21:76:59:88:fb:9c:97:f5:31:5f:f6:f8:
                    6c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2F:DE:99:DE:1E:91:93:3F:F3:76:91:21:D7:D2:C6:48:11:54:92
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2C_emd4ekZM_83aRIdfSxkgRVJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:214::/48
                  2a06:9801:280::/48
                  2a06:9801:2ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:1d:1a:fb:12:ed:80:a6:b3:46:f8:ff:4f:86:6b:fe:f0:b0:
         cc:27:7e:17:1e:eb:12:98:f6:0c:71:d4:82:8c:1b:57:32:16:
         16:90:fb:ee:00:d8:61:84:ea:4d:91:2f:fa:55:8a:ee:58:5f:
         21:33:d6:4b:ff:e8:97:3c:72:44:b1:1c:6d:89:30:4a:53:7c:
         b7:c6:e2:3e:ee:55:57:c3:88:c9:c7:86:ec:c9:c8:6e:e8:1f:
         f7:ee:01:af:0f:13:9f:7b:07:32:dd:ab:5d:e0:30:1e:dd:0d:
         dd:5f:10:7e:e4:2e:81:e7:d0:9b:40:f8:83:8b:0d:53:a9:4a:
         17:f4:6b:47:ba:92:c2:02:11:56:5d:aa:82:b6:ae:8b:28:c2:
         8f:3a:c0:40:3c:7b:f6:25:a5:36:62:a9:10:9d:65:52:54:ed:
         84:59:f7:f9:63:c1:67:97:2c:dd:46:5f:1e:59:d8:27:a1:62:
         a2:76:a6:4c:38:2c:83:79:e2:46:ff:8e:e8:72:9c:e3:e8:44:
         be:8b:2b:36:95:ba:d8:d0:cf:d4:a5:3c:3e:27:69:76:d2:c1:
         d4:88:fc:2b:f4:34:b3:32:78:cb:0e:e6:54:a1:e0:8f:4b:6e:
         09:b3:86:5c:bf:dc:3e:25:76:ee:1b:35:ee:85:85:58:a3:c4:
         e1:89:d8:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ7bmXkgxdDpq5hTilPj7hHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjE4MTYzODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJmZGU5OWRlMWU5MTkzM2ZmMzc2OTEyMWQ3ZDJjNjQ4MTE1NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylMYihDRl+6/otOu9PTi2TBwd/5b
sH7gfq/SAAHRsRncW7qRhfTBXTav8/J4tmjxT38UHuwce7vJIthzSH5tym8ltbOj
5zHQkVT3WgHAc/69dMGKAQjpXD3fa2fT9P1Buy7lgBlAaB8vvdQDmtxXa5bx1Gtc
+GGdhhm2JdXd2ao7WMzMV6nNAJnmeZTIhgs6/UiaiUYTiStUrB7DnPj5oSPRAbAI
k6OrDoX97j4LrMSZE6H+0dbzVHX+knINabO6uvN9a2oM+bqNOk9P45YxY2qBtO0Y
aTXnjB0oFPck00YgQqm/1Fy6o9Csd49dhRouXi8hdlmI+5yX9TFf9vhs3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNgv3pneHpGTP/N2kSHX0sZIEVSSMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvMkNfZW1kNGVrWk1fODNhUklkZlN4a2dSVkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgaYAQIU
AwcAKgaYAQKAAwcAKgaYAQK6MA0GCSqGSIb3DQEBCwUAA4IBAQCzHRr7Eu2AprNG
+P9Phmv+8LDMJ34XHusSmPYMcdSCjBtXMhYWkPvuANhhhOpNkS/6VYruWF8hM9ZL
/+iXPHJEsRxtiTBKU3y3xuI+7lVXw4jJx4bsychu6B/37gGvDxOfewcy3atd4DAe
3Q3dXxB+5C6B59CbQPiDiw1TqUoX9GtHupLCAhFWXaqCtq6LKMKPOsBAPHv2JaU2
YqkQnWVSVO2EWff5Y8FnlyzdRl8eWdgnoWKidqZMOCyDeeJG/47ocpzj6ES+iys2
lbrY0M/UpTw+J2l20sHUiPwr9DSzMnjLDuZUoeCPS24Js4Zcv9w+JXbuGzXuhYVY
o8ThidiU
-----END CERTIFICATE-----