Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/b_wVaZ8rO26LnlkJxzRmh06VweI.roa
File:                     b_wVaZ8rO26LnlkJxzRmh06VweI.roa (raw, json)
Hash identifier:          ODeRKIPnBvLh9cbuzhcmyjcUZKJO3NXkpsQeWcM2ChM=
Subject key identifier:   6F:FC:15:69:9F:2B:3B:6E:8B:9E:59:09:C7:34:66:87:4E:95:C1:E2
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DE11FC8B5C77926FE1DB658CC366AF7D4
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/b_wVaZ8rO26LnlkJxzRmh06VweI.roa
Signing time:             Fri 01 May 2026 01:20:49 +0000
ROA not before:           Fri 01 May 2026 01:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198663
IP address blocks:        2a06:9801:c3::/48 maxlen: 48
                          2a06:9801:2e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e1:1f:c8:b5:c7:79:26:fe:1d:b6:58:cc:36:6a:f7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  1 01:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ffc15699f2b3b6e8b9e5909c73466874e95c1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:01:f5:01:ba:b9:93:2d:7d:97:54:99:b5:81:
                    0a:48:91:31:b5:7c:86:47:ae:b8:26:40:96:27:fd:
                    b5:02:c2:f8:20:de:5c:bb:05:ba:fc:bc:26:ab:ae:
                    eb:27:64:40:72:e9:a3:0d:99:55:90:f6:fd:10:07:
                    40:13:2d:ab:b2:db:59:13:ae:13:3e:dc:9c:76:a0:
                    be:23:ec:d8:38:82:a8:93:aa:82:23:ea:4f:a8:fc:
                    4e:15:0b:57:c6:a7:09:b0:80:ac:ef:34:9c:cf:f8:
                    79:01:20:3d:77:fc:f6:b6:c0:c4:a7:b5:96:e1:64:
                    07:ac:59:e5:93:56:85:0f:29:a1:37:5a:f0:51:04:
                    7d:20:8b:86:c3:5a:6b:d7:5c:10:fe:56:fd:57:5f:
                    47:87:8b:b7:cf:d9:cc:8d:30:d9:9e:da:f8:96:99:
                    1a:f8:ec:64:23:a1:4d:8e:70:24:0b:40:b4:27:67:
                    2c:f4:75:f3:07:56:85:16:89:2b:3d:8e:a4:a1:34:
                    35:86:34:c2:f9:d2:aa:8c:52:d9:e4:02:1a:e8:33:
                    82:f5:3b:9c:9b:56:d2:ba:02:41:80:ed:00:ce:32:
                    7f:89:b3:2a:26:0c:97:c0:fb:ca:13:b4:5e:95:1d:
                    45:6b:43:be:74:da:07:e6:c7:9e:ce:92:77:05:7d:
                    fe:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:FC:15:69:9F:2B:3B:6E:8B:9E:59:09:C7:34:66:87:4E:95:C1:E2
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/b_wVaZ8rO26LnlkJxzRmh06VweI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:c3::/48
                  2a06:9801:2e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         48:4a:8b:a6:58:6c:7a:f3:48:16:9b:b8:bc:41:74:50:79:c0:
         46:07:16:43:35:96:97:7d:cc:ed:4c:82:ef:32:b3:d8:4e:50:
         1c:5d:d9:56:e1:02:24:f5:1a:86:95:45:b8:50:ca:21:0f:80:
         c6:82:7d:a0:ac:f5:9b:91:f2:be:c5:9a:ae:81:0a:08:e6:78:
         9c:e0:64:0b:5c:7b:09:ee:d8:9e:18:a2:f4:ae:cd:38:a8:b1:
         b8:90:90:4a:a3:18:50:90:ef:7a:15:2b:c4:99:99:39:69:ea:
         3f:50:35:10:e9:99:1e:b8:24:e7:0b:f2:e1:9e:4f:b5:ab:16:
         24:73:5f:67:f0:07:6e:24:77:c0:87:74:4b:8b:c8:3f:5e:0f:
         9b:80:b5:49:09:07:b2:f0:63:52:f8:ca:bc:b8:bf:2d:a3:09:
         00:6e:ec:20:49:0c:8f:ec:7b:b3:ca:b4:b3:4d:1c:9d:27:39:
         92:88:f2:a9:34:a6:71:dc:2a:02:55:dc:33:4d:03:42:36:0b:
         a0:1a:7a:7f:3c:7f:cc:d1:be:91:5a:46:1b:44:68:b8:c6:9a:
         6b:67:41:cc:9f:a0:2b:f5:0f:73:49:bd:c4:b9:6e:bc:d5:c3:
         91:22:81:03:8b:4f:67:0b:c3:a0:09:24:f7:ab:2d:6a:2b:60:
         30:b4:a0:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3hH8i1x3km/h22WMw2avfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTAxMDEyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmZjMTU2OTlmMmIzYjZlOGI5ZTU5MDljNzM0NjY4NzRlOTVjMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgH1Abq5ky19l1SZtYEKSJExtXyG
R664JkCWJ/21AsL4IN5cuwW6/Lwmq67rJ2RAcumjDZlVkPb9EAdAEy2rsttZE64T
PtycdqC+I+zYOIKok6qCI+pPqPxOFQtXxqcJsICs7zScz/h5ASA9d/z2tsDEp7WW
4WQHrFnlk1aFDymhN1rwUQR9IIuGw1pr11wQ/lb9V19Hh4u3z9nMjTDZntr4lpka
+OxkI6FNjnAkC0C0J2cs9HXzB1aFFokrPY6koTQ1hjTC+dKqjFLZ5AIa6DOC9Tuc
m1bSugJBgO0AzjJ/ibMqJgyXwPvKE7RelR1Fa0O+dNoH5seezpJ3BX3+xwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG/8FWmfKztui55ZCcc0ZodOlcHiMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvYl93VmFaOHJPMjZMbmxrSnh6Um1oMDZWd2VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQDD
AwcEKgaYAQLgMA0GCSqGSIb3DQEBCwUAA4IBAQBISoumWGx680gWm7i8QXRQecBG
BxZDNZaXfcztTILvMrPYTlAcXdlW4QIk9RqGlUW4UMohD4DGgn2grPWbkfK+xZqu
gQoI5nic4GQLXHsJ7tieGKL0rs04qLG4kJBKoxhQkO96FSvEmZk5aeo/UDUQ6Zke
uCTnC/Lhnk+1qxYkc19n8AduJHfAh3RLi8g/Xg+bgLVJCQey8GNS+Mq8uL8towkA
buwgSQyP7HuzyrSzTRydJzmSiPKpNKZx3CoCVdwzTQNCNgugGnp/PH/M0b6RWkYb
RGi4xpprZ0HMn6Ar9Q9zSb3EuW681cORIoEDi09nC8OgCST3qy1qK2AwtKCp
-----END CERTIFICATE-----