Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ftnHw0snMf1fcubS4d8WMr51FeY.roa
File:                     ftnHw0snMf1fcubS4d8WMr51FeY.roa (raw, json)
Hash identifier:          tc00SCEHss5K9PSMEOqOrygnq8vPTkUw7oArlo9DAFg=
Subject key identifier:   7E:D9:C7:C3:4B:27:31:FD:5F:72:E6:D2:E1:DF:16:32:BE:75:15:E6
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D2D1FE46B42C0363FC3B738F90E3256D0
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ftnHw0snMf1fcubS4d8WMr51FeY.roa
Signing time:             Fri 27 Mar 2026 02:29:17 +0000
ROA not before:           Fri 27 Mar 2026 02:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a06:9801::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2d:1f:e4:6b:42:c0:36:3f:c3:b7:38:f9:0e:32:56:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 27 02:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ed9c7c34b2731fd5f72e6d2e1df1632be7515e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:99:44:7f:d0:53:31:38:ad:ce:ce:d0:4d:80:
                    7e:92:d2:47:87:5f:17:10:d1:e6:aa:be:58:56:a8:
                    c0:54:b8:58:22:fd:fb:81:08:ed:35:bf:8c:f9:9c:
                    2c:8b:7b:d2:0e:a4:75:9c:37:16:e4:a8:d0:3e:67:
                    dd:dd:61:81:2b:fc:ea:06:41:9e:f1:dd:8f:f3:45:
                    da:a0:22:ee:91:4f:f8:f9:75:0d:85:59:20:16:b7:
                    50:f0:8f:4b:07:79:3b:53:cd:ae:c0:b3:14:ae:ca:
                    5a:91:90:29:28:8e:3b:5d:bd:a0:6d:a7:ab:d5:6d:
                    bb:43:58:15:bd:22:1c:a7:a8:a3:a9:cc:8d:fe:ce:
                    ed:d8:3c:e8:dc:04:94:98:40:57:0d:9f:f6:43:43:
                    49:3f:6d:77:33:15:5d:07:8a:42:db:29:c3:0f:e1:
                    89:bf:7e:a9:ec:32:24:89:06:06:88:97:49:52:eb:
                    f6:d3:3a:99:c8:25:a1:d3:a2:84:e5:23:f1:ab:0f:
                    f1:e9:1f:3b:85:8e:a8:a5:10:af:e9:2f:1d:ca:d2:
                    a0:bf:6c:2d:a8:af:3b:26:2a:94:2a:fa:6c:56:02:
                    40:96:cc:be:ab:50:01:cd:40:d7:42:7d:d1:df:ce:
                    3d:5f:26:50:27:96:c8:42:f4:59:44:97:bb:e8:61:
                    33:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D9:C7:C3:4B:27:31:FD:5F:72:E6:D2:E1:DF:16:32:BE:75:15:E6
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ftnHw0snMf1fcubS4d8WMr51FeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:99:0c:66:21:c7:be:65:2b:97:67:2e:e9:79:68:87:3f:73:
         d3:cc:11:e6:16:bb:68:0d:7e:10:94:ae:49:65:40:e5:a1:0c:
         01:dd:e0:80:9d:bc:03:0b:79:15:eb:05:4a:41:ef:b2:25:60:
         bf:4f:ea:c1:d7:43:56:75:ba:26:c7:9d:07:8a:39:78:47:8d:
         54:40:82:32:04:17:66:2f:e0:07:0d:a8:63:c3:5d:d4:7d:76:
         b5:88:d9:6a:7a:32:df:45:a2:72:8f:5b:2a:a1:a3:24:d5:26:
         86:5d:f4:2e:48:7a:2e:5e:72:d2:01:01:61:68:4f:da:4d:52:
         e8:f6:97:17:e9:94:3d:ce:c3:71:10:11:25:28:8f:fc:3a:46:
         d6:0b:83:e0:30:ec:c1:40:5c:c7:60:10:ed:46:a1:af:59:5f:
         0d:5e:61:22:7d:9f:fa:76:eb:58:f3:38:44:c5:5a:eb:3b:f4:
         4b:ed:3e:51:82:24:3d:c8:8c:18:2e:c7:f2:47:70:ac:b2:a6:
         b4:d5:30:f3:1a:dd:1f:df:39:f1:43:b0:8b:27:fa:75:c0:c2:
         e5:b0:cb:0d:a2:c6:03:69:c8:92:c8:fd:5a:da:ee:31:db:1f:
         f7:b6:bd:de:2c:ac:38:1a:29:38:84:3f:55:20:5e:86:85:3c:
         29:89:67:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0tH+RrQsA2P8O3OPkOMlbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzI3MDIyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ5YzdjMzRiMjczMWZkNWY3MmU2ZDJlMWRmMTYzMmJlNzUxNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5lEf9BTMTitzs7QTYB+ktJHh18X
ENHmqr5YVqjAVLhYIv37gQjtNb+M+Zwsi3vSDqR1nDcW5KjQPmfd3WGBK/zqBkGe
8d2P80XaoCLukU/4+XUNhVkgFrdQ8I9LB3k7U82uwLMUrspakZApKI47Xb2gbaer
1W27Q1gVvSIcp6ijqcyN/s7t2Dzo3ASUmEBXDZ/2Q0NJP213MxVdB4pC2ynDD+GJ
v36p7DIkiQYGiJdJUuv20zqZyCWh06KE5SPxqw/x6R87hY6opRCv6S8dytKgv2wt
qK87JiqUKvpsVgJAlsy+q1ABzUDXQn3R3849XyZQJ5bIQvRZRJe76GEzTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH7Zx8NLJzH9X3Lm0uHfFjK+dRXmMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZnRuSHcwc25NZjFmY3ViUzRkOFdNcjUxRmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2mQxmIce+ZSuXZy7peWiHP3PTzBHmFrtoDX4Q
lK5JZUDloQwB3eCAnbwDC3kV6wVKQe+yJWC/T+rB10NWdbomx50Hijl4R41UQIIy
BBdmL+AHDahjw13UfXa1iNlqejLfRaJyj1sqoaMk1SaGXfQuSHouXnLSAQFhaE/a
TVLo9pcX6ZQ9zsNxEBElKI/8OkbWC4PgMOzBQFzHYBDtRqGvWV8NXmEifZ/6dutY
8zhExVrrO/RL7T5RgiQ9yIwYLsfyR3Cssqa01TDzGt0f3znxQ7CLJ/p1wMLlsMsN
osYDaciSyP1a2u4x2x/3tr3eLKw4Gik4hD9VIF6GhTwpiWf/
-----END CERTIFICATE-----