Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wQWR1f10bdEnzzVaFx305m7Zujg.roa
File:                     wQWR1f10bdEnzzVaFx305m7Zujg.roa (raw, json)
Hash identifier:          UeppQY2H2LK3ogweAbNfGChix6WBMJBfEcltb5O4gpw=
Subject key identifier:   C1:05:91:D5:FD:74:6D:D1:27:CF:35:5A:17:1D:F4:E6:6E:D9:BA:38
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E79D734C58F4D417CE9BBCF4178A205F9
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wQWR1f10bdEnzzVaFx305m7Zujg.roa
Signing time:             Sat 30 May 2026 17:03:27 +0000
ROA not before:           Sat 30 May 2026 17:03:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:9801:214::/48 maxlen: 48
                          2a06:9801:280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:d7:34:c5:8f:4d:41:7c:e9:bb:cf:41:78:a2:05:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 30 17:03:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c10591d5fd746dd127cf355a171df4e66ed9ba38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b4:23:f9:07:2b:f5:e0:f2:84:7c:4a:5b:63:
                    df:76:6e:cd:dd:da:f3:fd:2c:0b:0b:3b:eb:5f:f3:
                    2d:2e:fe:7f:eb:0b:bc:b3:ee:96:58:55:70:75:2a:
                    3e:8a:8e:dd:41:b5:9c:7b:bc:15:6d:d3:1c:d8:6c:
                    96:36:79:b0:7d:a2:a0:e3:4a:fe:1b:d4:66:e3:55:
                    e1:6b:10:3b:94:e6:86:80:47:65:83:01:65:ca:77:
                    57:91:95:f2:d8:a1:17:73:73:00:70:cf:5c:48:bd:
                    ac:8c:a4:98:0f:fa:91:e8:a7:25:bb:ad:b5:d8:88:
                    42:f9:fe:b9:78:9e:68:27:14:28:d3:21:52:9f:72:
                    55:e2:2e:cd:92:d2:ca:67:5c:05:41:82:45:7c:fc:
                    94:b2:49:84:8c:56:b2:21:61:13:00:6e:ee:3d:36:
                    83:c4:b7:5d:e6:15:02:26:a8:2e:42:26:78:74:03:
                    6a:8f:a7:82:7e:42:8b:03:81:c8:28:66:dd:c5:af:
                    60:71:a2:60:1f:52:11:d7:53:06:92:4d:2d:0a:4e:
                    be:18:ba:82:07:f9:13:ff:14:aa:2e:f4:54:da:c5:
                    80:6b:f0:1a:55:8f:3c:35:0a:ed:6f:e5:fb:bf:d7:
                    69:6c:e4:9e:56:09:8e:c2:cb:db:f4:38:ee:34:b0:
                    70:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:05:91:D5:FD:74:6D:D1:27:CF:35:5A:17:1D:F4:E6:6E:D9:BA:38
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/wQWR1f10bdEnzzVaFx305m7Zujg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:214::/48
                  2a06:9801:280::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:31:7a:37:d4:73:45:65:0c:ae:b3:68:37:f4:91:f2:84:d5:
         ac:d6:38:6c:d1:06:20:d9:74:bc:be:16:ad:3f:68:f5:cb:07:
         4d:77:94:27:42:56:41:85:6d:e8:5c:db:da:a8:46:a6:c1:14:
         49:ae:07:d6:30:63:8f:e2:6b:b6:8d:7c:13:62:28:72:77:30:
         dc:25:39:c6:0f:8f:d7:cf:16:86:41:30:50:2c:22:d1:76:da:
         12:95:52:0c:75:41:f2:14:c2:cd:18:46:e4:db:8f:77:f0:40:
         e7:13:43:ea:ac:58:e2:12:27:b9:da:0b:ba:22:15:08:d2:8b:
         a5:2b:cd:84:c4:9c:3c:55:dd:8b:c2:4b:a1:1f:4b:69:94:48:
         b0:5b:49:93:a5:0a:3a:20:c2:5a:ab:31:55:92:4d:b3:f6:2a:
         88:0b:a0:9f:8f:e7:48:f3:0a:61:2a:8c:3d:ae:fa:7e:fa:19:
         ad:47:40:09:c3:f9:f3:e5:0e:a8:bd:8e:a9:d2:e6:59:28:de:
         7b:33:81:44:b7:db:d4:b3:cc:f1:f0:3e:b4:79:06:0d:ae:06:
         e0:af:cc:86:48:87:09:ff:9f:c4:45:1f:05:33:af:2c:8d:2e:
         8f:21:5b:16:b8:c0:a1:94:fa:67:aa:be:81:7f:79:d9:ac:a5:
         35:06:9d:96
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ551zTFj01BfOm7z0F4ogX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTMwMTcwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTA1OTFkNWZkNzQ2ZGQxMjdjZjM1NWExNzFkZjRlNjZlZDliYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7Qj+Qcr9eDyhHxKW2Pfdm7N3drz
/SwLCzvrX/MtLv5/6wu8s+6WWFVwdSo+io7dQbWce7wVbdMc2GyWNnmwfaKg40r+
G9Rm41XhaxA7lOaGgEdlgwFlyndXkZXy2KEXc3MAcM9cSL2sjKSYD/qR6Kclu621
2IhC+f65eJ5oJxQo0yFSn3JV4i7NktLKZ1wFQYJFfPyUskmEjFayIWETAG7uPTaD
xLdd5hUCJqguQiZ4dANqj6eCfkKLA4HIKGbdxa9gcaJgH1IR11MGkk0tCk6+GLqC
B/kT/xSqLvRU2sWAa/AaVY88NQrtb+X7v9dpbOSeVgmOwsvb9DjuNLBwbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMEFkdX9dG3RJ881Whcd9OZu2bo4MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvd1FXUjFmMTBiZEVuenpWYUZ4MzA1bTdadWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQIU
AwcAKgaYAQKAMA0GCSqGSIb3DQEBCwUAA4IBAQBiMXo31HNFZQyus2g39JHyhNWs
1jhs0QYg2XS8vhatP2j1ywdNd5QnQlZBhW3oXNvaqEamwRRJrgfWMGOP4mu2jXwT
YihydzDcJTnGD4/XzxaGQTBQLCLRdtoSlVIMdUHyFMLNGEbk24938EDnE0PqrFji
Eie52gu6IhUI0oulK82ExJw8Vd2LwkuhH0tplEiwW0mTpQo6IMJaqzFVkk2z9iqI
C6Cfj+dI8wphKow9rvp++hmtR0AJw/nz5Q6ovY6p0uZZKN57M4FEt9vUs8zx8D60
eQYNrgbgr8yGSIcJ/5/ERR8FM68sjS6PIVsWuMChlPpnqr6Bf3nZrKU1Bp2W
-----END CERTIFICATE-----