Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/VRJ4Vc94OyT64lapMXpmOD1B3Wc.roa
File:                     VRJ4Vc94OyT64lapMXpmOD1B3Wc.roa (raw, json)
Hash identifier:          Ky32PchK8c9vLn0orEiQizK102tpl+arDsTOuP7+gVU=
Subject key identifier:   55:12:78:55:CF:78:3B:24:FA:E2:56:A9:31:7A:66:38:3D:41:DD:67
Certificate issuer:       /CN=f5056dabb9a47010cd1b4ef274bc3d2f4a59e93a
Certificate serial:       019D49ABA35036A1FC1FD1C47930BF1DBE23
Authority key identifier: F5:05:6D:AB:B9:A4:70:10:CD:1B:4E:F2:74:BC:3D:2F:4A:59:E9:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/VRJ4Vc94OyT64lapMXpmOD1B3Wc.roa
Signing time:             Wed 01 Apr 2026 15:31:18 +0000
ROA not before:           Wed 01 Apr 2026 15:31:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21534
IP address blocks:        2a05:4200:7::/48 maxlen: 48
                          2a05:4200:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:49:ab:a3:50:36:a1:fc:1f:d1:c4:79:30:bf:1d:be:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5056dabb9a47010cd1b4ef274bc3d2f4a59e93a
        Validity
            Not Before: Apr  1 15:31:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55127855cf783b24fae256a9317a66383d41dd67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:c0:27:5b:bb:23:ef:5d:11:a1:36:ce:8c:
                    28:dc:43:f1:29:97:ea:23:10:9a:7c:23:68:6e:52:
                    9a:40:3d:bc:ee:bb:2e:d1:d0:83:c7:0e:ba:be:77:
                    75:d2:bf:46:a8:73:2a:30:9b:c2:bc:92:65:de:91:
                    dc:3d:40:71:64:43:ac:e2:77:6d:d3:19:80:c1:d3:
                    c8:70:1f:25:61:9c:24:b7:ca:ed:66:cc:f3:bf:b4:
                    72:d3:b4:41:75:17:7d:b3:1d:66:a5:b0:86:55:5d:
                    b9:23:07:f7:b2:ee:34:84:60:eb:a6:eb:d7:2b:5b:
                    c3:f5:7d:f5:69:85:98:22:68:0e:9e:4a:53:bb:7a:
                    a7:4c:97:87:21:bd:d2:4a:4e:a1:fb:c8:56:50:16:
                    40:0d:fa:47:f9:f1:4a:04:ba:da:ef:19:ff:9e:01:
                    ff:1e:b2:11:6f:41:c9:22:49:7f:fc:1a:6f:99:67:
                    ac:b2:69:07:2d:81:2e:7b:39:d3:e6:c1:55:1e:1b:
                    db:6c:69:cc:f6:51:e1:5f:8d:ed:89:d5:a8:fc:9f:
                    ee:35:29:62:5b:30:b2:87:cc:4d:a2:c2:66:a6:5e:
                    26:49:22:fc:13:d0:db:69:40:70:90:db:58:b4:da:
                    42:88:c6:cb:b7:f5:52:09:ee:5f:15:dc:ff:35:d6:
                    c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:12:78:55:CF:78:3B:24:FA:E2:56:A9:31:7A:66:38:3D:41:DD:67
            X509v3 Authority Key Identifier:
                keyid:F5:05:6D:AB:B9:A4:70:10:CD:1B:4E:F2:74:BC:3D:2F:4A:59:E9:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/VRJ4Vc94OyT64lapMXpmOD1B3Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4200:7::/48
                  2a05:4200:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:61:a0:ae:25:a2:a8:c2:41:e2:3c:ed:9d:85:a3:8a:8c:16:
         63:2f:10:f9:77:6d:4e:fb:39:12:42:72:6e:af:9d:c6:d7:9f:
         04:53:36:83:4e:26:c3:c9:d9:ee:e2:ce:a4:80:f0:ef:21:f6:
         6a:14:f2:ec:e8:b2:1c:0d:3e:25:94:4f:44:a4:dd:1c:08:4c:
         3c:4f:a0:aa:20:33:b8:b2:ed:dd:67:a9:7c:6f:43:a3:90:ed:
         fb:1d:df:9e:05:ce:df:9c:63:83:76:a0:fe:0f:7c:51:20:78:
         b2:5e:6e:e6:2a:62:74:f7:4b:34:1e:5d:97:4d:05:36:74:ea:
         25:70:63:61:0b:dd:9f:5c:fe:7a:1d:d3:6c:e1:42:72:22:7d:
         74:e2:67:62:1d:36:89:b6:84:85:58:39:bf:81:27:22:bc:6d:
         48:ea:85:a2:98:52:a0:6b:61:4f:86:c5:22:b0:6f:bc:29:7d:
         c3:03:1d:b5:5b:f3:d5:31:0f:54:04:76:d3:47:4b:17:0f:2c:
         6b:0a:1d:cd:c1:61:4d:e6:03:e2:27:07:c0:07:02:3a:d2:f9:
         01:13:1c:76:9c:1d:8d:1f:02:49:61:c0:2f:16:2c:7b:45:34:
         ee:9f:6f:0d:ac:36:56:4c:8d:25:7f:43:d1:6b:e8:0e:d5:b8:
         92:a1:3a:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1Jq6NQNqH8H9HEeTC/Hb4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MDU2ZGFiYjlhNDcwMTBjZDFiNGVmMjc0YmMzZDJmNGE1
OWU5M2EwHhcNMjYwNDAxMTUzMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTEyNzg1NWNmNzgzYjI0ZmFlMjU2YTkzMTdhNjYzODNkNDFkZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZDAJ1u7I+9dEaE2zowo3EPxKZfq
IxCafCNoblKaQD287rsu0dCDxw66vnd10r9GqHMqMJvCvJJl3pHcPUBxZEOs4ndt
0xmAwdPIcB8lYZwkt8rtZszzv7Ry07RBdRd9sx1mpbCGVV25Iwf3su40hGDrpuvX
K1vD9X31aYWYImgOnkpTu3qnTJeHIb3SSk6h+8hWUBZADfpH+fFKBLra7xn/ngH/
HrIRb0HJIkl//BpvmWessmkHLYEueznT5sFVHhvbbGnM9lHhX43tidWo/J/uNSli
WzCyh8xNosJmpl4mSSL8E9DbaUBwkNtYtNpCiMbLt/VSCe5fFdz/NdbJRQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFUSeFXPeDsk+uJWqTF6Zjg9Qd1nMB8GA1UdIwQY
MBaAFPUFbau5pHAQzRtO8nS8PS9KWek6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVFWdHE3bWtjQkRORzA3eWRMdzlMMHBaNlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wYWM0NjMtODY4Yy00MTE1LWI1ODMt
ZGUwZWM3NmE0NjcyLzEvVlJKNFZjOTRPeVQ2NGxhcE1YcG1PRDFCM1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wYWM0NjMtODY4Yy00MTE1LWI1ODMtZGUwZWM3NmE0Njcy
LzEvOVFWdHE3bWtjQkRORzA3eWRMdzlMMHBaNlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgVCAAAH
AwcAKgVCAAAOMA0GCSqGSIb3DQEBCwUAA4IBAQBEYaCuJaKowkHiPO2dhaOKjBZj
LxD5d21O+zkSQnJur53G158EUzaDTibDydnu4s6kgPDvIfZqFPLs6LIcDT4llE9E
pN0cCEw8T6CqIDO4su3dZ6l8b0OjkO37Hd+eBc7fnGODdqD+D3xRIHiyXm7mKmJ0
90s0Hl2XTQU2dOolcGNhC92fXP56HdNs4UJyIn104mdiHTaJtoSFWDm/gScivG1I
6oWimFKga2FPhsUisG+8KX3DAx21W/PVMQ9UBHbTR0sXDyxrCh3NwWFN5gPiJwfA
BwI60vkBExx2nB2NHwJJYcAvFix7RTTun28NrDZWTI0lf0PRa+gO1biSoTou
-----END CERTIFICATE-----