Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6MXXtALhDGTRZ7Uf0QMN6tX7WoY.roa
File:                     6MXXtALhDGTRZ7Uf0QMN6tX7WoY.roa (raw, json)
Hash identifier:          Z8T0bwqJ7j++Dy+kFV91REIehWQ6FUI0Mm3WilKf/RM=
Subject key identifier:   E8:C5:D7:B4:02:E1:0C:64:D1:67:B5:1F:D1:03:0D:EA:D5:FB:5A:86
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019CD937B16C1C0F6EFDE2853FA5AE8048B1
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6MXXtALhDGTRZ7Uf0QMN6tX7WoY.roa
Signing time:             Tue 10 Mar 2026 19:27:11 +0000
ROA not before:           Tue 10 Mar 2026 19:27:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:19c0::/32 maxlen: 32
                          2a11:ec3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d9:37:b1:6c:1c:0f:6e:fd:e2:85:3f:a5:ae:80:48:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 10 19:27:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8c5d7b402e10c64d167b51fd1030dead5fb5a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:89:15:0f:ca:e4:db:e7:65:58:b7:c7:b9:3b:
                    50:75:39:72:be:72:fa:f1:dc:eb:ca:30:a5:e1:35:
                    5a:0a:2f:8b:2e:e2:ee:27:df:01:97:91:5a:1d:6f:
                    0d:d3:e4:87:42:d3:f1:89:a8:8e:3a:41:21:86:3e:
                    f2:53:a6:4f:bf:3f:0e:d4:a5:07:5a:42:4d:f6:56:
                    27:ba:5f:33:ca:f5:36:0d:94:95:d2:90:8d:87:7f:
                    fb:90:9a:bc:75:b8:52:20:98:e3:64:07:aa:01:65:
                    52:e5:25:04:7d:7c:4c:bc:72:37:ee:c6:c4:34:9d:
                    d0:74:16:ac:98:a9:2a:27:f2:9c:2b:46:ae:f7:c6:
                    c7:c1:e5:1d:64:bd:ce:2b:9a:c2:54:a5:f5:cb:9c:
                    6d:b1:ad:77:c3:99:1c:45:bd:39:82:d6:a8:7f:19:
                    f5:c7:a6:52:79:b6:2a:79:02:0e:ca:52:45:56:83:
                    ae:7c:0b:7e:e0:8f:f1:5c:58:d1:d4:19:15:92:73:
                    9d:57:61:fb:a9:00:3a:cb:e4:d9:25:f8:22:dd:39:
                    f7:35:b8:7b:65:55:7c:99:a3:3c:10:e7:65:ef:c8:
                    55:15:c1:fa:04:65:12:28:5b:e8:d5:6a:af:c8:92:
                    94:e4:74:67:5e:68:bf:63:0c:68:70:2a:b5:3c:cc:
                    d3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C5:D7:B4:02:E1:0C:64:D1:67:B5:1F:D1:03:0D:EA:D5:FB:5A:86
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6MXXtALhDGTRZ7Uf0QMN6tX7WoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:19c0::/32
                  2a11:ec3::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:d9:5f:ec:43:7a:21:c9:58:7b:54:48:a6:c3:65:2a:ce:3d:
         d8:1a:a2:eb:87:b0:af:93:21:31:54:02:a7:74:44:48:37:f0:
         f0:c5:38:23:d4:fe:5f:9b:15:d3:37:73:de:56:27:36:5d:1c:
         cd:f6:78:48:79:3e:3e:3d:eb:49:86:fd:85:1c:90:9c:09:c6:
         f6:f9:34:7d:92:f9:f7:77:b9:8e:4c:87:f9:23:5f:8b:f1:56:
         9f:78:76:88:37:ff:20:15:45:aa:56:dd:fa:a7:b6:5a:b0:46:
         da:f2:68:a3:87:f8:00:f7:d2:43:9f:39:79:6e:45:61:cb:dd:
         67:ad:b9:f6:e8:19:33:57:3d:7b:53:40:77:73:6f:18:59:af:
         40:67:61:21:4e:e4:35:de:bd:d5:d3:53:9a:a0:25:d9:b4:41:
         13:69:81:02:50:4d:b1:6e:af:e9:9d:02:a8:ff:5a:00:f1:12:
         f1:b6:8f:26:33:82:9b:a3:ec:bd:67:e9:da:16:3d:49:24:a3:
         94:92:15:c8:8e:ae:a4:de:bf:ab:b4:5a:61:d5:dd:24:37:ee:
         60:af:bf:c2:94:fc:1e:a9:57:ed:31:3f:d2:23:ca:7c:78:a2:
         2f:ae:6c:e9:a9:8a:fc:85:37:ec:bb:62:26:81:fc:c8:9b:d2:
         9c:2c:ff:a5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZzZN7FsHA9u/eKFP6WugEixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzEwMTkyNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGM1ZDdiNDAyZTEwYzY0ZDE2N2I1MWZkMTAzMGRlYWQ1ZmI1YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYkVD8rk2+dlWLfHuTtQdTlyvnL6
8dzryjCl4TVaCi+LLuLuJ98Bl5FaHW8N0+SHQtPxiaiOOkEhhj7yU6ZPvz8O1KUH
WkJN9lYnul8zyvU2DZSV0pCNh3/7kJq8dbhSIJjjZAeqAWVS5SUEfXxMvHI37sbE
NJ3QdBasmKkqJ/KcK0au98bHweUdZL3OK5rCVKX1y5xtsa13w5kcRb05gtaofxn1
x6ZSebYqeQIOylJFVoOufAt+4I/xXFjR1BkVknOdV2H7qQA6y+TZJfgi3Tn3Nbh7
ZVV8maM8EOdl78hVFcH6BGUSKFvo1WqvyJKU5HRnXmi/YwxocCq1PMzTuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOjF17QC4Qxk0We1H9EDDerV+1qGMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvNk1YWHRBTGhER1RSWjdVZjBRTU42dFg3V29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg4ZwAMF
ACoRDsMwDQYJKoZIhvcNAQELBQADggEBAFfZX+xDeiHJWHtUSKbDZSrOPdgaouuH
sK+TITFUAqd0REg38PDFOCPU/l+bFdM3c95WJzZdHM32eEh5Pj4960mG/YUckJwJ
xvb5NH2S+fd3uY5Mh/kjX4vxVp94dog3/yAVRapW3fqntlqwRtryaKOH+AD30kOf
OXluRWHL3WetufboGTNXPXtTQHdzbxhZr0BnYSFO5DXevdXTU5qgJdm0QRNpgQJQ
TbFur+mdAqj/WgDxEvG2jyYzgpuj7L1n6doWPUkko5SSFciOrqTev6u0WmHV3SQ3
7mCvv8KU/B6pV+0xP9Ijynx4oi+ubOmpivyFN+y7YiaB/Mib0pws/6U=
-----END CERTIFICATE-----