Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/pizhYJ4zs9tgI22z1J406F_mIps.roa
File:                     pizhYJ4zs9tgI22z1J406F_mIps.roa (raw, json)
Hash identifier:          qx4VJrMM0/xDCca2bVCOiGZSDdojxdTIg2mqUQ7a9TU=
Subject key identifier:   A6:2C:E1:60:9E:33:B3:DB:60:23:6D:B3:D4:9E:34:E8:5F:E6:22:9B
Certificate issuer:       /CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
Certificate serial:       019DCE8E04428B87467F9A62D897AACFA261
Authority key identifier: D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/pizhYJ4zs9tgI22z1J406F_mIps.roa
Signing time:             Mon 27 Apr 2026 10:48:26 +0000
ROA not before:           Mon 27 Apr 2026 10:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f4c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:8e:04:42:8b:87:46:7f:9a:62:d8:97:aa:cf:a2:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
        Validity
            Not Before: Apr 27 10:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a62ce1609e33b3db60236db3d49e34e85fe6229b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d4:b8:a4:e1:21:8b:3b:2a:18:61:8b:a8:9c:
                    f8:d1:5f:0c:0e:90:07:ad:ec:f1:8e:d1:f5:9b:0c:
                    d9:f2:76:4f:1f:3b:7e:e6:85:e7:4c:c5:e9:a7:f4:
                    6e:f4:f5:64:90:1e:9a:19:4a:f3:c9:4c:45:25:aa:
                    6e:8b:ca:e3:ce:60:82:a1:f7:22:81:e1:4c:77:e6:
                    9a:65:15:d3:5a:54:47:00:46:b9:74:2e:c5:2b:c7:
                    0e:79:c9:18:2a:5c:82:8c:ae:e7:61:80:dc:d5:1b:
                    f6:f0:a4:16:22:9f:0b:1d:ac:f9:42:a2:85:84:4f:
                    f4:2a:27:67:b9:6a:25:42:0f:c4:3d:eb:e7:1d:35:
                    27:32:1f:fc:5c:e8:39:47:c9:32:14:95:d6:ea:8d:
                    86:26:ed:ce:c8:d8:fb:29:10:bb:51:a5:93:6e:de:
                    f7:0e:dd:d9:86:85:f6:9a:9d:25:29:09:0b:a4:33:
                    78:97:b5:a3:ea:ca:3c:ae:e5:f7:8e:b9:c6:34:f7:
                    5b:ac:1a:4e:40:02:e8:85:a3:b7:21:f8:ce:27:9c:
                    33:41:5d:e2:b8:65:0a:d7:18:83:7e:dd:36:75:c8:
                    8c:42:9e:e7:3f:30:52:a1:83:fa:4f:86:5a:21:9b:
                    30:de:17:74:15:0d:fd:19:33:e2:db:6f:70:f7:66:
                    e9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2C:E1:60:9E:33:B3:DB:60:23:6D:B3:D4:9E:34:E8:5F:E6:22:9B
            X509v3 Authority Key Identifier:
                keyid:D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/pizhYJ4zs9tgI22z1J406F_mIps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:75:80:3b:1c:9b:34:05:4b:ce:e2:56:77:2e:d2:09:09:c7:
         c8:64:8d:f4:48:8b:bb:71:9a:a1:90:49:c0:d2:e0:5a:29:09:
         1c:49:c5:b4:ae:57:c0:62:0d:37:bd:28:13:25:6c:29:46:7d:
         c6:e4:ad:69:ff:fb:31:0c:06:4b:a0:0d:ee:1c:8d:df:0a:5a:
         51:9b:f0:0f:6e:e8:ba:ef:12:d8:cd:4a:45:e3:04:1e:56:0f:
         09:4f:99:13:19:9a:1f:f7:20:87:70:cc:3a:b9:a8:da:78:23:
         c8:72:6a:10:e4:35:f5:6f:67:7b:78:66:f3:65:fa:dd:1c:7d:
         08:71:bb:98:ef:30:b2:54:4d:6b:19:b4:e0:85:7a:93:b0:83:
         21:c5:47:85:92:85:bc:b3:fb:16:8d:ea:5e:2e:c8:45:c4:5c:
         4c:0d:42:2a:85:50:39:e3:71:d3:63:f0:cb:49:be:13:b0:cc:
         39:36:b3:17:d0:d4:3c:76:87:25:3c:79:77:d8:31:e4:56:58:
         7e:16:59:35:81:99:3f:f0:b5:41:13:09:e5:6d:4d:ee:b1:c9:
         fb:fd:35:01:07:4f:1c:07:89:4c:08:d4:11:33:a1:e1:01:9e:
         f2:69:15:74:de:75:2b:7c:a6:1c:25:f4:1b:65:5a:4f:49:d8:
         d1:0e:5b:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3OjgRCi4dGf5pi2Jeqz6JhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MDEyZmFmOTgyNzVhZTRmM2Y4ZDg3ZjA4NGVlNGZmODQy
MGM0ODUwHhcNMjYwNDI3MTA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJjZTE2MDllMzNiM2RiNjAyMzZkYjNkNDllMzRlODVmZTYyMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdS4pOEhizsqGGGLqJz40V8MDpAH
rezxjtH1mwzZ8nZPHzt+5oXnTMXpp/Ru9PVkkB6aGUrzyUxFJapui8rjzmCCofci
geFMd+aaZRXTWlRHAEa5dC7FK8cOeckYKlyCjK7nYYDc1Rv28KQWIp8LHaz5QqKF
hE/0KidnuWolQg/EPevnHTUnMh/8XOg5R8kyFJXW6o2GJu3OyNj7KRC7UaWTbt73
Dt3ZhoX2mp0lKQkLpDN4l7Wj6so8ruX3jrnGNPdbrBpOQALohaO3IfjOJ5wzQV3i
uGUK1xiDft02dciMQp7nPzBSoYP6T4ZaIZsw3hd0FQ39GTPi229w92bpawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKYs4WCeM7PbYCNts9SeNOhf5iKbMB8GA1UdIwQY
MBaAFNgBL6+YJ1rk8/jYfwhO5P+EIMSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjIt
NmQ1NjBkZWJmN2IzLzEvcGl6aFlKNHpzOXRnSTIyejFKNDA2Rl9tSXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjItNmQ1NjBkZWJmN2Iz
LzEvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0wDAN
BgkqhkiG9w0BAQsFAAOCAQEAcnWAOxybNAVLzuJWdy7SCQnHyGSN9EiLu3GaoZBJ
wNLgWikJHEnFtK5XwGINN70oEyVsKUZ9xuStaf/7MQwGS6AN7hyN3wpaUZvwD27o
uu8S2M1KReMEHlYPCU+ZExmaH/cgh3DMOrmo2ngjyHJqEOQ19W9ne3hm82X63Rx9
CHG7mO8wslRNaxm04IV6k7CDIcVHhZKFvLP7Fo3qXi7IRcRcTA1CKoVQOeNx02Pw
y0m+E7DMOTazF9DUPHaHJTx5d9gx5FZYfhZZNYGZP/C1QRMJ5W1N7rHJ+/01AQdP
HAeJTAjUETOh4QGe8mkVdN51K3ymHCX0G2VaT0nY0Q5bmA==
-----END CERTIFICATE-----