Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/DuzYgkEs04knp14es5isolXlouI.roa
File:                     DuzYgkEs04knp14es5isolXlouI.roa (raw, json)
Hash identifier:          +dDtaRVEm4sM6pn9xElEw7t5yrwQq1dwTNbiER2GBnE=
Subject key identifier:   0E:EC:D8:82:41:2C:D3:89:27:A7:5E:1E:B3:98:AC:A2:55:E5:A2:E2
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019CE24FFA36005208F46FA41677FA425704
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/DuzYgkEs04knp14es5isolXlouI.roa
Signing time:             Thu 12 Mar 2026 13:50:18 +0000
ROA not before:           Thu 12 Mar 2026 13:50:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35594
IP address blocks:        138.249.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:4f:fa:36:00:52:08:f4:6f:a4:16:77:fa:42:57:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar 12 13:50:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0eecd882412cd38927a75e1eb398aca255e5a2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a4:a7:23:a2:04:59:e7:33:98:74:b8:65:a2:
                    57:35:71:1e:9f:71:8e:06:22:65:af:7e:10:eb:6c:
                    fc:25:73:22:25:9e:9e:ed:f8:0a:d5:c2:07:72:0a:
                    ec:e2:40:48:80:5b:5a:a1:b6:65:43:08:54:db:30:
                    9a:8e:49:d9:a6:17:55:9a:3b:d0:a8:0b:86:7a:99:
                    23:13:04:c0:f4:57:21:34:28:da:c1:87:35:b5:59:
                    71:0b:51:2f:26:f2:98:64:ed:62:09:6f:30:9b:94:
                    5f:0f:6c:bf:cf:88:60:df:bc:35:6b:e5:6d:88:e2:
                    7d:92:7b:7b:de:cb:fa:54:f2:b3:c6:1f:75:19:00:
                    7c:15:4d:f5:39:6f:ae:be:0f:de:63:3e:ff:e9:28:
                    86:2b:5c:e6:01:7e:ea:38:3e:dd:e3:eb:77:60:a7:
                    9c:a4:0e:4e:47:91:23:9b:4c:bc:73:2d:f9:c9:48:
                    22:e8:e1:7c:26:1d:1e:72:9d:79:df:f9:32:f4:25:
                    4a:df:c2:0f:08:18:cc:88:7e:59:2b:7b:99:95:cf:
                    8b:99:35:b1:ae:29:bd:bf:b7:0c:2b:9a:f1:66:64:
                    b8:06:24:e6:f7:d5:cd:2d:88:fe:ad:52:0c:34:a9:
                    10:9d:27:91:6a:c6:b0:b0:72:9f:c9:ef:e8:f2:37:
                    54:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:EC:D8:82:41:2C:D3:89:27:A7:5E:1E:B3:98:AC:A2:55:E5:A2:E2
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/DuzYgkEs04knp14es5isolXlouI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:82:ab:f8:82:39:ff:ec:65:44:fe:9a:8d:01:dd:5c:2e:11:
         20:61:fb:35:a3:84:fa:06:25:f1:95:be:23:5d:49:85:67:58:
         55:f0:b9:43:99:8d:a0:b7:4e:e9:a5:c8:88:1a:52:60:c1:83:
         13:f6:4e:41:60:a9:7b:f8:c9:de:5d:51:63:ef:7b:89:03:18:
         bf:ba:ed:c0:aa:fd:19:35:89:c3:6a:ca:2d:77:6d:68:bf:cd:
         08:78:f3:57:f8:11:e2:05:58:ff:ae:fa:83:6c:cd:67:a1:79:
         9d:5b:10:f4:e3:31:ae:09:65:c9:48:30:48:03:43:18:e3:03:
         b8:b2:ee:46:54:eb:46:69:a8:5f:c8:09:00:c7:37:c7:ee:f3:
         f2:f2:3b:15:83:90:d6:24:d0:e3:d3:73:b3:ba:d3:2b:3a:2e:
         a9:6c:75:06:d2:37:09:fe:31:5b:aa:19:9b:9f:be:da:ef:fe:
         93:25:01:a5:ec:ab:a0:c5:74:78:8e:91:f3:79:cf:f0:79:d7:
         23:a6:1c:c1:fc:b4:fb:6c:80:cf:92:1f:16:70:89:d8:4a:b1:
         15:28:22:cf:07:e3:aa:7f:27:ca:84:19:22:d2:56:31:4d:8f:
         f7:0e:74:0d:c6:49:42:56:e0:85:73:9b:62:5d:d2:f1:13:b0:
         5e:6a:a9:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziT/o2AFII9G+kFnf6QlcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzEyMTM1MDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWVjZDg4MjQxMmNkMzg5MjdhNzVlMWViMzk4YWNhMjU1ZTVhMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6SnI6IEWeczmHS4ZaJXNXEen3GO
BiJlr34Q62z8JXMiJZ6e7fgK1cIHcgrs4kBIgFtaobZlQwhU2zCajknZphdVmjvQ
qAuGepkjEwTA9FchNCjawYc1tVlxC1EvJvKYZO1iCW8wm5RfD2y/z4hg37w1a+Vt
iOJ9knt73sv6VPKzxh91GQB8FU31OW+uvg/eYz7/6SiGK1zmAX7qOD7d4+t3YKec
pA5OR5Ejm0y8cy35yUgi6OF8Jh0ecp153/ky9CVK38IPCBjMiH5ZK3uZlc+LmTWx
rim9v7cMK5rxZmS4BiTm99XNLYj+rVIMNKkQnSeRasawsHKfye/o8jdUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7s2IJBLNOJJ6deHrOYrKJV5aLiMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvRHV6WWdrRXMwNGtucDE0ZXM1aXNvbFhsb3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivn2MA0G
CSqGSIb3DQEBCwUAA4IBAQCJgqv4gjn/7GVE/pqNAd1cLhEgYfs1o4T6BiXxlb4j
XUmFZ1hV8LlDmY2gt07ppciIGlJgwYMT9k5BYKl7+MneXVFj73uJAxi/uu3Aqv0Z
NYnDasotd21ov80IePNX+BHiBVj/rvqDbM1noXmdWxD04zGuCWXJSDBIA0MY4wO4
su5GVOtGaahfyAkAxzfH7vPy8jsVg5DWJNDj03OzutMrOi6pbHUG0jcJ/jFbqhmb
n77a7/6TJQGl7KugxXR4jpHzec/wedcjphzB/LT7bIDPkh8WcInYSrEVKCLPB+Oq
fyfKhBki0lYxTY/3DnQNxklCVuCFc5tiXdLxE7BeaqlX
-----END CERTIFICATE-----