Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/eHAcRr4T7U8ZR4oZKRXSUjv9iuw.roa
File:                     eHAcRr4T7U8ZR4oZKRXSUjv9iuw.roa (raw, json)
Hash identifier:          VuNBMBSHOJTUsj6T7QM9bNksF6TWXe0P7LM+d85rGag=
Subject key identifier:   78:70:1C:46:BE:13:ED:4F:19:47:8A:19:29:15:D2:52:3B:FD:8A:EC
Certificate issuer:       /CN=232bbc6f51cce01aeaacba80f2d0d26412e47f93
Certificate serial:       019DE3B3F49766E1A9BA6D1E14945050C516
Authority key identifier: 23:2B:BC:6F:51:CC:E0:1A:EA:AC:BA:80:F2:D0:D2:64:12:E4:7F:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/eHAcRr4T7U8ZR4oZKRXSUjv9iuw.roa
Signing time:             Fri 01 May 2026 13:21:54 +0000
ROA not before:           Fri 01 May 2026 13:21:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60905
IP address blocks:        2a10:7bc0:0:1::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:b3:f4:97:66:e1:a9:ba:6d:1e:14:94:50:50:c5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232bbc6f51cce01aeaacba80f2d0d26412e47f93
        Validity
            Not Before: May  1 13:21:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78701c46be13ed4f19478a192915d2523bfd8aec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6a:5d:5c:22:94:89:dc:f2:54:b1:6e:71:8f:
                    b6:5a:6d:7a:52:08:65:78:e1:ee:0b:77:e1:d5:93:
                    cf:a6:82:68:23:cc:bb:7d:2e:cd:c7:23:82:d1:bb:
                    88:64:96:f6:d0:29:14:4d:05:5f:aa:85:6f:0b:27:
                    84:f9:f2:ff:f4:68:ae:5a:dc:d6:cc:76:b1:11:d6:
                    d6:8f:11:d2:53:5f:be:1f:67:e5:12:24:42:12:08:
                    21:52:99:df:d1:73:00:87:b6:48:90:cf:f5:bb:4d:
                    99:ca:3b:b9:9d:1f:1e:bc:6d:e8:db:cc:fe:d3:4c:
                    c9:ce:86:63:81:01:4a:3f:cc:d4:8d:94:ad:8b:a1:
                    65:bf:58:0a:fd:09:79:b9:5d:65:02:52:47:f8:7b:
                    d2:5d:0d:98:28:f1:eb:66:ca:74:59:df:4a:89:69:
                    5f:0b:0a:22:51:43:f6:6e:fa:d3:8d:70:7b:bb:e8:
                    df:70:99:41:76:cf:a4:4d:b3:47:31:88:13:8b:a2:
                    e6:af:3c:c7:db:ab:10:3d:bc:9c:ae:b8:0a:e6:b1:
                    34:0f:f1:22:8f:ba:50:84:df:40:05:ba:c0:58:d0:
                    a4:7d:1d:31:b3:6c:c8:78:84:5d:50:93:51:bb:84:
                    dd:ff:ef:c2:81:52:98:26:9f:4c:10:55:2e:cf:d4:
                    ca:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:70:1C:46:BE:13:ED:4F:19:47:8A:19:29:15:D2:52:3B:FD:8A:EC
            X509v3 Authority Key Identifier:
                keyid:23:2B:BC:6F:51:CC:E0:1A:EA:AC:BA:80:F2:D0:D2:64:12:E4:7F:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/eHAcRr4T7U8ZR4oZKRXSUjv9iuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7916e5-2463-4e0e-ba6d-5314accb0612/1/Iyu8b1HM4BrqrLqA8tDSZBLkf5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7bc0:0:1::/64

    Signature Algorithm: sha256WithRSAEncryption
         08:cc:f3:18:ec:92:44:03:a1:e6:c3:cd:06:dd:33:ec:76:06:
         b2:c4:6c:9a:22:d5:67:1f:7d:6e:85:f3:a0:30:4a:a5:71:01:
         78:46:de:09:a0:2d:2e:a6:9c:0d:8f:2b:40:c5:a7:fd:7f:c4:
         cf:16:05:ac:3f:ba:07:a1:a1:79:a8:2d:f6:75:e7:20:42:fb:
         e9:97:b6:a8:43:e0:33:29:9b:ab:f4:3e:0a:3a:42:5f:8f:19:
         1c:19:9d:53:06:bf:fb:d7:b8:54:bd:c2:6f:23:86:ba:45:bf:
         4a:ec:51:df:ed:84:16:cd:16:e7:16:63:d5:e2:34:2f:74:28:
         fb:8f:d2:ac:4c:ab:6c:3a:c3:f0:61:e3:1a:1e:a2:0e:8e:74:
         30:83:c6:1e:8a:77:bd:54:22:dd:5e:4d:48:79:e7:79:c6:ab:
         ce:10:5f:b1:ee:1c:4c:98:ea:81:7f:85:d3:6d:ef:b8:c3:60:
         00:9e:33:d4:30:6b:ff:fb:6d:2c:9b:42:a6:d4:bd:01:6a:f3:
         4c:29:5d:46:4f:a1:85:54:74:4d:50:69:25:cb:cc:07:57:d6:
         66:24:98:b1:f2:d1:9d:ef:e8:10:a6:e1:2d:86:cf:49:3a:d7:
         25:4f:ce:84:67:bc:2e:52:97:c9:3d:e4:f7:18:53:9a:d4:e9:
         2d:1b:1a:92
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZ3js/SXZuGpum0eFJRQUMUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMmJiYzZmNTFjY2UwMWFlYWFjYmE4MGYyZDBkMjY0MTJl
NDdmOTMwHhcNMjYwNTAxMTMyMTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODcwMWM0NmJlMTNlZDRmMTk0NzhhMTkyOTE1ZDI1MjNiZmQ4YWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmpdXCKUidzyVLFucY+2Wm16Ughl
eOHuC3fh1ZPPpoJoI8y7fS7NxyOC0buIZJb20CkUTQVfqoVvCyeE+fL/9GiuWtzW
zHaxEdbWjxHSU1++H2flEiRCEgghUpnf0XMAh7ZIkM/1u02Zyju5nR8evG3o28z+
00zJzoZjgQFKP8zUjZSti6Flv1gK/Ql5uV1lAlJH+HvSXQ2YKPHrZsp0Wd9KiWlf
CwoiUUP2bvrTjXB7u+jfcJlBds+kTbNHMYgTi6LmrzzH26sQPbycrrgK5rE0D/Ei
j7pQhN9ABbrAWNCkfR0xs2zIeIRdUJNRu4Td/+/CgVKYJp9MEFUuz9TK8QIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFHhwHEa+E+1PGUeKGSkV0lI7/YrsMB8GA1UdIwQY
MBaAFCMrvG9RzOAa6qy6gPLQ0mQS5H+TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXl1OGIxSE00QnJxckxxQTh0RFNaQkxrZjVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny83OTE2ZTUtMjQ2My00ZTBlLWJhNmQt
NTMxNGFjY2IwNjEyLzEvZUhBY1JyNFQ3VThaUjRvWktSWFNVanY5aXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny83OTE2ZTUtMjQ2My00ZTBlLWJhNmQtNTMxNGFjY2IwNjEy
LzEvSXl1OGIxSE00QnJxckxxQTh0RFNaQkxrZjVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKhB7wAAA
AAEwDQYJKoZIhvcNAQELBQADggEBAAjM8xjskkQDoebDzQbdM+x2BrLEbJoi1Wcf
fW6F86AwSqVxAXhG3gmgLS6mnA2PK0DFp/1/xM8WBaw/ugehoXmoLfZ15yBC++mX
tqhD4DMpm6v0Pgo6Ql+PGRwZnVMGv/vXuFS9wm8jhrpFv0rsUd/thBbNFucWY9Xi
NC90KPuP0qxMq2w6w/Bh4xoeog6OdDCDxh6Kd71UIt1eTUh553nGq84QX7HuHEyY
6oF/hdNt77jDYACeM9Qwa//7bSybQqbUvQFq80wpXUZPoYVUdE1QaSXLzAdX1mYk
mLHy0Z3v6BCm4S2Gz0k61yVPzoRnvC5Sl8k95PcYU5rU6S0bGpI=
-----END CERTIFICATE-----