Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NjqAS56phIFTEiKBVTRmrN3WBY8.roa
File:                     NjqAS56phIFTEiKBVTRmrN3WBY8.roa (raw, json)
Hash identifier:          umrFlXJkBxsfwL4GX6/fEeuG83MP4Q8vA7igYpxacmI=
Subject key identifier:   36:3A:80:4B:9E:A9:84:81:53:12:22:81:55:34:66:AC:DD:D6:05:8F
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019C05ABC9F0EF64BEA50374712102C335E8
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NjqAS56phIFTEiKBVTRmrN3WBY8.roa
Signing time:             Wed 28 Jan 2026 17:34:30 +0000
ROA not before:           Wed 28 Jan 2026 17:34:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44636
IP address blocks:        2a01:ecc0:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Feb 2026 09:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:05:ab:c9:f0:ef:64:be:a5:03:74:71:21:02:c3:35:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan 28 17:34:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=363a804b9ea9848153122281553466acddd6058f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4a:46:77:b0:fe:51:60:78:41:4f:9c:d4:f1:
                    a3:8a:20:56:ce:26:17:90:e2:bc:8c:f8:05:ad:13:
                    19:e4:2b:8d:4b:40:6c:c8:b1:5d:dd:69:44:5e:dc:
                    55:ee:69:6e:f7:b1:c6:4d:e1:a5:10:28:9d:51:b6:
                    fd:94:f6:9a:df:bd:0c:d2:41:a3:87:d5:e1:91:4b:
                    6c:00:9a:4c:42:31:be:0a:db:8c:c4:5d:c9:b9:15:
                    8c:e9:0f:10:05:69:51:67:51:ef:24:8a:2a:c7:fe:
                    aa:8b:4c:69:24:69:15:3e:c9:e6:98:75:ff:09:4d:
                    0e:f4:12:0c:96:5b:27:d1:65:2d:8d:a5:bf:bc:7f:
                    6b:84:f6:a9:33:e8:a0:bf:4a:7c:c6:10:09:c1:c2:
                    a5:27:20:e9:eb:71:2e:06:11:c5:ab:c1:39:b9:aa:
                    6a:a9:12:be:aa:be:1d:49:e5:7e:3d:4e:1b:be:96:
                    9a:ac:15:ec:f1:33:d7:71:7d:e7:e1:0e:be:0a:2e:
                    92:44:24:17:f6:96:47:f7:d2:a9:68:b3:53:7e:e0:
                    d9:51:6d:60:b5:83:77:f6:91:8a:8b:35:01:41:00:
                    dd:37:6b:94:94:3c:cc:52:06:5f:6e:a2:8d:09:15:
                    4a:50:e1:89:7d:fb:b5:ba:f3:ab:b2:45:80:29:dd:
                    81:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3A:80:4B:9E:A9:84:81:53:12:22:81:55:34:66:AC:DD:D6:05:8F
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NjqAS56phIFTEiKBVTRmrN3WBY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:b8:29:0f:1a:5c:fc:da:cd:1e:3d:f0:ea:48:6a:66:8d:f7:
         ab:fd:1a:d0:0f:29:c6:5f:d1:e2:47:44:37:79:02:05:7a:5d:
         38:87:e7:64:99:dc:67:48:e1:c6:29:f3:82:54:6b:64:e1:b0:
         5a:1a:12:35:9a:75:1e:4d:8b:a4:76:02:d3:5b:73:96:98:0b:
         30:79:2c:c1:5e:26:54:e9:49:93:80:9f:d6:9d:86:08:7d:be:
         bb:6a:01:41:aa:27:5e:9b:7c:6c:49:6d:98:52:74:60:e8:40:
         ed:9d:6f:4b:b9:2b:2c:b2:d8:2b:96:28:15:de:75:29:9c:76:
         38:4e:97:ca:73:c7:2b:63:98:31:e8:5c:20:44:bb:99:b4:d3:
         35:b7:1f:06:38:de:00:7c:88:e6:a3:d0:79:6f:c0:2e:1e:7d:
         39:a0:c2:f5:c3:67:55:bb:2b:3a:35:4d:f1:06:89:43:65:85:
         b7:b0:d7:19:8d:ce:a5:bf:23:90:84:44:88:e6:77:25:bc:5e:
         e8:d3:48:0a:36:89:4b:6a:26:2f:d6:1f:8f:2c:1a:53:2f:36:
         99:36:01:8e:27:f8:e8:70:79:ae:09:29:9c:b6:32:eb:53:af:
         ae:f5:49:59:f0:40:3f:9e:cf:a5:c1:92:0c:c9:9c:c4:53:ea:
         8c:4d:09:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwFq8nw72S+pQN0cSECwzXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwMTI4MTczNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNhODA0YjllYTk4NDgxNTMxMjIyODE1NTM0NjZhY2RkZDYwNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kpGd7D+UWB4QU+c1PGjiiBWziYX
kOK8jPgFrRMZ5CuNS0BsyLFd3WlEXtxV7mlu97HGTeGlECidUbb9lPaa370M0kGj
h9XhkUtsAJpMQjG+CtuMxF3JuRWM6Q8QBWlRZ1HvJIoqx/6qi0xpJGkVPsnmmHX/
CU0O9BIMllsn0WUtjaW/vH9rhPapM+igv0p8xhAJwcKlJyDp63EuBhHFq8E5uapq
qRK+qr4dSeV+PU4bvpaarBXs8TPXcX3n4Q6+Ci6SRCQX9pZH99KpaLNTfuDZUW1g
tYN39pGKizUBQQDdN2uUlDzMUgZfbqKNCRVKUOGJffu1uvOrskWAKd2BgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDY6gEueqYSBUxIigVU0Zqzd1gWPMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvTmpxQVM1NnBoSUZURWlLQlZUUm1yTjNXQlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHswAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBPuCkPGlz82s0ePfDqSGpmjfer/RrQDynGX9Hi
R0Q3eQIFel04h+dkmdxnSOHGKfOCVGtk4bBaGhI1mnUeTYukdgLTW3OWmAsweSzB
XiZU6UmTgJ/WnYYIfb67agFBqidem3xsSW2YUnRg6EDtnW9LuSssstgrligV3nUp
nHY4TpfKc8crY5gx6FwgRLuZtNM1tx8GON4AfIjmo9B5b8AuHn05oML1w2dVuys6
NU3xBolDZYW3sNcZjc6lvyOQhESI5nclvF7o00gKNolLaiYv1h+PLBpTLzaZNgGO
J/jocHmuCSmctjLrU6+u9UlZ8EA/ns+lwZIMyZzEU+qMTQm9
-----END CERTIFICATE-----