Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/undnEge0qeA9q4RyIyBahaa9u-E.roa
File:                     undnEge0qeA9q4RyIyBahaa9u-E.roa (raw, json)
Hash identifier:          fAF0a35Tv+WeS0uNHyWQe9WUupVmmjemyKo868JNT1Q=
Subject key identifier:   BA:77:67:12:07:B4:A9:E0:3D:AB:84:72:23:20:5A:85:A6:BD:BB:E1
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       019ECF1C388A94E5912A27927D4690C8307A
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/undnEge0qeA9q4RyIyBahaa9u-E.roa
Signing time:             Tue 16 Jun 2026 06:26:33 +0000
ROA not before:           Tue 16 Jun 2026 06:26:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42474
IP address blocks:        2a06:dd01::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 12:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:1c:38:8a:94:e5:91:2a:27:92:7d:46:90:c8:30:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jun 16 06:26:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba77671207b4a9e03dab847223205a85a6bdbbe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7f:61:29:40:e9:28:0b:b0:3a:ee:3f:18:1a:
                    61:50:02:ce:dd:6d:d8:2e:77:b9:d9:03:0b:02:26:
                    a1:71:03:fb:10:fa:24:e2:93:64:f9:38:ba:45:94:
                    dd:02:e1:e7:d4:9e:77:cd:eb:4b:e2:d0:08:76:c2:
                    31:e7:d9:13:89:8c:6a:54:ef:0e:6b:87:74:4c:e0:
                    71:25:1b:e9:00:de:d6:67:a3:b2:65:b5:b4:9f:70:
                    6e:8f:d7:17:56:92:32:4a:90:50:41:56:ae:f4:da:
                    26:67:b1:93:27:33:6c:dd:20:96:24:b9:b9:9b:ec:
                    04:ea:53:dc:a2:87:27:a0:5e:50:8a:03:a0:3a:92:
                    2a:ec:09:48:3c:b7:39:49:46:5e:e3:a5:aa:fb:8b:
                    07:b4:7c:a8:be:a0:48:20:f2:31:01:f3:c5:58:aa:
                    93:4a:d3:5d:a4:41:f4:b1:62:a0:fd:a2:ee:21:70:
                    01:cb:bc:10:a7:e1:36:eb:56:27:c8:16:57:49:bc:
                    79:db:dc:47:85:a9:d5:c1:5a:37:31:8e:80:55:bb:
                    36:09:e6:94:80:78:58:ed:de:ec:37:66:4e:22:65:
                    a4:24:00:63:1b:1b:9e:82:e0:9d:d9:41:29:ba:2c:
                    74:db:d1:06:7c:96:d1:6d:01:a2:93:57:66:aa:69:
                    47:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:77:67:12:07:B4:A9:E0:3D:AB:84:72:23:20:5A:85:A6:BD:BB:E1
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/undnEge0qeA9q4RyIyBahaa9u-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:dd01::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:ea:0c:59:48:77:05:cb:9b:1b:42:54:ad:c2:08:c2:44:c9:
         5b:6d:56:b0:f0:72:84:93:3c:f5:50:ae:64:13:04:79:cf:0a:
         ea:a6:bd:60:bf:02:13:02:80:b4:4c:44:fb:c5:2c:87:65:92:
         5a:82:6b:02:c2:7e:d8:6a:5a:be:e5:e2:ad:ab:86:66:a7:1e:
         9e:80:7a:94:f1:bd:48:f5:14:fe:d0:88:3a:a1:bf:45:23:2f:
         7e:34:d5:e4:29:37:3a:2d:0e:16:ee:63:99:f0:cf:28:72:9a:
         c9:e2:48:83:d6:c0:4b:ab:b8:72:7f:cf:41:ac:51:b7:cf:08:
         77:95:f8:51:51:f7:7e:0f:a4:33:40:26:8c:07:b7:8c:f8:cb:
         aa:b9:d6:93:8e:3c:6a:0d:d7:fe:87:60:ab:f3:d2:82:9c:d0:
         23:38:d9:c0:29:dc:92:2e:27:4e:6e:f7:f8:ea:f6:c1:2e:c4:
         56:2f:8f:74:06:ed:a1:d0:4e:a3:cd:af:a9:88:3a:90:64:e5:
         80:77:ac:54:eb:9e:81:87:9e:82:c2:e8:d2:04:ac:78:92:5d:
         88:57:fa:5d:18:64:49:11:2f:a4:d0:a1:d0:48:30:f6:3b:6e:
         e9:fe:a6:d9:45:f9:18:7c:c0:e4:1a:0e:3f:ec:9f:79:27:a7:
         ba:e9:e6:f8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ7PHDiKlOWRKieSfUaQyDB6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjYwNjE2MDYyNjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc3NjcxMjA3YjRhOWUwM2RhYjg0NzIyMzIwNWE4NWE2YmRiYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw39hKUDpKAuwOu4/GBphUALO3W3Y
Lne52QMLAiahcQP7EPok4pNk+Ti6RZTdAuHn1J53zetL4tAIdsIx59kTiYxqVO8O
a4d0TOBxJRvpAN7WZ6OyZbW0n3Buj9cXVpIySpBQQVau9NomZ7GTJzNs3SCWJLm5
m+wE6lPcoocnoF5QigOgOpIq7AlIPLc5SUZe46Wq+4sHtHyovqBIIPIxAfPFWKqT
StNdpEH0sWKg/aLuIXABy7wQp+E261YnyBZXSbx529xHhanVwVo3MY6AVbs2CeaU
gHhY7d7sN2ZOImWkJABjGxueguCd2UEpuix029EGfJbRbQGik1dmqmlHMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLp3ZxIHtKngPauEciMgWoWmvbvhMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvdW5kbkVnZTBxZUE5cTRSeUl5QmFoYWE5dS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbdATAN
BgkqhkiG9w0BAQsFAAOCAQEAAOoMWUh3BcubG0JUrcIIwkTJW21WsPByhJM89VCu
ZBMEec8K6qa9YL8CEwKAtExE+8Ush2WSWoJrAsJ+2GpavuXirauGZqcenoB6lPG9
SPUU/tCIOqG/RSMvfjTV5Ck3Oi0OFu5jmfDPKHKayeJIg9bAS6u4cn/PQaxRt88I
d5X4UVH3fg+kM0AmjAe3jPjLqrnWk448ag3X/odgq/PSgpzQIzjZwCncki4nTm73
+Or2wS7EVi+PdAbtodBOo82vqYg6kGTlgHesVOuegYeegsLo0gSseJJdiFf6XRhk
SREvpNCh0Egw9jtu6f6m2UX5GHzA5BoOP+yfeSenuunm+A==
-----END CERTIFICATE-----