Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/kfHOguahwmoMsyRaQw8pUo9cNfU.roa
File:                     kfHOguahwmoMsyRaQw8pUo9cNfU.roa (raw, json)
Hash identifier:          9xDfD3+rs0UdeCP8bqBepaOJdTPshbSNDRJXUgbGRxU=
Subject key identifier:   91:F1:CE:82:E6:A1:C2:6A:0C:B3:24:5A:43:0F:29:52:8F:5C:35:F5
Certificate issuer:       /CN=1c8a26113ab939452e4756f6d53f577114506290
Certificate serial:       019D9D592E4BC64F67ECF200CD467F4D1B81
Authority key identifier: 1C:8A:26:11:3A:B9:39:45:2E:47:56:F6:D5:3F:57:71:14:50:62:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HIomETq5OUUuR1b21T9XcRRQYpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/kfHOguahwmoMsyRaQw8pUo9cNfU.roa
Signing time:             Fri 17 Apr 2026 21:29:20 +0000
ROA not before:           Fri 17 Apr 2026 21:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200859
IP address blocks:        2a11:e740::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/HIomETq5OUUuR1b21T9XcRRQYpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/HIomETq5OUUuR1b21T9XcRRQYpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HIomETq5OUUuR1b21T9XcRRQYpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9d:59:2e:4b:c6:4f:67:ec:f2:00:cd:46:7f:4d:1b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c8a26113ab939452e4756f6d53f577114506290
        Validity
            Not Before: Apr 17 21:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91f1ce82e6a1c26a0cb3245a430f29528f5c35f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:39:3a:d3:b3:0e:85:87:c4:e7:ee:c9:3b:
                    17:f8:5a:6e:d5:61:c0:53:af:c6:56:8a:30:90:07:
                    b5:49:39:10:b5:31:35:49:fc:69:5e:59:9d:f3:96:
                    6d:eb:10:b8:a7:99:f8:0e:0d:19:89:50:58:5c:fb:
                    cc:ef:59:58:b1:87:65:82:26:b4:bc:a8:54:a1:ad:
                    0d:a6:c0:0c:2b:5c:2c:6d:1e:d0:a2:89:fd:63:b2:
                    ea:70:05:e9:7c:de:4e:dc:40:d2:92:53:95:90:7c:
                    47:a4:af:a2:02:cf:50:d4:71:3a:06:64:62:60:66:
                    cb:4f:0c:dc:1d:73:65:74:61:0e:7e:7c:88:e8:4d:
                    35:97:1c:cf:5d:f2:79:98:d9:84:4c:f3:a4:0a:0f:
                    75:1f:b2:36:a9:45:c1:db:26:04:7d:16:fd:40:68:
                    76:72:8b:1e:05:5b:61:40:ce:da:fd:b4:f3:2a:07:
                    0e:5c:0d:4d:e1:97:18:fb:26:aa:d7:a0:a6:7f:a8:
                    02:c3:20:2d:ff:11:91:cf:25:28:fe:55:0e:f6:e5:
                    56:ec:18:46:92:97:8b:e6:3b:ac:15:03:77:c9:36:
                    24:92:f5:4b:00:df:16:76:c2:be:c3:5f:51:e6:f5:
                    c1:a2:f0:fa:bb:c5:0a:7c:9d:c2:6b:4f:37:9d:4c:
                    1b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F1:CE:82:E6:A1:C2:6A:0C:B3:24:5A:43:0F:29:52:8F:5C:35:F5
            X509v3 Authority Key Identifier:
                keyid:1C:8A:26:11:3A:B9:39:45:2E:47:56:F6:D5:3F:57:71:14:50:62:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HIomETq5OUUuR1b21T9XcRRQYpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/kfHOguahwmoMsyRaQw8pUo9cNfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/542d3b-ce00-47bd-b484-957cb63fe681/1/HIomETq5OUUuR1b21T9XcRRQYpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:e740::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:ed:3c:eb:6f:7e:9a:28:17:c3:6d:33:40:ee:4f:7b:53:64:
         3b:bf:93:32:d6:f1:60:dd:60:d1:e9:73:c7:90:d9:97:c9:28:
         52:ee:da:e4:60:38:61:05:e9:c0:4a:57:28:25:04:d5:44:f3:
         4b:da:cb:82:d5:ae:01:53:4d:87:07:31:06:31:21:6c:e4:e9:
         0c:7d:d3:65:e1:e8:2b:f5:2c:2c:dc:e9:0a:2a:c6:71:f3:39:
         04:3d:b6:23:03:b1:a4:5c:27:f1:30:cc:30:a8:ad:9b:d3:1f:
         f9:a7:1a:39:ee:fd:05:c3:94:6c:f0:95:87:8a:7b:9d:33:fa:
         c7:3e:5a:2a:22:2e:70:b6:3e:e3:ef:27:0b:3d:52:86:50:23:
         30:dc:1f:c4:d6:e6:b5:5c:3f:3b:60:ca:ce:8d:25:39:ff:77:
         4f:ad:a3:6e:cd:eb:82:a2:49:2c:b6:8f:e2:28:05:5d:06:dc:
         e4:c2:21:53:a2:46:d7:96:3d:31:6c:39:56:b5:27:7f:16:bd:
         21:20:53:98:12:3e:df:69:2e:37:94:c4:e2:8d:78:50:1f:4f:
         a7:26:7b:9c:0f:8f:55:5e:ce:6d:74:e2:5f:65:13:07:42:ff:
         35:eb:db:d6:03:2c:45:c1:3d:01:3e:b6:c4:52:fc:88:e7:c8:
         9d:b0:0b:de
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2dWS5Lxk9n7PIAzUZ/TRuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOGEyNjExM2FiOTM5NDUyZTQ3NTZmNmQ1M2Y1NzcxMTQ1
MDYyOTAwHhcNMjYwNDE3MjEyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYxY2U4MmU2YTFjMjZhMGNiMzI0NWE0MzBmMjk1MjhmNWMzNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT45OtOzDoWHxOfuyTsX+Fpu1WHA
U6/GVoowkAe1STkQtTE1SfxpXlmd85Zt6xC4p5n4Dg0ZiVBYXPvM71lYsYdlgia0
vKhUoa0NpsAMK1wsbR7Qoon9Y7LqcAXpfN5O3EDSklOVkHxHpK+iAs9Q1HE6BmRi
YGbLTwzcHXNldGEOfnyI6E01lxzPXfJ5mNmETPOkCg91H7I2qUXB2yYEfRb9QGh2
coseBVthQM7a/bTzKgcOXA1N4ZcY+yaq16Cmf6gCwyAt/xGRzyUo/lUO9uVW7BhG
kpeL5jusFQN3yTYkkvVLAN8WdsK+w19R5vXBovD6u8UKfJ3Ca083nUwbjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJHxzoLmocJqDLMkWkMPKVKPXDX1MB8GA1UdIwQY
MBaAFByKJhE6uTlFLkdW9tU/V3EUUGKQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSElvbUVUcTVPVVV1UjFiMjFUOVhjUlJRWXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81NDJkM2ItY2UwMC00N2JkLWI0ODQt
OTU3Y2I2M2ZlNjgxLzEva2ZIT2d1YWh3bW9Nc3lSYVF3OHBVbzljTmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81NDJkM2ItY2UwMC00N2JkLWI0ODQtOTU3Y2I2M2ZlNjgx
LzEvSElvbUVUcTVPVVV1UjFiMjFUOVhjUlJRWXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHnQDAN
BgkqhkiG9w0BAQsFAAOCAQEAA+08629+migXw20zQO5Pe1NkO7+TMtbxYN1g0elz
x5DZl8koUu7a5GA4YQXpwEpXKCUE1UTzS9rLgtWuAVNNhwcxBjEhbOTpDH3TZeHo
K/UsLNzpCirGcfM5BD22IwOxpFwn8TDMMKitm9Mf+acaOe79BcOUbPCVh4p7nTP6
xz5aKiIucLY+4+8nCz1ShlAjMNwfxNbmtVw/O2DKzo0lOf93T62jbs3rgqJJLLaP
4igFXQbc5MIhU6JG15Y9MWw5VrUnfxa9ISBTmBI+32kuN5TE4o14UB9PpyZ7nA+P
VV7ObXTiX2UTB0L/Nevb1gMsRcE9AT62xFL8iOfInbAL3g==
-----END CERTIFICATE-----