Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/eLh3Isntfw-bCkIOT4XMOcnyBiA.roa
File:                     eLh3Isntfw-bCkIOT4XMOcnyBiA.roa (raw, json)
Hash identifier:          CSzPbtgCI95QdVvPu+hNufCm+Lthh6I+rRJyJNLcNzY=
Subject key identifier:   78:B8:77:22:C9:ED:7F:0F:9B:0A:42:0E:4F:85:CC:39:C9:F2:06:20
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019DB05D4257686CC515249BDE00E377F8CE
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/eLh3Isntfw-bCkIOT4XMOcnyBiA.roa
Signing time:             Tue 21 Apr 2026 14:06:35 +0000
ROA not before:           Tue 21 Apr 2026 14:06:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a09:ae80::/29 maxlen: 48
                          2a09:b440::/48 maxlen: 48
                          2a13:4bc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:5d:42:57:68:6c:c5:15:24:9b:de:00:e3:77:f8:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 21 14:06:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78b87722c9ed7f0f9b0a420e4f85cc39c9f20620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1d:8f:3e:a6:d9:08:34:1c:91:5c:59:92:2f:
                    07:f0:db:8e:ea:3e:de:f4:b1:16:77:17:d3:1f:a4:
                    32:d6:1e:c1:f0:44:33:ca:44:9d:bb:bc:a0:e9:31:
                    cc:25:d9:d9:e0:0e:13:17:a2:e6:f2:ef:ae:5e:db:
                    a0:38:7e:7d:66:d7:cc:82:28:32:bb:ac:7e:35:ba:
                    57:47:b6:8c:2e:be:9a:29:71:4e:36:64:b1:b1:87:
                    a1:f4:4e:a1:ba:a9:55:f9:39:7d:c9:56:fa:d6:19:
                    8d:00:15:dc:bc:9b:bf:84:0e:59:9d:8c:a1:74:20:
                    33:75:70:0f:a3:60:60:a8:3c:bd:52:64:53:04:34:
                    81:f6:f3:86:56:46:90:1d:c3:fa:fb:9e:ed:03:d0:
                    70:5a:0e:ae:13:a0:21:2a:cd:2c:a3:4b:5c:2e:5d:
                    a9:5c:28:b9:1f:64:99:54:6c:46:ab:0f:7c:fb:73:
                    4a:4f:97:f8:0c:18:f4:84:83:1a:90:1f:38:0c:0b:
                    c1:82:d5:20:8b:ce:ee:c6:5a:37:e5:0d:6b:3f:da:
                    08:48:82:9c:4d:8c:f4:ce:08:ed:72:ae:41:c8:9d:
                    ae:4e:98:de:b5:a4:ae:3e:20:4f:bd:62:34:9c:b0:
                    b5:f9:de:14:c2:23:0a:84:79:cd:d8:b7:ba:a9:4e:
                    95:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B8:77:22:C9:ED:7F:0F:9B:0A:42:0E:4F:85:CC:39:C9:F2:06:20
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/eLh3Isntfw-bCkIOT4XMOcnyBiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ae80::/29
                  2a09:b440::/48
                  2a13:4bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:65:63:d7:6b:b4:9c:7d:9a:69:01:bc:b5:0f:83:41:52:4b:
         9b:54:44:21:16:f7:1a:17:51:39:09:f1:b1:f8:de:bb:50:d1:
         59:21:f4:85:79:42:14:10:63:77:d8:d1:6f:bc:c0:1c:f0:15:
         ab:95:db:58:65:ea:9e:7f:ca:79:7b:65:80:8c:6f:c1:02:7c:
         8a:22:6a:6a:7b:04:34:10:cb:6e:6d:b7:5d:a7:4f:1f:ad:dc:
         21:f7:0b:5a:ae:38:e4:b5:79:9a:3f:85:75:b8:7c:11:47:8c:
         e4:5d:1b:d7:9f:35:ed:c5:ac:22:03:84:ba:91:cf:6b:13:fd:
         43:86:9e:fa:50:2a:c4:63:da:61:57:a4:96:f0:98:09:a3:c6:
         1b:5a:b7:3d:b1:d1:cb:32:f8:ff:8a:70:ce:e6:77:5b:a4:cb:
         28:6b:05:8f:27:90:1c:07:cd:06:68:28:9d:14:f5:2d:0e:06:
         cf:6b:5b:fb:4e:b0:60:1f:62:a5:e0:76:dd:fa:0e:94:5c:0e:
         ef:82:ba:bb:1b:bc:d2:0f:d9:75:54:5c:9a:ec:40:73:9a:e4:
         ae:3e:6a:ce:a4:1f:27:37:6b:27:f9:18:61:66:1f:34:8d:96:
         c5:5d:14:64:2c:1d:25:27:41:db:e9:80:0a:89:d3:59:f6:d3:
         40:72:24:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2wXUJXaGzFFSSb3gDjd/jOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDIxMTQwNjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGI4NzcyMmM5ZWQ3ZjBmOWIwYTQyMGU0Zjg1Y2MzOWM5ZjIwNjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAih2PPqbZCDQckVxZki8H8NuO6j7e
9LEWdxfTH6Qy1h7B8EQzykSdu7yg6THMJdnZ4A4TF6Lm8u+uXtugOH59ZtfMgigy
u6x+NbpXR7aMLr6aKXFONmSxsYeh9E6huqlV+Tl9yVb61hmNABXcvJu/hA5ZnYyh
dCAzdXAPo2BgqDy9UmRTBDSB9vOGVkaQHcP6+57tA9BwWg6uE6AhKs0so0tcLl2p
XCi5H2SZVGxGqw98+3NKT5f4DBj0hIMakB84DAvBgtUgi87uxlo35Q1rP9oISIKc
TYz0zgjtcq5ByJ2uTpjetaSuPiBPvWI0nLC1+d4UwiMKhHnN2Le6qU6VXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHi4dyLJ7X8PmwpCDk+FzDnJ8gYgMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvZUxoM0lzbnRmdy1iQ2tJT1Q0WE1PY255QmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwUDKgmugAMH
ACoJtEAAAAMFAyoTS8AwDQYJKoZIhvcNAQELBQADggEBAGRlY9drtJx9mmkBvLUP
g0FSS5tURCEW9xoXUTkJ8bH43rtQ0Vkh9IV5QhQQY3fY0W+8wBzwFauV21hl6p5/
ynl7ZYCMb8ECfIoiamp7BDQQy25tt12nTx+t3CH3C1quOOS1eZo/hXW4fBFHjORd
G9efNe3FrCIDhLqRz2sT/UOGnvpQKsRj2mFXpJbwmAmjxhtatz2x0csy+P+KcM7m
d1ukyyhrBY8nkBwHzQZoKJ0U9S0OBs9rW/tOsGAfYqXgdt36DpRcDu+CursbvNIP
2XVUXJrsQHOa5K4+as6kHyc3ayf5GGFmHzSNlsVdFGQsHSUnQdvpgAqJ01n200By
JD4=
-----END CERTIFICATE-----