Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DuhB--OBfL5en46eQPIcutd9Sj0.roa
File:                     DuhB--OBfL5en46eQPIcutd9Sj0.roa (raw, json)
Hash identifier:          dLVqpMC6p8Nvre94gWjsae4OgyuT1OFZj0aGCX6pXVQ=
Subject key identifier:   0E:E8:41:FB:E3:81:7C:BE:5E:9F:8E:9E:40:F2:1C:BA:D7:7D:4A:3D
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019DCE8EF0839ECAE973F0A42D26435FD19F
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DuhB--OBfL5en46eQPIcutd9Sj0.roa
Signing time:             Mon 27 Apr 2026 10:49:27 +0000
ROA not before:           Mon 27 Apr 2026 10:49:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        2a13:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 09:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:8e:f0:83:9e:ca:e9:73:f0:a4:2d:26:43:5f:d1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 27 10:49:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ee841fbe3817cbe5e9f8e9e40f21cbad77d4a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:95:0f:5b:8b:2d:84:b0:bf:6c:e1:1d:da:
                    30:9f:ed:cb:2c:b3:24:2a:12:1e:d9:6e:04:a8:7e:
                    d5:3f:07:70:0e:d6:98:e2:be:61:14:9e:09:ca:70:
                    36:b6:a4:98:f6:4c:5b:94:a7:46:3f:20:27:04:57:
                    46:be:e6:0d:c9:72:70:82:02:d3:6d:f2:19:2c:8a:
                    50:2c:e4:55:da:3c:74:6b:21:f6:d8:10:3d:0b:dd:
                    b3:e9:ce:b9:bb:f1:e0:08:c3:dc:3b:c6:a0:5c:2c:
                    11:ef:1b:79:00:f0:2e:23:e6:f0:70:6b:b7:1f:1a:
                    ce:f8:73:6c:a6:4e:21:0c:5e:98:ae:84:78:9e:36:
                    e3:ff:bc:cf:15:92:3c:07:bb:06:15:06:e1:4d:36:
                    ec:b7:8c:c5:34:0a:e2:d7:70:58:61:b4:a9:02:b5:
                    e0:05:2c:fd:7d:50:a0:eb:62:c0:38:1a:8a:58:8a:
                    11:ed:b4:1f:31:62:29:11:b9:56:70:9e:08:d2:8a:
                    b6:26:c5:de:c6:4d:f6:f5:73:2c:47:91:fe:72:69:
                    68:a5:09:ff:be:93:85:d6:3d:b5:79:0c:fb:ce:3f:
                    26:ca:75:85:eb:a6:9a:0b:13:3a:1b:43:0e:1f:14:
                    43:79:79:4f:05:68:ee:d9:4e:78:7d:4f:bf:ff:a8:
                    b2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E8:41:FB:E3:81:7C:BE:5E:9F:8E:9E:40:F2:1C:BA:D7:7D:4A:3D
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DuhB--OBfL5en46eQPIcutd9Sj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:2b:bb:b4:d3:2b:76:03:16:38:9d:aa:50:6e:04:e1:7f:94:
         48:0d:0a:e2:c5:7a:f6:13:a3:b2:a9:d0:ea:d4:55:76:88:b3:
         fc:69:36:84:d1:22:17:8a:27:08:48:d8:2f:54:04:c2:76:45:
         4e:ac:e2:c8:5e:d1:8a:14:a3:84:6c:fa:02:82:19:a3:3f:cd:
         d3:55:a5:0c:6b:b6:d8:f7:2f:c5:f0:f7:8e:c6:60:52:92:df:
         f1:71:65:c2:0e:6e:f6:c0:a1:88:7c:52:fb:e9:2e:58:c9:8b:
         44:4e:48:61:ab:93:a1:4f:1d:93:c2:04:07:fe:b5:eb:ec:72:
         91:3e:85:fd:37:51:49:47:9b:ac:d8:54:80:59:19:af:31:6c:
         c0:e5:a3:95:13:89:d9:30:05:d5:da:dd:66:7f:13:44:a8:a0:
         54:86:a9:27:70:d6:9b:1b:77:65:1c:4b:5f:1b:e3:38:15:9f:
         9f:fc:7a:0f:5e:3b:98:08:17:b1:ba:ca:69:1e:bf:9a:6f:0d:
         20:5d:53:6d:98:c1:91:13:47:fe:1a:0c:84:a8:d2:bb:25:16:
         59:43:8c:80:f1:bb:58:bb:5f:70:3c:36:c2:68:e0:82:d1:51:
         d4:cf:62:58:df:ed:8f:a0:30:5f:e0:16:42:6d:08:05:de:68:
         dd:a1:e2:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3OjvCDnsrpc/CkLSZDX9GfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNDI3MTA0OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU4NDFmYmUzODE3Y2JlNWU5ZjhlOWU0MGYyMWNiYWQ3N2Q0YTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4iVD1uLLYSwv2zhHdown+3LLLMk
KhIe2W4EqH7VPwdwDtaY4r5hFJ4JynA2tqSY9kxblKdGPyAnBFdGvuYNyXJwggLT
bfIZLIpQLORV2jx0ayH22BA9C92z6c65u/HgCMPcO8agXCwR7xt5APAuI+bwcGu3
HxrO+HNspk4hDF6YroR4njbj/7zPFZI8B7sGFQbhTTbst4zFNAri13BYYbSpArXg
BSz9fVCg62LAOBqKWIoR7bQfMWIpEblWcJ4I0oq2JsXexk329XMsR5H+cmlopQn/
vpOF1j21eQz7zj8mynWF66aaCxM6G0MOHxRDeXlPBWju2U54fU+//6iyhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA7oQfvjgXy+Xp+OnkDyHLrXfUo9MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvRHVoQi0tT0JmTDVlbjQ2ZVFQSWN1dGQ5U2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPRQDAN
BgkqhkiG9w0BAQsFAAOCAQEAPiu7tNMrdgMWOJ2qUG4E4X+USA0K4sV69hOjsqnQ
6tRVdoiz/Gk2hNEiF4onCEjYL1QEwnZFTqziyF7RihSjhGz6AoIZoz/N01WlDGu2
2PcvxfD3jsZgUpLf8XFlwg5u9sChiHxS++kuWMmLRE5IYauToU8dk8IEB/616+xy
kT6F/TdRSUebrNhUgFkZrzFswOWjlROJ2TAF1drdZn8TRKigVIapJ3DWmxt3ZRxL
XxvjOBWfn/x6D147mAgXsbrKaR6/mm8NIF1TbZjBkRNH/hoMhKjSuyUWWUOMgPG7
WLtfcDw2wmjggtFR1M9iWN/tj6AwX+AWQm0IBd5o3aHiuA==
-----END CERTIFICATE-----