Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/zNVLpqbEk5MYhEMtRUD2Gn6x6XE.roa
File:                     zNVLpqbEk5MYhEMtRUD2Gn6x6XE.roa (raw, json)
Hash identifier:          Qs31SromlTYoB6+TkeR077OmMU0EJn7/NoBlrqcZJBE=
Subject key identifier:   CC:D5:4B:A6:A6:C4:93:93:18:84:43:2D:45:40:F6:1A:7E:B1:E9:71
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019E67B3CCDBC3228471B7F9C49230343F54
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/zNVLpqbEk5MYhEMtRUD2Gn6x6XE.roa
Signing time:             Wed 27 May 2026 04:31:37 +0000
ROA not before:           Wed 27 May 2026 04:31:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a0e:d300::/29 maxlen: 29
                          2a0f:89c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:67:b3:cc:db:c3:22:84:71:b7:f9:c4:92:30:34:3f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 27 04:31:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccd54ba6a6c493931884432d4540f61a7eb1e971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9d:4a:19:46:c3:1a:af:8f:0b:e8:e9:8d:ba:
                    83:23:6e:32:59:0d:c6:51:7f:2e:2e:e9:1b:06:0f:
                    c6:f9:84:65:bf:b1:da:4a:bd:1c:ed:54:90:ca:91:
                    56:a4:ed:09:50:6f:ef:ab:b8:94:6e:32:bd:79:1b:
                    35:cb:57:62:55:ca:82:04:e3:7c:8b:60:4b:5d:27:
                    18:73:69:e4:b6:08:83:b7:b9:25:8a:a4:ca:98:39:
                    71:82:1c:56:85:74:c2:84:6d:68:10:c1:ee:b1:eb:
                    3e:fe:7c:80:2d:80:0a:2a:39:39:cb:6f:02:40:6f:
                    dd:c3:ed:72:b7:a5:db:9b:95:b7:8c:01:22:16:60:
                    21:14:33:4c:e9:da:3c:b0:61:f2:09:2b:ba:dd:85:
                    ba:02:ab:61:ba:09:bf:9f:9e:cc:39:43:99:16:e2:
                    c6:d7:d1:60:37:25:bf:1a:ea:ad:3e:9e:5c:40:fe:
                    c1:e1:46:4e:31:8c:30:f2:9a:18:90:c6:d3:38:93:
                    e6:21:cb:20:23:b6:f0:bb:f4:7d:94:2e:7b:75:64:
                    ba:01:1a:2b:56:1b:de:f6:83:39:8c:5d:65:43:88:
                    9a:49:5f:a3:c2:70:ed:f2:ca:8c:d4:04:fd:3c:cd:
                    eb:44:3d:be:78:82:39:69:28:0e:6c:bc:54:fe:73:
                    f1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D5:4B:A6:A6:C4:93:93:18:84:43:2D:45:40:F6:1A:7E:B1:E9:71
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/zNVLpqbEk5MYhEMtRUD2Gn6x6XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d300::/29
                  2a0f:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:74:0e:7f:65:56:18:7f:90:80:1c:dc:78:4c:4a:24:84:fd:
         16:24:52:6c:29:d3:57:ac:6c:e1:2c:e2:9c:4e:d6:20:24:d6:
         1c:2e:bc:52:01:b2:09:10:de:8a:b1:04:e5:5f:9d:2f:65:5b:
         40:3e:4b:15:6a:bd:76:1e:a7:3c:f3:50:53:1a:fa:5f:f2:32:
         dc:24:65:0f:9d:d7:64:33:6b:9b:bc:f2:bf:a9:4f:36:0d:4f:
         de:68:62:c9:30:1d:45:d3:24:f5:2f:36:61:f5:73:d5:a0:aa:
         78:52:2a:c0:63:ed:f1:3b:13:ad:52:e8:ab:ff:01:0c:0c:ef:
         db:a1:32:51:cf:f4:a1:cd:cf:93:a3:d2:1d:45:bc:70:74:39:
         e7:52:02:b0:4e:f6:78:48:ba:b4:c0:3c:f8:5d:64:69:4c:4e:
         1d:2d:2d:48:8a:87:3a:5a:52:ad:99:16:3d:e4:54:68:f7:45:
         3f:42:d3:df:3e:e5:6f:a4:88:cb:30:55:80:16:a0:2b:97:fd:
         e2:36:f2:5a:b7:a3:0c:ed:46:c8:d3:18:3d:79:f2:d2:6d:6d:
         a1:21:3e:44:49:c2:02:bf:21:67:8e:30:22:09:83:08:7f:57:
         d7:59:9f:b1:2c:1c:42:69:e0:5d:7b:6e:da:aa:d5:e1:47:6a:
         05:bb:e5:b3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5ns8zbwyKEcbf5xJIwND9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNTI3MDQzMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Q1NGJhNmE2YzQ5MzkzMTg4NDQzMmQ0NTQwZjYxYTdlYjFlOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq51KGUbDGq+PC+jpjbqDI24yWQ3G
UX8uLukbBg/G+YRlv7HaSr0c7VSQypFWpO0JUG/vq7iUbjK9eRs1y1diVcqCBON8
i2BLXScYc2nktgiDt7kliqTKmDlxghxWhXTChG1oEMHuses+/nyALYAKKjk5y28C
QG/dw+1yt6Xbm5W3jAEiFmAhFDNM6do8sGHyCSu63YW6Aqthugm/n57MOUOZFuLG
19FgNyW/GuqtPp5cQP7B4UZOMYww8poYkMbTOJPmIcsgI7bwu/R9lC57dWS6ARor
Vhve9oM5jF1lQ4iaSV+jwnDt8sqM1AT9PM3rRD2+eII5aSgObLxU/nPxeQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMzVS6amxJOTGIRDLUVA9hp+selxMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvek5WTHBxYkVrNU1ZaEVNdFJVRDJHbjZ4NlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg7TAAMF
AyoPicAwDQYJKoZIhvcNAQELBQADggEBAFB0Dn9lVhh/kIAc3HhMSiSE/RYkUmwp
01esbOEs4pxO1iAk1hwuvFIBsgkQ3oqxBOVfnS9lW0A+SxVqvXYepzzzUFMa+l/y
MtwkZQ+d12Qza5u88r+pTzYNT95oYskwHUXTJPUvNmH1c9WgqnhSKsBj7fE7E61S
6Kv/AQwM79uhMlHP9KHNz5Oj0h1FvHB0OedSArBO9nhIurTAPPhdZGlMTh0tLUiK
hzpaUq2ZFj3kVGj3RT9C098+5W+kiMswVYAWoCuX/eI28lq3owztRsjTGD158tJt
baEhPkRJwgK/IWeOMCIJgwh/V9dZn7EsHEJp4F17btqq1eFHagW75bM=
-----END CERTIFICATE-----