Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/CNgLxivXisMROHySTdRCl2UFpks.roa
File:                     CNgLxivXisMROHySTdRCl2UFpks.roa (raw, json)
Hash identifier:          twoW0qDw2/hjMV8KOzbP4YlJhHswet6CF4fOwvLA+to=
Subject key identifier:   08:D8:0B:C6:2B:D7:8A:C3:11:38:7C:92:4D:D4:42:97:65:05:A6:4B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DAA4D39CEA191FAA75571B8F2BD6712F3
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/CNgLxivXisMROHySTdRCl2UFpks.roa
Signing time:             Mon 20 Apr 2026 09:51:20 +0000
ROA not before:           Mon 20 Apr 2026 09:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34665
IP address blocks:        2a06:35c1::/32 maxlen: 32
                          2a13:8c80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 22:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:4d:39:ce:a1:91:fa:a7:55:71:b8:f2:bd:67:12:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 20 09:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08d80bc62bd78ac311387c924dd442976505a64b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5d:34:da:f8:75:76:fc:77:51:41:41:dc:23:
                    d0:b7:9e:45:48:1e:5e:39:c1:e2:1f:6d:8c:aa:19:
                    52:33:7e:24:64:da:fe:e4:96:92:aa:46:99:87:c6:
                    7e:fa:20:eb:7c:94:f8:06:78:58:48:5d:98:50:b1:
                    d8:1c:f0:5c:4e:8a:51:a0:57:83:f8:99:36:fd:7b:
                    c9:e0:f0:02:99:26:34:79:60:3e:45:68:e6:11:8e:
                    21:24:9a:11:9a:01:7d:33:7f:58:f3:16:c4:00:5f:
                    a3:16:42:66:f1:61:3e:e5:ff:97:9f:58:08:a1:eb:
                    c9:e8:23:2c:82:e3:fd:e6:b2:30:e7:3a:54:0f:6b:
                    4b:2d:ac:a9:7a:f1:3a:a8:e8:7d:4a:28:70:c1:32:
                    ad:06:23:6a:13:d3:cd:f9:a7:d6:e7:dd:c3:84:aa:
                    5c:49:ab:8c:a5:9b:c4:b7:af:ae:21:4e:be:43:20:
                    e8:81:d9:3f:ef:01:6f:f2:05:9f:b4:c8:c3:b6:d0:
                    5c:5c:8a:e0:fe:69:b0:c3:33:c3:fe:3e:01:5b:10:
                    6f:78:58:15:17:f6:5f:f2:fe:74:1b:1f:8e:16:29:
                    f6:81:0f:fd:31:35:2e:19:91:30:3c:f8:f2:e1:8c:
                    48:4d:50:7c:07:05:db:e5:fb:81:19:95:ce:b3:a4:
                    32:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D8:0B:C6:2B:D7:8A:C3:11:38:7C:92:4D:D4:42:97:65:05:A6:4B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/CNgLxivXisMROHySTdRCl2UFpks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:35c1::/32
                  2a13:8c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:02:2d:ad:fb:7e:ad:77:18:02:5a:ea:46:f4:65:d2:e4:47:
         8c:bd:bd:82:e3:9b:d4:68:3b:62:5a:4a:ac:7e:d8:92:f7:03:
         02:90:77:7b:fa:e2:f3:89:1c:e3:c8:a6:ad:1c:dc:4e:cc:de:
         82:ed:95:80:7f:f7:1b:d4:02:f3:dc:d1:d2:08:2c:12:8a:58:
         e5:b6:d0:9a:b6:59:bf:95:59:dd:76:38:c8:60:5e:f7:3a:7c:
         c6:6a:93:1c:9f:13:fc:81:72:ae:91:32:ad:d9:32:33:fe:3b:
         09:74:d7:9c:d6:3c:55:2f:da:f9:af:3e:7a:81:2a:ae:26:fd:
         d3:09:26:2b:5f:74:9c:c8:ee:9e:b0:07:c9:2c:0c:3a:fd:41:
         98:95:d7:7b:a7:57:25:8e:f7:f0:8a:d9:08:b8:70:6c:a1:ca:
         55:66:68:54:9c:99:2a:20:ad:00:d1:a4:90:e3:cd:f9:d2:28:
         f0:96:00:75:63:a7:20:a2:b4:1a:6d:cc:0e:f5:ab:58:60:1d:
         d0:b2:72:ef:37:5d:a8:46:03:53:dc:1e:a2:e1:fe:3e:a6:7c:
         01:ff:20:2d:96:73:48:9f:c6:c4:60:e6:0e:58:ec:15:6b:9d:
         62:64:18:a7:b7:2a:91:3b:e9:78:33:08:e1:48:99:2f:5e:68:
         ce:d2:ec:dd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2qTTnOoZH6p1VxuPK9ZxLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDIwMDk1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ4MGJjNjJiZDc4YWMzMTEzODdjOTI0ZGQ0NDI5NzY1MDVhNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1002vh1dvx3UUFB3CPQt55FSB5e
OcHiH22MqhlSM34kZNr+5JaSqkaZh8Z++iDrfJT4BnhYSF2YULHYHPBcTopRoFeD
+Jk2/XvJ4PACmSY0eWA+RWjmEY4hJJoRmgF9M39Y8xbEAF+jFkJm8WE+5f+Xn1gI
oevJ6CMsguP95rIw5zpUD2tLLaypevE6qOh9SihwwTKtBiNqE9PN+afW593DhKpc
SauMpZvEt6+uIU6+QyDogdk/7wFv8gWftMjDttBcXIrg/mmwwzPD/j4BWxBveFgV
F/Zf8v50Gx+OFin2gQ/9MTUuGZEwPPjy4YxITVB8BwXb5fuBGZXOs6QyAQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAjYC8Yr14rDETh8kk3UQpdlBaZLMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQ05nTHhpdlhpc01ST0h5U1RkUkNsMlVGcGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgY1wQMF
ACoTjIAwDQYJKoZIhvcNAQELBQADggEBAMwCLa37fq13GAJa6kb0ZdLkR4y9vYLj
m9RoO2JaSqx+2JL3AwKQd3v64vOJHOPIpq0c3E7M3oLtlYB/9xvUAvPc0dIILBKK
WOW20Jq2Wb+VWd12OMhgXvc6fMZqkxyfE/yBcq6RMq3ZMjP+Owl015zWPFUv2vmv
PnqBKq4m/dMJJitfdJzI7p6wB8ksDDr9QZiV13unVyWO9/CK2Qi4cGyhylVmaFSc
mSogrQDRpJDjzfnSKPCWAHVjpyCitBptzA71q1hgHdCycu83XahGA1PcHqLh/j6m
fAH/IC2Wc0ifxsRg5g5Y7BVrnWJkGKe3KpE76XgzCOFImS9eaM7S7N0=
-----END CERTIFICATE-----