Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/eYb-0sk3lTAnHwHmBql3xYuqBeU.roa
File:                     eYb-0sk3lTAnHwHmBql3xYuqBeU.roa (raw, json)
Hash identifier:          0O2M8qsHlKcHsnwjDobcM4cR1vGFH9BSfHcvMhBfXwk=
Subject key identifier:   79:86:FE:D2:C9:37:95:30:27:1F:01:E6:06:A9:77:C5:8B:AA:05:E5
Certificate issuer:       /CN=94948e5f2fa04b222a6e96883b840f7124531556
Certificate serial:       019E2B6D7EDB95A8A37BB9665014D44740E6
Authority key identifier: 94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/eYb-0sk3lTAnHwHmBql3xYuqBeU.roa
Signing time:             Fri 15 May 2026 11:37:36 +0000
ROA not before:           Fri 15 May 2026 11:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        2a0f:b380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:6d:7e:db:95:a8:a3:7b:b9:66:50:14:d4:47:40:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94948e5f2fa04b222a6e96883b840f7124531556
        Validity
            Not Before: May 15 11:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7986fed2c9379530271f01e606a977c58baa05e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e0:e2:84:19:9c:71:91:5e:1a:ae:a8:02:a5:
                    f2:5c:80:b9:37:c0:14:eb:ef:c5:b9:7c:c3:cd:2e:
                    bc:8d:77:51:1a:98:32:4f:12:b6:38:69:d2:e0:bf:
                    c1:f6:8b:e6:d1:a1:47:db:25:f9:b6:47:ca:0a:81:
                    e2:9f:a6:a8:3d:cc:a1:81:1e:cd:86:43:1f:41:5c:
                    d8:dd:40:0e:b0:be:5b:bc:47:f0:8c:22:9c:bc:bb:
                    43:cb:95:b2:17:ae:5d:b3:32:57:92:c9:fe:90:bc:
                    d8:57:92:42:3f:01:a5:1a:8b:28:98:fe:0f:4c:24:
                    be:0f:b4:0c:2d:e6:4f:41:b1:e5:cf:aa:ce:88:24:
                    95:bc:03:1f:09:16:c0:2c:a4:c5:66:fe:62:0a:f5:
                    d1:a2:02:50:1c:be:75:0f:90:df:bd:0d:36:a0:be:
                    77:bb:c7:a4:5a:ee:f0:b8:fe:b0:ed:4b:1b:f7:bc:
                    1e:60:4a:a6:b8:94:f4:17:f3:97:38:95:ea:a6:e1:
                    e7:e0:c7:71:c8:67:d5:c3:fd:8d:1f:b8:fa:95:82:
                    41:bc:56:d6:9f:85:b8:bf:4f:26:29:96:92:92:04:
                    8c:e1:ed:08:5c:ac:61:5a:f0:22:d6:3c:bc:65:7f:
                    93:06:a6:a8:ca:c1:e7:75:64:6a:79:61:85:15:99:
                    c4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:86:FE:D2:C9:37:95:30:27:1F:01:E6:06:A9:77:C5:8B:AA:05:E5
            X509v3 Authority Key Identifier:
                keyid:94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/eYb-0sk3lTAnHwHmBql3xYuqBeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b380::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:4a:7e:fb:9c:6d:ad:03:8f:0c:2f:ee:72:c4:42:24:36:91:
         0e:1a:59:59:0d:e7:f4:b4:82:65:b9:a3:00:db:c0:f4:51:71:
         c6:9b:f5:c9:95:c0:4a:80:fc:7f:da:88:22:a5:ff:61:99:93:
         d5:37:9d:95:38:86:23:0b:ef:b5:6a:e9:69:ee:84:61:ce:b3:
         b8:bf:6e:3a:33:24:99:1b:d6:e5:69:7f:80:57:3f:ba:ff:43:
         0d:7a:25:49:c3:f8:3a:bd:32:bd:ea:55:f9:5d:1c:8a:97:6a:
         ed:3e:9f:3a:e6:eb:35:c9:7d:97:5e:a4:69:0f:8a:e1:d1:d9:
         0a:aa:46:09:2e:7b:7b:ca:f9:fb:f8:3b:4d:ef:2f:5e:91:a8:
         84:62:3c:88:05:e6:e6:e3:6b:68:84:28:a8:82:04:6c:61:6b:
         c0:81:12:8e:7e:3f:61:0f:82:b4:46:0c:ca:79:ac:39:9d:c0:
         96:64:0f:8e:2c:a6:19:0a:98:61:aa:c1:99:5e:e4:05:d8:b7:
         50:9d:15:50:f0:e0:a1:51:9c:b8:8f:8b:cf:b9:22:63:b2:42:
         e2:46:f1:da:8a:1c:1c:9d:a1:ac:1b:ab:c2:42:48:a8:0b:54:
         21:95:ef:c1:32:94:a9:28:8e:f3:00:9b:1b:dc:d5:e0:80:77:
         ff:01:94:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4rbX7blaije7lmUBTUR0DmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTQ4ZTVmMmZhMDRiMjIyYTZlOTY4ODNiODQwZjcxMjQ1
MzE1NTYwHhcNMjYwNTE1MTEzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTg2ZmVkMmM5Mzc5NTMwMjcxZjAxZTYwNmE5NzdjNThiYWEwNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uDihBmccZFeGq6oAqXyXIC5N8AU
6+/FuXzDzS68jXdRGpgyTxK2OGnS4L/B9ovm0aFH2yX5tkfKCoHin6aoPcyhgR7N
hkMfQVzY3UAOsL5bvEfwjCKcvLtDy5WyF65dszJXksn+kLzYV5JCPwGlGosomP4P
TCS+D7QMLeZPQbHlz6rOiCSVvAMfCRbALKTFZv5iCvXRogJQHL51D5DfvQ02oL53
u8ekWu7wuP6w7Usb97weYEqmuJT0F/OXOJXqpuHn4MdxyGfVw/2NH7j6lYJBvFbW
n4W4v08mKZaSkgSM4e0IXKxhWvAi1jy8ZX+TBqaoysHndWRqeWGFFZnESQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHmG/tLJN5UwJx8B5gapd8WLqgXlMB8GA1UdIwQY
MBaAFJSUjl8voEsiKm6WiDuED3EkUxVWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODct
NjQxYjhlNjBkM2UyLzEvZVliLTBzazNsVEFuSHdIbUJxbDN4WXVxQmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODctNjQxYjhlNjBkM2Uy
LzEvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+zgDAN
BgkqhkiG9w0BAQsFAAOCAQEAkkp++5xtrQOPDC/ucsRCJDaRDhpZWQ3n9LSCZbmj
ANvA9FFxxpv1yZXASoD8f9qIIqX/YZmT1TedlTiGIwvvtWrpae6EYc6zuL9uOjMk
mRvW5Wl/gFc/uv9DDXolScP4Or0yvepV+V0cipdq7T6fOubrNcl9l16kaQ+K4dHZ
CqpGCS57e8r5+/g7Te8vXpGohGI8iAXm5uNraIQoqIIEbGFrwIESjn4/YQ+CtEYM
ynmsOZ3AlmQPjiymGQqYYarBmV7kBdi3UJ0VUPDgoVGcuI+Lz7kiY7JC4kbx2ooc
HJ2hrBurwkJIqAtUIZXvwTKUqSiO8wCbG9zV4IB3/wGUsg==
-----END CERTIFICATE-----