Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/hZr8-GHSaT1LVC0d0SUnsdKNWgk.roa
File:                     hZr8-GHSaT1LVC0d0SUnsdKNWgk.roa (raw, json)
Hash identifier:          wG/J0iawhu+Kl1JUrzlumoLnQM5wpIB/0XILiot9T/0=
Subject key identifier:   85:9A:FC:F8:61:D2:69:3D:4B:54:2D:1D:D1:25:27:B1:D2:8D:5A:09
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019CD113F11126B187CD55DAE5AB985D30CA
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/hZr8-GHSaT1LVC0d0SUnsdKNWgk.roa
Signing time:             Mon 09 Mar 2026 05:31:10 +0000
ROA not before:           Mon 09 Mar 2026 05:31:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203168
IP address blocks:        2a12:cb40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d1:13:f1:11:26:b1:87:cd:55:da:e5:ab:98:5d:30:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Mar  9 05:31:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=859afcf861d2693d4b542d1dd12527b1d28d5a09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:92:95:04:f1:c5:99:17:31:02:a0:02:ce:20:
                    a4:0d:81:e2:ff:9a:26:52:6e:1a:0a:1c:43:83:9e:
                    a4:44:85:f4:03:13:ec:3a:f1:99:cd:50:3c:cc:70:
                    cd:fe:07:d9:61:6c:38:8d:d7:23:90:b1:8c:1f:09:
                    48:3c:3d:8e:ba:16:95:73:b6:f6:c8:9b:d7:8c:40:
                    ad:3e:d5:eb:7f:a6:04:4f:93:7d:48:3a:eb:33:c5:
                    77:fc:0d:ab:d3:14:14:97:00:6a:42:28:32:94:78:
                    fb:80:cb:b4:84:20:dd:46:06:2a:aa:19:50:92:71:
                    14:81:9f:96:97:75:16:4f:74:2a:a4:a8:af:aa:23:
                    f6:e1:d2:f1:ea:57:56:98:d2:41:9f:34:e0:d5:64:
                    b6:e6:ac:3a:f9:97:33:a2:c3:0d:9e:be:70:1d:49:
                    68:73:ee:87:e8:c6:6e:14:2b:95:3c:0c:4e:db:09:
                    ef:bd:03:93:06:37:37:42:24:a2:d7:9e:b1:28:37:
                    3c:b2:59:2f:a4:93:28:03:bc:21:5a:81:c6:b9:1e:
                    34:9f:fb:68:d1:66:fb:ab:eb:59:81:26:2c:41:5d:
                    04:f0:98:9f:1f:2d:3c:71:15:07:94:cc:b4:d0:84:
                    cf:72:7a:07:4b:d7:42:45:87:7b:06:66:4d:34:90:
                    bd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:9A:FC:F8:61:D2:69:3D:4B:54:2D:1D:D1:25:27:B1:D2:8D:5A:09
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/hZr8-GHSaT1LVC0d0SUnsdKNWgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:5d:a2:a7:92:82:ac:24:23:36:ea:f9:35:a4:1b:eb:48:94:
         e5:3e:3a:d6:d5:d0:a8:aa:ec:a3:ca:93:d7:f8:0d:f2:2e:14:
         32:c0:b5:24:39:68:64:67:c8:49:07:54:46:26:77:4a:bd:a8:
         66:81:63:86:5a:67:a4:f4:7a:59:6a:bd:72:15:32:2b:92:fa:
         85:8f:13:18:fa:35:10:0d:d9:61:c4:25:8a:66:c4:e6:f4:93:
         a1:69:0a:a1:63:9d:62:d2:72:f7:d6:79:21:2a:b0:6e:9c:ee:
         b6:ea:4b:3b:59:5b:a8:91:0d:0e:58:0c:fb:fc:09:7d:72:49:
         eb:03:75:f6:a8:a1:36:23:ed:4b:f0:17:a3:31:9e:5e:be:c0:
         bb:36:fc:b4:4d:86:1f:3d:98:92:f1:b8:cb:ce:37:26:a6:a4:
         1d:f3:da:b9:bd:23:67:8f:c2:31:5b:f2:2f:75:d4:11:d6:a1:
         d3:e3:9f:9b:1b:6a:1c:e2:b5:d1:5e:36:01:d7:fb:c3:a9:bd:
         8d:7c:02:27:4b:e5:40:d4:c9:1e:7a:56:c4:83:f5:3d:2d:f3:
         b2:02:21:c1:03:17:c5:c9:9a:58:c8:c9:9b:72:e2:9d:0a:b3:
         7d:87:d0:e5:77:da:ca:f5:6a:ae:48:eb:b8:47:f3:36:d6:5f:
         c6:1e:cb:d1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzRE/ERJrGHzVXa5auYXTDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwMzA5MDUzMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTlhZmNmODYxZDI2OTNkNGI1NDJkMWRkMTI1MjdiMWQyOGQ1YTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupKVBPHFmRcxAqACziCkDYHi/5om
Um4aChxDg56kRIX0AxPsOvGZzVA8zHDN/gfZYWw4jdcjkLGMHwlIPD2OuhaVc7b2
yJvXjECtPtXrf6YET5N9SDrrM8V3/A2r0xQUlwBqQigylHj7gMu0hCDdRgYqqhlQ
knEUgZ+Wl3UWT3QqpKivqiP24dLx6ldWmNJBnzTg1WS25qw6+ZczosMNnr5wHUlo
c+6H6MZuFCuVPAxO2wnvvQOTBjc3QiSi156xKDc8slkvpJMoA7whWoHGuR40n/to
0Wb7q+tZgSYsQV0E8JifHy08cRUHlMy00ITPcnoHS9dCRYd7BmZNNJC9DwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIWa/Phh0mk9S1QtHdElJ7HSjVoJMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvaFpyOC1HSFNhVDFMVkMwZDBTVW5zZEtOV2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLLQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEV2ip5KCrCQjNur5NaQb60iU5T461tXQqKrso8qT
1/gN8i4UMsC1JDloZGfISQdURiZ3Sr2oZoFjhlpnpPR6WWq9chUyK5L6hY8TGPo1
EA3ZYcQlimbE5vSToWkKoWOdYtJy99Z5ISqwbpzutupLO1lbqJENDlgM+/wJfXJJ
6wN19qihNiPtS/AXozGeXr7Auzb8tE2GHz2YkvG4y843JqakHfPaub0jZ4/CMVvy
L3XUEdah0+OfmxtqHOK10V42Adf7w6m9jXwCJ0vlQNTJHnpWxIP1PS3zsgIhwQMX
xcmaWMjJm3LinQqzfYfQ5XfayvVqrkjruEfzNtZfxh7L0Q==
-----END CERTIFICATE-----