Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sP9A4cnylfqxWlDpkBAm0CIqBFU.roa
File:                     sP9A4cnylfqxWlDpkBAm0CIqBFU.roa (raw, json)
Hash identifier:          pWmUgGcf93vr+1FE5Mpw2z4+mxojC+Zrtg39SIpckEs=
Subject key identifier:   B0:FF:40:E1:C9:F2:95:FA:B1:5A:50:E9:90:10:26:D0:22:2A:04:55
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019CC0BD2456851946F594E7D3944D17695C
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sP9A4cnylfqxWlDpkBAm0CIqBFU.roa
Signing time:             Fri 06 Mar 2026 01:22:26 +0000
ROA not before:           Fri 06 Mar 2026 01:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204535
IP address blocks:        2a12:cb43::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c0:bd:24:56:85:19:46:f5:94:e7:d3:94:4d:17:69:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Mar  6 01:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0ff40e1c9f295fab15a50e9901026d0222a0455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:af:43:00:4c:34:c5:43:25:43:d2:18:b4:
                    db:f9:5e:86:5d:c8:d8:3c:e0:eb:f3:e4:f2:cb:de:
                    cc:c0:7b:e7:52:1c:4e:f3:63:50:5f:f6:12:99:72:
                    49:6b:31:d1:8e:14:1d:aa:7d:54:26:63:12:8f:1a:
                    44:5b:b2:e7:73:14:70:cb:79:45:c2:9e:b5:b7:7e:
                    8b:6f:f5:89:0a:8a:83:3d:4b:59:c1:14:ae:a3:d5:
                    a5:a1:9b:64:d2:b2:c5:6a:95:88:55:8e:c7:92:42:
                    74:7d:63:90:9b:f4:53:fa:06:65:d0:db:62:72:a3:
                    71:1a:de:d9:b5:be:ea:11:3f:4c:46:4b:fa:87:a5:
                    08:0e:2f:ef:d5:84:6c:02:95:79:f8:e1:c2:1f:b6:
                    b1:aa:57:f1:d8:d3:e0:d4:30:17:b7:64:7d:2f:85:
                    fb:d6:da:33:fa:50:7a:88:67:d5:64:de:a8:ca:ab:
                    4b:92:62:e2:fb:c4:2a:b4:f9:f3:11:fe:a4:70:c0:
                    6e:72:d5:fa:1a:c3:36:50:08:cf:3a:a9:33:27:4c:
                    2a:d6:1e:27:ec:28:75:05:e9:46:8d:a9:bf:aa:f7:
                    e1:f9:c3:37:93:17:cc:ae:4e:ee:ca:18:87:05:1c:
                    33:9f:54:de:92:4b:7b:91:d4:90:bb:1d:fb:70:a6:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:FF:40:E1:C9:F2:95:FA:B1:5A:50:E9:90:10:26:D0:22:2A:04:55
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sP9A4cnylfqxWlDpkBAm0CIqBFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb43::/36

    Signature Algorithm: sha256WithRSAEncryption
         9f:3f:2f:29:a4:c3:84:be:54:f4:e1:51:b8:b9:f1:22:19:5b:
         f1:2c:9a:ea:79:b1:41:de:f4:c6:99:34:4e:53:a5:84:4b:46:
         5b:a2:6b:7d:be:88:59:0e:2b:20:3b:91:0d:06:ab:72:40:7e:
         43:63:fb:b2:12:cf:8d:f7:14:62:54:48:34:e7:95:db:61:fe:
         0d:0f:f3:69:75:9b:2f:4a:5d:4f:0b:61:d2:d7:e9:11:06:f1:
         49:82:08:4e:69:e0:11:cf:7b:6a:eb:b8:95:b2:13:0b:19:f1:
         74:17:d4:68:73:c6:b0:1c:42:5a:ab:05:23:b6:3c:fc:8f:83:
         6b:3f:30:94:be:8e:2d:71:e8:a5:d4:62:45:0b:97:8c:93:51:
         01:96:8c:92:cd:f4:af:90:77:60:bb:63:0b:b8:52:4b:0b:68:
         78:6a:26:e8:8c:99:08:26:c4:50:1b:7e:b7:62:3e:b0:86:c6:
         35:48:90:e4:27:b5:bd:79:9a:4c:a5:52:4b:9b:3e:c6:a5:00:
         76:12:50:55:1b:f0:e8:c8:f4:50:7c:24:fa:88:8d:8b:14:fc:
         1d:9c:ae:88:d2:b1:6d:3b:fe:ce:2c:76:07:5b:bc:72:56:b6:
         a2:8e:35:d1:d7:7f:0e:0a:72:d4:07:f4:dc:8b:0d:92:3c:33:
         85:8c:c6:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZzAvSRWhRlG9ZTn05RNF2lcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwMzA2MDEyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGZmNDBlMWM5ZjI5NWZhYjE1YTUwZTk5MDEwMjZkMDIyMmEwNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCyvQwBMNMVDJUPSGLTb+V6GXcjY
PODr8+Tyy97MwHvnUhxO82NQX/YSmXJJazHRjhQdqn1UJmMSjxpEW7LncxRwy3lF
wp61t36Lb/WJCoqDPUtZwRSuo9WloZtk0rLFapWIVY7HkkJ0fWOQm/RT+gZl0Nti
cqNxGt7Ztb7qET9MRkv6h6UIDi/v1YRsApV5+OHCH7axqlfx2NPg1DAXt2R9L4X7
1toz+lB6iGfVZN6oyqtLkmLi+8QqtPnzEf6kcMBuctX6GsM2UAjPOqkzJ0wq1h4n
7Ch1BelGjam/qvfh+cM3kxfMrk7uyhiHBRwzn1Tekkt7kdSQux37cKbUvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLD/QOHJ8pX6sVpQ6ZAQJtAiKgRVMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvc1A5QTRjbnlsZnF4V2xEcGtCQW0wQ0lxQkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhLLQwAw
DQYJKoZIhvcNAQELBQADggEBAJ8/Lymkw4S+VPThUbi58SIZW/Esmup5sUHe9MaZ
NE5TpYRLRluia32+iFkOKyA7kQ0Gq3JAfkNj+7ISz433FGJUSDTnldth/g0P82l1
my9KXU8LYdLX6REG8UmCCE5p4BHPe2rruJWyEwsZ8XQX1GhzxrAcQlqrBSO2PPyP
g2s/MJS+ji1x6KXUYkULl4yTUQGWjJLN9K+Qd2C7Ywu4UksLaHhqJuiMmQgmxFAb
frdiPrCGxjVIkOQntb15mkylUkubPsalAHYSUFUb8OjI9FB8JPqIjYsU/B2crojS
sW07/s4sdgdbvHJWtqKONdHXfw4KctQH9NyLDZI8M4WMxvo=
-----END CERTIFICATE-----