Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/JhZMzH9twl8wNkeYev4LG3VPv2I.roa
File:                     JhZMzH9twl8wNkeYev4LG3VPv2I.roa (raw, json)
Hash identifier:          jdBJTvheHN0jaLshgZDbXGrYMtZxQytteuaj6IybSug=
Subject key identifier:   26:16:4C:CC:7F:6D:C2:5F:30:36:47:98:7A:FE:0B:1B:75:4F:BF:62
Certificate issuer:       /CN=bd199f36c3b2cbd1c20acd0cbf9053c004e55052
Certificate serial:       019D77CEE1AB468FE52FA6675518E7A9949E
Authority key identifier: BD:19:9F:36:C3:B2:CB:D1:C2:0A:CD:0C:BF:90:53:C0:04:E5:50:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/JhZMzH9twl8wNkeYev4LG3VPv2I.roa
Signing time:             Fri 10 Apr 2026 14:32:20 +0000
ROA not before:           Fri 10 Apr 2026 14:32:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206646
IP address blocks:        2a0a:d900:4407::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jul 2026 15:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:ce:e1:ab:46:8f:e5:2f:a6:67:55:18:e7:a9:94:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd199f36c3b2cbd1c20acd0cbf9053c004e55052
        Validity
            Not Before: Apr 10 14:32:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26164ccc7f6dc25f303647987afe0b1b754fbf62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1f:38:6a:3d:00:59:85:8f:9e:99:fd:bc:38:
                    97:d6:88:24:c7:f3:e5:5e:ab:ab:9c:41:3f:18:bf:
                    a5:1c:47:62:f9:58:cb:4c:c5:c0:39:16:5e:f7:83:
                    a4:b5:c7:cb:a7:84:5a:97:56:bf:2f:5c:20:9f:af:
                    3d:d7:88:03:cc:61:a3:57:80:ab:ac:8e:93:09:73:
                    81:35:a4:30:63:a5:f3:bb:16:a4:79:11:b1:38:0b:
                    b8:29:90:7d:b5:53:85:cc:9b:e6:26:8f:b6:b3:10:
                    a4:62:58:78:f6:58:0f:5b:ff:84:65:a4:a5:fc:e0:
                    24:ce:ac:e3:06:05:ba:a4:2f:7b:c5:ac:1c:ae:c1:
                    d9:52:bb:6d:c9:7c:ad:dd:6a:a1:7e:e8:3c:d7:6e:
                    6a:ed:fd:69:70:c1:42:2a:81:bc:01:a7:47:e8:98:
                    cf:43:05:61:ce:61:57:8b:5d:bf:e9:a3:a6:ff:1a:
                    f2:42:60:dd:c9:a0:70:6d:1e:04:21:4a:ea:93:64:
                    e1:a2:fb:af:c2:0c:22:0c:82:6f:20:18:59:02:7d:
                    ef:0d:33:c3:46:24:1b:59:70:af:51:79:99:8a:1e:
                    fa:94:60:30:4c:98:0a:6e:40:f8:54:89:9f:76:18:
                    15:74:47:b3:f9:0f:26:cd:e0:0a:52:b1:55:df:f7:
                    15:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:16:4C:CC:7F:6D:C2:5F:30:36:47:98:7A:FE:0B:1B:75:4F:BF:62
            X509v3 Authority Key Identifier:
                keyid:BD:19:9F:36:C3:B2:CB:D1:C2:0A:CD:0C:BF:90:53:C0:04:E5:50:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/JhZMzH9twl8wNkeYev4LG3VPv2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d900:4407::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:f9:49:99:fd:af:0a:09:58:4e:e8:52:5d:b9:77:9f:b0:12:
         c1:cf:c9:f7:0c:d4:c0:64:84:5d:84:42:20:05:d4:12:2f:0c:
         ba:a9:88:b2:ce:99:28:fd:ec:7c:0b:1d:c3:4f:ab:c9:5a:b4:
         cf:7e:10:6c:b5:aa:2b:90:64:be:a2:5b:7f:19:52:48:d5:ae:
         2a:73:06:68:8e:24:a3:b9:fa:0d:97:c0:6a:3d:bb:f0:ee:54:
         67:55:3d:56:49:a7:b2:72:4d:46:22:97:1e:aa:9e:46:a8:ea:
         04:e9:d0:02:47:b2:0a:39:c6:6c:81:77:2e:2e:fd:06:12:de:
         58:f1:50:f4:cb:d6:32:6b:32:c7:37:c6:b3:a7:93:17:a1:a0:
         9b:23:be:63:da:6e:04:d8:d1:c9:5a:08:dd:9b:55:01:a5:72:
         19:ff:56:67:5f:27:16:72:78:9b:8e:d2:2f:0f:04:1e:64:79:
         2d:e8:15:b1:bd:1e:65:f5:83:5e:b3:ab:dd:ff:af:ff:50:da:
         57:d7:a6:68:fa:88:6e:ca:30:62:f1:ef:db:2a:2c:43:97:aa:
         1c:85:10:e4:36:91:57:03:bf:06:aa:93:dc:94:fa:0c:14:ae:
         3d:43:25:8f:2e:80:9d:51:01:bc:fa:46:f3:af:21:0e:a2:47:
         70:61:54:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ13zuGrRo/lL6ZnVRjnqZSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTk5ZjM2YzNiMmNiZDFjMjBhY2QwY2JmOTA1M2MwMDRl
NTUwNTIwHhcNMjYwNDEwMTQzMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE2NGNjYzdmNmRjMjVmMzAzNjQ3OTg3YWZlMGIxYjc1NGZiZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox84aj0AWYWPnpn9vDiX1ogkx/Pl
XqurnEE/GL+lHEdi+VjLTMXAORZe94OktcfLp4Ral1a/L1wgn68914gDzGGjV4Cr
rI6TCXOBNaQwY6XzuxakeRGxOAu4KZB9tVOFzJvmJo+2sxCkYlh49lgPW/+EZaSl
/OAkzqzjBgW6pC97xawcrsHZUrttyXyt3Wqhfug8125q7f1pcMFCKoG8AadH6JjP
QwVhzmFXi12/6aOm/xryQmDdyaBwbR4EIUrqk2ThovuvwgwiDIJvIBhZAn3vDTPD
RiQbWXCvUXmZih76lGAwTJgKbkD4VImfdhgVdEez+Q8mzeAKUrFV3/cVFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCYWTMx/bcJfMDZHmHr+Cxt1T79iMB8GA1UdIwQY
MBaAFL0ZnzbDssvRwgrNDL+QU8AE5VBSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJtZk5zT3l5OUhDQ3MwTXY1QlR3QVRsVUZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82ZmU4OTMtZTU5Ny00YWQ4LTgxYzIt
NGNlOTQ1YzdmNzI1LzEvSmhaTXpIOXR3bDh3TmtlWWV2NExHM1ZQdjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82ZmU4OTMtZTU5Ny00YWQ4LTgxYzItNGNlOTQ1YzdmNzI1
LzEvdlJtZk5zT3l5OUhDQ3MwTXY1QlR3QVRsVUZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrZAEQH
MA0GCSqGSIb3DQEBCwUAA4IBAQAN+UmZ/a8KCVhO6FJduXefsBLBz8n3DNTAZIRd
hEIgBdQSLwy6qYiyzpko/ex8Cx3DT6vJWrTPfhBstaorkGS+olt/GVJI1a4qcwZo
jiSjufoNl8BqPbvw7lRnVT1WSaeyck1GIpceqp5GqOoE6dACR7IKOcZsgXcuLv0G
Et5Y8VD0y9YyazLHN8azp5MXoaCbI75j2m4E2NHJWgjdm1UBpXIZ/1ZnXycWcnib
jtIvDwQeZHkt6BWxvR5l9YNes6vd/6//UNpX16Zo+ohuyjBi8e/bKixDl6ochRDk
NpFXA78GqpPclPoMFK49QyWPLoCdUQG8+kbzryEOokdwYVSE
-----END CERTIFICATE-----
Generated at Sun Jul 5 20:37:59 2026 by rpki-client