Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/VjQjZjd8u0m638f09ekHhQd_-mM.roa
File:                     VjQjZjd8u0m638f09ekHhQd_-mM.roa (raw, json)
Hash identifier:          zTHtgnTnSF7YEYTr+ZUE/h/cmSAdI4ibLvD59NKOvq4=
Subject key identifier:   56:34:23:66:37:7C:BB:49:BA:DF:C7:F4:F5:E9:07:85:07:7F:FA:63
Certificate issuer:       /CN=bd199f36c3b2cbd1c20acd0cbf9053c004e55052
Certificate serial:       019D77CEE14A69A6F14676A87291AF2D3E9F
Authority key identifier: BD:19:9F:36:C3:B2:CB:D1:C2:0A:CD:0C:BF:90:53:C0:04:E5:50:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/VjQjZjd8u0m638f09ekHhQd_-mM.roa
Signing time:             Fri 10 Apr 2026 14:32:19 +0000
ROA not before:           Fri 10 Apr 2026 14:32:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206625
IP address blocks:        2a0a:d900:3106::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jul 2026 15:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:ce:e1:4a:69:a6:f1:46:76:a8:72:91:af:2d:3e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd199f36c3b2cbd1c20acd0cbf9053c004e55052
        Validity
            Not Before: Apr 10 14:32:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56342366377cbb49badfc7f4f5e90785077ffa63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:02:00:e9:86:2e:eb:cc:91:6a:40:ea:c7:31:
                    fa:31:c1:b3:7e:2c:d6:e3:e8:28:c7:a3:c4:35:3a:
                    e2:9d:11:cc:43:ff:a6:57:80:06:68:3c:a1:2b:8a:
                    d9:c2:6e:4e:42:60:35:54:40:04:b2:bc:dc:39:9b:
                    9e:67:cf:9a:1b:f3:2a:e4:3f:a1:bc:13:38:4e:1e:
                    b2:85:dc:ef:fb:9c:38:35:2a:4c:1d:f9:3a:75:91:
                    53:78:15:bf:0f:bc:d3:90:91:fa:34:6e:41:eb:9c:
                    c1:32:3a:47:24:1f:d8:dd:b0:f2:38:67:46:f5:27:
                    d9:fa:04:fd:86:90:db:f2:50:6b:64:bb:83:ab:fb:
                    c0:6a:7a:99:dc:21:a4:6a:28:3d:df:d5:0b:34:27:
                    e8:17:1b:fc:6c:8d:cb:ea:ca:21:58:5d:f2:fe:6f:
                    32:dd:f7:3e:0e:01:ed:2f:26:9b:c0:c6:2d:a7:aa:
                    93:0c:6d:9e:20:72:77:80:4c:08:92:63:b8:88:1f:
                    cc:58:5d:30:13:b0:c3:37:03:ab:2d:6c:88:43:b3:
                    fe:11:e6:37:e8:d1:c7:f3:1d:1b:98:88:0f:26:46:
                    04:2f:7c:91:c9:a4:9d:ea:77:87:e8:7d:d9:1f:77:
                    dd:9f:58:da:3b:91:2d:71:ea:74:f0:d5:d7:2a:60:
                    9a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:34:23:66:37:7C:BB:49:BA:DF:C7:F4:F5:E9:07:85:07:7F:FA:63
            X509v3 Authority Key Identifier:
                keyid:BD:19:9F:36:C3:B2:CB:D1:C2:0A:CD:0C:BF:90:53:C0:04:E5:50:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRmfNsOyy9HCCs0Mv5BTwATlUFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/VjQjZjd8u0m638f09ekHhQd_-mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/6fe893-e597-4ad8-81c2-4ce945c7f725/1/vRmfNsOyy9HCCs0Mv5BTwATlUFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d900:3106::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:0f:6a:9f:c1:b6:c1:69:cf:f3:2c:48:6b:03:d4:2f:8f:38:
         59:cd:c2:32:a8:6d:87:33:6a:53:b5:6e:d5:da:ad:a4:69:eb:
         2d:ef:77:64:97:9f:b8:c0:7a:6c:d6:33:e7:f9:bc:38:6b:a9:
         59:fe:c6:45:e4:27:0a:30:ea:c7:16:cd:eb:ca:5d:bc:68:37:
         c7:1e:d3:e4:1a:cd:48:17:2e:17:a3:11:5a:ca:1d:21:96:9f:
         26:ec:3c:1b:6d:99:63:d7:d1:f1:07:7d:a7:db:49:28:7d:48:
         f3:2b:8c:dd:8b:f3:3f:51:3d:5a:4f:21:76:f0:92:d4:43:39:
         41:c8:55:74:a6:0a:d8:fd:bb:9b:93:f9:4b:36:6d:54:f9:84:
         8e:53:f7:5d:1a:d2:e7:63:f4:13:a8:72:d6:84:40:2e:55:b6:
         cc:8d:ca:1b:05:35:91:b8:ea:29:19:18:a7:4f:19:61:c7:aa:
         44:31:f7:60:74:b8:55:4a:34:d9:51:65:e0:ce:4d:90:ad:bb:
         de:0b:1c:f9:83:52:d6:04:86:8d:8b:9d:cd:3c:0c:7a:4e:b4:
         ac:1a:56:39:69:04:89:b2:a1:26:96:10:42:c0:09:88:97:2f:
         35:12:25:f6:be:e5:dc:bb:b1:95:47:56:63:b0:ae:31:fc:d2:
         ea:78:a1:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ13zuFKaabxRnaocpGvLT6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTk5ZjM2YzNiMmNiZDFjMjBhY2QwY2JmOTA1M2MwMDRl
NTUwNTIwHhcNMjYwNDEwMTQzMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjM0MjM2NjM3N2NiYjQ5YmFkZmM3ZjRmNWU5MDc4NTA3N2ZmYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIA6YYu68yRakDqxzH6McGzfizW
4+gox6PENTrinRHMQ/+mV4AGaDyhK4rZwm5OQmA1VEAEsrzcOZueZ8+aG/Mq5D+h
vBM4Th6yhdzv+5w4NSpMHfk6dZFTeBW/D7zTkJH6NG5B65zBMjpHJB/Y3bDyOGdG
9SfZ+gT9hpDb8lBrZLuDq/vAanqZ3CGkaig939ULNCfoFxv8bI3L6sohWF3y/m8y
3fc+DgHtLyabwMYtp6qTDG2eIHJ3gEwIkmO4iB/MWF0wE7DDNwOrLWyIQ7P+EeY3
6NHH8x0bmIgPJkYEL3yRyaSd6neH6H3ZH3fdn1jaO5Etcep08NXXKmCaawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFY0I2Y3fLtJut/H9PXpB4UHf/pjMB8GA1UdIwQY
MBaAFL0ZnzbDssvRwgrNDL+QU8AE5VBSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJtZk5zT3l5OUhDQ3MwTXY1QlR3QVRsVUZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82ZmU4OTMtZTU5Ny00YWQ4LTgxYzIt
NGNlOTQ1YzdmNzI1LzEvVmpRalpqZDh1MG02MzhmMDlla0hoUWRfLW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82ZmU4OTMtZTU5Ny00YWQ4LTgxYzItNGNlOTQ1YzdmNzI1
LzEvdlJtZk5zT3l5OUhDQ3MwTXY1QlR3QVRsVUZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrZADEG
MA0GCSqGSIb3DQEBCwUAA4IBAQB0D2qfwbbBac/zLEhrA9QvjzhZzcIyqG2HM2pT
tW7V2q2kaest73dkl5+4wHps1jPn+bw4a6lZ/sZF5CcKMOrHFs3ryl28aDfHHtPk
Gs1IFy4XoxFayh0hlp8m7DwbbZlj19HxB32n20kofUjzK4zdi/M/UT1aTyF28JLU
QzlByFV0pgrY/bubk/lLNm1U+YSOU/ddGtLnY/QTqHLWhEAuVbbMjcobBTWRuOop
GRinTxlhx6pEMfdgdLhVSjTZUWXgzk2QrbveCxz5g1LWBIaNi53NPAx6TrSsGlY5
aQSJsqEmlhBCwAmIly81EiX2vuXcu7GVR1ZjsK4x/NLqeKE+
-----END CERTIFICATE-----
Generated at Sun Jul 5 20:38:57 2026 by rpki-client