Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/66nbrZ2mCYwG3e6ha3Nfy0BJKE0.roa
File:                     66nbrZ2mCYwG3e6ha3Nfy0BJKE0.roa (raw, json)
Hash identifier:          nivnljP3mO1OIkIFMtZNC7rvfkUDANm7b9o7EEV+vw8=
Subject key identifier:   EB:A9:DB:AD:9D:A6:09:8C:06:DD:EE:A1:6B:73:5F:CB:40:49:28:4D
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       019E60D8BA53DE7D3A5EA743BBCDF8240D19
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/66nbrZ2mCYwG3e6ha3Nfy0BJKE0.roa
Signing time:             Mon 25 May 2026 20:34:36 +0000
ROA not before:           Mon 25 May 2026 20:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214431
IP address blocks:        2a03:9382::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:60:d8:ba:53:de:7d:3a:5e:a7:43:bb:cd:f8:24:0d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: May 25 20:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eba9dbad9da6098c06ddeea16b735fcb4049284d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:49:c4:f4:05:31:e4:a5:b8:dc:68:b2:c0:d1:
                    05:e9:e9:1c:16:1e:88:37:c3:95:67:9f:e8:24:6b:
                    b3:46:91:4f:8f:8b:21:53:5c:bf:dc:01:df:37:14:
                    2f:37:06:fa:eb:c8:ea:05:c7:65:0f:22:f9:f5:01:
                    80:84:e4:07:39:90:95:a2:65:8a:52:f4:e4:4a:95:
                    e7:e4:87:80:79:ca:91:75:f1:2f:51:93:ae:84:3a:
                    0f:f4:e1:b3:7b:fb:4b:42:21:92:9c:d4:31:78:2c:
                    a6:ea:6d:50:29:2a:f6:83:75:db:cb:b2:ce:cf:45:
                    6d:f4:ce:07:28:5f:56:e4:29:8d:6c:25:35:7f:5d:
                    00:ec:0a:a7:a2:cb:39:c5:c9:bc:67:4f:36:3f:6a:
                    73:dd:d1:08:40:5d:cd:b0:2c:40:54:58:eb:00:32:
                    75:a0:4b:15:2e:4c:7e:fa:31:8e:90:e6:3c:e4:1e:
                    b4:4a:23:d6:e2:95:72:16:ec:2b:ee:27:21:00:51:
                    90:69:60:15:d7:a7:cb:1a:f1:a5:c7:d7:b7:73:82:
                    b7:18:ea:8d:24:c3:4b:5f:37:93:51:d3:c1:d8:ab:
                    33:a0:06:64:28:67:31:f0:a8:45:bd:10:fd:64:89:
                    f7:5c:24:e8:09:b0:74:ad:69:cb:75:92:d7:f2:03:
                    1b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A9:DB:AD:9D:A6:09:8C:06:DD:EE:A1:6B:73:5F:CB:40:49:28:4D
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/66nbrZ2mCYwG3e6ha3Nfy0BJKE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9382::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:c6:4b:42:31:ac:e6:ff:65:19:24:5a:12:55:40:d1:a4:5a:
         17:02:93:fd:7a:cf:e0:c0:16:2d:a1:76:43:a5:ba:ba:da:b9:
         84:a8:9d:1b:53:89:9c:56:a4:07:a2:a8:f9:6e:2e:9c:dc:f9:
         24:ef:a5:ee:84:44:ed:2f:1d:5e:7e:e7:44:07:b8:da:c6:56:
         0a:39:eb:1e:b3:92:b2:e6:5b:4c:ab:43:85:c4:65:07:bc:7c:
         e0:6b:8f:2e:c8:e8:72:9e:56:0a:33:b8:ca:e3:ad:c5:12:2f:
         c8:3a:a3:08:5c:1c:c2:3f:85:ce:61:b7:b1:e7:e8:85:7b:f8:
         a5:cb:c1:13:0d:62:b6:74:60:cf:87:c6:75:c8:5d:c2:47:a7:
         b4:1a:5c:54:99:83:21:92:09:1e:c6:27:e0:a4:b1:ef:f3:5a:
         05:ea:1e:34:aa:3a:e2:66:9a:7d:27:0e:c8:5e:42:37:e1:6a:
         ef:e7:4b:32:0d:16:8a:67:5f:1d:84:e2:88:57:65:9b:f8:74:
         21:7c:bd:39:58:39:ef:b4:ef:2a:f8:d6:32:30:e2:32:37:c5:
         27:7f:ac:81:b7:4c:d9:eb:0f:e8:53:0a:0a:bb:58:58:df:ec:
         ca:09:69:4f:bc:5b:ee:e0:39:0e:41:39:46:da:36:84:08:88:
         29:84:a6:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5g2LpT3n06XqdDu834JA0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjYwNTI1MjAzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmE5ZGJhZDlkYTYwOThjMDZkZGVlYTE2YjczNWZjYjQwNDkyODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1knE9AUx5KW43GiywNEF6ekcFh6I
N8OVZ5/oJGuzRpFPj4shU1y/3AHfNxQvNwb668jqBcdlDyL59QGAhOQHOZCVomWK
UvTkSpXn5IeAecqRdfEvUZOuhDoP9OGze/tLQiGSnNQxeCym6m1QKSr2g3Xby7LO
z0Vt9M4HKF9W5CmNbCU1f10A7Aqnoss5xcm8Z082P2pz3dEIQF3NsCxAVFjrADJ1
oEsVLkx++jGOkOY85B60SiPW4pVyFuwr7ichAFGQaWAV16fLGvGlx9e3c4K3GOqN
JMNLXzeTUdPB2KszoAZkKGcx8KhFvRD9ZIn3XCToCbB0rWnLdZLX8gMbjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOup262dpgmMBt3uoWtzX8tASShNMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvNjZuYnJaMm1DWXdHM2U2aGEzTmZ5MEJKS0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOTggAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCwxktCMazm/2UZJFoSVUDRpFoXApP9es/gwBYt
oXZDpbq62rmEqJ0bU4mcVqQHoqj5bi6c3Pkk76XuhETtLx1efudEB7jaxlYKOese
s5Ky5ltMq0OFxGUHvHzga48uyOhynlYKM7jK463FEi/IOqMIXBzCP4XOYbex5+iF
e/ily8ETDWK2dGDPh8Z1yF3CR6e0GlxUmYMhkgkexifgpLHv81oF6h40qjriZpp9
Jw7IXkI34Wrv50syDRaKZ18dhOKIV2Wb+HQhfL05WDnvtO8q+NYyMOIyN8Unf6yB
t0zZ6w/oUwoKu1hY3+zKCWlPvFvu4DkOQTlG2jaECIgphKa8
-----END CERTIFICATE-----