Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/U_DCEtPw_hUMwrzj8r6wUIXBPig.roa
File:                     U_DCEtPw_hUMwrzj8r6wUIXBPig.roa (raw, json)
Hash identifier:          zOV0/cSp312KHscfdmAUHtLOyMQW+m7fH0EzuAciKbU=
Subject key identifier:   53:F0:C2:12:D3:F0:FE:15:0C:C2:BC:E3:F2:BE:B0:50:85:C1:3E:28
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019CDCF37F9519B41F80AA71FCE8B41D32FB
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/U_DCEtPw_hUMwrzj8r6wUIXBPig.roa
Signing time:             Wed 11 Mar 2026 12:51:11 +0000
ROA not before:           Wed 11 Mar 2026 12:51:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47930
IP address blocks:        2a03:2100:30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 21:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:f3:7f:95:19:b4:1f:80:aa:71:fc:e8:b4:1d:32:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Mar 11 12:51:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53f0c212d3f0fe150cc2bce3f2beb05085c13e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:bf:e0:fc:d4:66:21:39:7e:5d:3a:44:4f:
                    87:48:b0:1b:97:dc:73:c8:3b:a4:fa:0e:a9:53:33:
                    0d:d6:b8:d4:38:46:a1:e0:2a:ff:3c:13:07:86:ae:
                    44:4d:e0:7b:8a:4b:42:79:a6:79:f3:d5:aa:ba:57:
                    40:44:30:1f:92:e1:4e:3b:39:d7:60:55:c6:d5:b9:
                    84:0d:45:2e:f3:15:a9:22:65:2e:d1:4a:87:4b:5b:
                    1b:e1:a4:2e:d9:d4:16:4b:e5:48:23:c7:e5:cb:39:
                    63:bf:c0:f8:cc:d1:f8:d6:a7:08:18:16:68:83:fa:
                    a3:00:e4:a7:3c:b5:df:17:0c:5f:66:5c:2b:23:68:
                    a3:88:3d:54:f8:b4:d0:0d:f0:8e:53:8c:5a:12:1c:
                    a7:d6:46:c5:f8:7e:e3:40:f0:1b:52:87:cd:89:cd:
                    c1:59:11:e8:90:ad:f9:dc:f7:76:41:66:59:8a:04:
                    f3:da:50:29:fa:69:57:b5:d2:5d:0d:4c:47:4d:ba:
                    8d:6a:6b:39:4d:83:1c:66:fd:b4:3c:a7:a1:1c:dd:
                    ec:0f:a8:45:1b:9a:af:c7:a6:7f:70:e7:ff:2f:5c:
                    63:a3:d2:ee:fb:7b:b4:21:38:70:50:d7:71:49:8e:
                    5c:89:3a:1c:2f:1b:a3:f5:6f:a0:1f:f1:19:92:a5:
                    a7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F0:C2:12:D3:F0:FE:15:0C:C2:BC:E3:F2:BE:B0:50:85:C1:3E:28
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/U_DCEtPw_hUMwrzj8r6wUIXBPig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2100:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:90:58:49:c6:d9:ad:b7:0e:69:e2:3e:7c:ae:d1:a0:29:30:
         15:2f:a9:63:46:b8:b9:16:5b:ee:5d:ed:1a:3e:b9:8c:46:db:
         10:03:2f:28:48:2a:d1:aa:05:80:f5:76:3e:72:7e:3b:a3:1e:
         76:1b:b2:4e:93:a6:e5:b4:8d:fa:ff:4d:de:e9:47:79:79:ae:
         c6:82:0e:d8:f8:cf:a6:c9:f2:86:82:ef:76:eb:0b:ff:0b:ae:
         ef:56:ed:77:b3:53:96:94:11:0c:a8:57:74:13:f2:80:30:d1:
         23:0e:1e:e1:d0:28:d2:64:7d:24:47:99:06:00:8d:f1:4b:96:
         6b:3c:0f:d1:ca:9e:49:d5:46:b2:ba:de:1e:68:41:40:2d:34:
         14:ab:7f:05:f6:72:8a:96:65:61:25:e3:06:16:19:13:29:8a:
         fd:fc:c4:88:19:e4:9e:ee:44:b4:a5:a7:dc:76:22:83:ee:7a:
         bd:d8:13:44:79:90:0d:12:ba:65:5f:4d:92:67:83:cf:66:b2:
         ab:3a:97:1a:00:d0:fc:1b:fc:68:a8:85:5b:c9:15:82:e8:87:
         ed:97:17:f0:70:56:90:cd:5a:ba:4a:87:63:c8:eb:09:0c:86:
         f3:08:39:2c:59:25:44:95:41:34:81:88:10:0c:be:fe:2a:b7:
         35:c7:91:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzc83+VGbQfgKpx/Oi0HTL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjYwMzExMTI1MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YwYzIxMmQzZjBmZTE1MGNjMmJjZTNmMmJlYjA1MDg1YzEzZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6K/4PzUZiE5fl06RE+HSLAbl9xz
yDuk+g6pUzMN1rjUOEah4Cr/PBMHhq5ETeB7iktCeaZ589WquldARDAfkuFOOznX
YFXG1bmEDUUu8xWpImUu0UqHS1sb4aQu2dQWS+VII8flyzljv8D4zNH41qcIGBZo
g/qjAOSnPLXfFwxfZlwrI2ijiD1U+LTQDfCOU4xaEhyn1kbF+H7jQPAbUofNic3B
WRHokK353Pd2QWZZigTz2lAp+mlXtdJdDUxHTbqNams5TYMcZv20PKehHN3sD6hF
G5qvx6Z/cOf/L1xjo9Lu+3u0IThwUNdxSY5ciTocLxuj9W+gH/EZkqWngQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFPwwhLT8P4VDMK84/K+sFCFwT4oMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvVV9EQ0V0UHdfaFVNd3J6ajhyNndVSVhCUGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMhAAAw
MA0GCSqGSIb3DQEBCwUAA4IBAQCrkFhJxtmttw5p4j58rtGgKTAVL6ljRri5Flvu
Xe0aPrmMRtsQAy8oSCrRqgWA9XY+cn47ox52G7JOk6bltI36/03e6Ud5ea7Ggg7Y
+M+myfKGgu926wv/C67vVu13s1OWlBEMqFd0E/KAMNEjDh7h0CjSZH0kR5kGAI3x
S5ZrPA/Ryp5J1Uayut4eaEFALTQUq38F9nKKlmVhJeMGFhkTKYr9/MSIGeSe7kS0
pafcdiKD7nq92BNEeZANErplX02SZ4PPZrKrOpcaAND8G/xoqIVbyRWC6Iftlxfw
cFaQzVq6SodjyOsJDIbzCDksWSVElUE0gYgQDL7+Krc1x5E0
-----END CERTIFICATE-----