Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/R833NOdXTD2aQWG3JavzKd06mys.roa
File:                     R833NOdXTD2aQWG3JavzKd06mys.roa (raw, json)
Hash identifier:          fWZj94n90bNsji3CFK3WkNid37wFqWD8C1Qx/wwtaQQ=
Subject key identifier:   47:CD:F7:34:E7:57:4C:3D:9A:41:61:B7:25:AB:F3:29:DD:3A:9B:2B
Certificate issuer:       /CN=851d4e34d4e48539c170451d4e26138887f6e922
Certificate serial:       019DB02652C5AA434E01A9E3295AA06C2D15
Authority key identifier: 85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/R833NOdXTD2aQWG3JavzKd06mys.roa
Signing time:             Tue 21 Apr 2026 13:06:34 +0000
ROA not before:           Tue 21 Apr 2026 13:06:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203172
IP address blocks:        2a0e:5b44::/30 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:26:52:c5:aa:43:4e:01:a9:e3:29:5a:a0:6c:2d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851d4e34d4e48539c170451d4e26138887f6e922
        Validity
            Not Before: Apr 21 13:06:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47cdf734e7574c3d9a4161b725abf329dd3a9b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c1:9e:c5:a0:0c:ac:0a:68:1d:33:f9:11:49:
                    21:64:7d:2d:e1:41:17:48:26:56:80:a2:53:51:c1:
                    c0:7d:9b:4e:38:93:b0:11:15:0c:64:67:35:07:ca:
                    13:01:e9:87:9a:e3:23:b9:7c:dd:6c:11:03:db:89:
                    d3:4c:21:96:59:9c:da:e2:8e:bb:1c:46:98:c9:d9:
                    d8:e5:65:60:6f:b5:61:ce:84:42:97:33:cb:5a:83:
                    98:a6:3c:a2:78:23:aa:c9:58:73:2d:53:20:c5:b5:
                    8c:6c:64:77:74:25:8e:0b:e2:ff:ba:d2:66:98:81:
                    c4:54:94:3d:1c:21:fa:9f:69:6f:55:fb:54:8c:51:
                    af:e3:9a:51:77:ac:32:2c:1e:48:46:ad:c4:6b:9a:
                    92:5c:be:a8:9d:4e:07:6a:01:d1:2c:57:ae:51:6e:
                    d0:ce:37:1f:26:e1:a0:45:98:66:c5:81:8f:ae:a4:
                    d4:f7:6d:9e:81:ee:25:c5:a4:dd:eb:4f:23:6f:e2:
                    91:c4:96:9a:ee:e7:47:63:5a:a0:ec:24:69:6b:18:
                    4c:c6:5f:c7:5c:50:95:09:f0:b4:6a:44:ab:77:35:
                    fa:e6:b9:35:99:02:c3:22:a1:b6:67:3f:e2:7d:0d:
                    d0:c6:35:4e:e7:55:8d:e3:ba:1c:b2:e8:46:62:bf:
                    3f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CD:F7:34:E7:57:4C:3D:9A:41:61:B7:25:AB:F3:29:DD:3A:9B:2B
            X509v3 Authority Key Identifier:
                keyid:85:1D:4E:34:D4:E4:85:39:C1:70:45:1D:4E:26:13:88:87:F6:E9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hR1ONNTkhTnBcEUdTiYTiIf26SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/R833NOdXTD2aQWG3JavzKd06mys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/bf1589-6adf-44b3-9746-81c4055148e0/1/hR1ONNTkhTnBcEUdTiYTiIf26SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5b44::/30

    Signature Algorithm: sha256WithRSAEncryption
         0d:c9:c6:68:17:e5:45:90:a6:02:a5:81:15:01:62:68:0f:5c:
         60:b7:33:16:62:7b:37:10:f8:2c:97:13:9e:d6:a2:60:72:9b:
         7a:1d:ea:3b:6d:77:81:91:c6:f5:3e:4d:21:b7:00:3e:25:0b:
         b7:f3:9c:7c:c5:48:bf:2b:ba:d7:04:70:da:0c:e6:9b:da:ff:
         b3:3c:58:00:89:f4:8d:16:52:46:bc:0b:20:9b:59:79:1a:e7:
         d5:29:cc:57:f8:83:26:4a:0e:2c:95:a9:d2:d3:bb:69:ab:86:
         6c:5a:f8:ad:ad:ed:1f:89:22:76:bb:db:5a:ae:24:c4:24:a5:
         fa:f4:57:c0:d6:75:0d:d7:f8:2c:a5:0b:43:95:2b:39:7c:9c:
         1c:9a:e6:66:3f:54:7d:65:e1:df:5b:ab:ef:66:1b:a1:34:73:
         50:75:31:53:22:e5:75:dc:68:a3:e4:35:ac:16:f7:dc:c9:12:
         a3:3d:66:5a:5a:b3:a7:23:40:8f:da:cd:1a:ea:d2:58:e8:8f:
         7f:79:02:a6:96:9d:d9:d8:ee:d5:1f:ad:45:b1:7d:1c:c5:f2:
         4d:be:67:8d:4d:a7:1e:f0:87:c8:f1:4b:00:af:95:e2:12:9f:
         a0:cd:10:bc:64:e5:cc:70:22:b8:89:4f:ed:f6:54:8f:b0:6f:
         66:02:b6:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2wJlLFqkNOAanjKVqgbC0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MWQ0ZTM0ZDRlNDg1MzljMTcwNDUxZDRlMjYxMzg4ODdm
NmU5MjIwHhcNMjYwNDIxMTMwNjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2NkZjczNGU3NTc0YzNkOWE0MTYxYjcyNWFiZjMyOWRkM2E5YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcGexaAMrApoHTP5EUkhZH0t4UEX
SCZWgKJTUcHAfZtOOJOwERUMZGc1B8oTAemHmuMjuXzdbBED24nTTCGWWZza4o67
HEaYydnY5WVgb7VhzoRClzPLWoOYpjyieCOqyVhzLVMgxbWMbGR3dCWOC+L/utJm
mIHEVJQ9HCH6n2lvVftUjFGv45pRd6wyLB5IRq3Ea5qSXL6onU4HagHRLFeuUW7Q
zjcfJuGgRZhmxYGPrqTU922ege4lxaTd608jb+KRxJaa7udHY1qg7CRpaxhMxl/H
XFCVCfC0akSrdzX65rk1mQLDIqG2Zz/ifQ3QxjVO51WN47ocsuhGYr8/qwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEfN9zTnV0w9mkFhtyWr8yndOpsrMB8GA1UdIwQY
MBaAFIUdTjTU5IU5wXBFHU4mE4iH9ukiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYt
ODFjNDA1NTE0OGUwLzEvUjgzM05PZFhURDJhUVdHM0phdnpLZDA2bXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iZjE1ODktNmFkZi00NGIzLTk3NDYtODFjNDA1NTE0OGUw
LzEvaFIxT05OVGtoVG5CY0VVZFRpWVRpSWYyNlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKg5bRDAN
BgkqhkiG9w0BAQsFAAOCAQEADcnGaBflRZCmAqWBFQFiaA9cYLczFmJ7NxD4LJcT
ntaiYHKbeh3qO213gZHG9T5NIbcAPiULt/OcfMVIvyu61wRw2gzmm9r/szxYAIn0
jRZSRrwLIJtZeRrn1SnMV/iDJkoOLJWp0tO7aauGbFr4ra3tH4kidrvbWq4kxCSl
+vRXwNZ1Ddf4LKULQ5UrOXycHJrmZj9UfWXh31ur72YboTRzUHUxUyLlddxoo+Q1
rBb33MkSoz1mWlqzpyNAj9rNGurSWOiPf3kCppad2dju1R+tRbF9HMXyTb5njU2n
HvCHyPFLAK+V4hKfoM0QvGTlzHAiuIlP7fZUj7BvZgK2YQ==
-----END CERTIFICATE-----