Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/rnG49hfUWRbAaTnEufRtk-EpTgI.roa
File:                     rnG49hfUWRbAaTnEufRtk-EpTgI.roa (raw, json)
Hash identifier:          m+CLt1je+e7kdBLIdzICI7KIXd8aZuhthtIqMfab938=
Subject key identifier:   AE:71:B8:F6:17:D4:59:16:C0:69:39:C4:B9:F4:6D:93:E1:29:4E:02
Certificate issuer:       /CN=13323eacd77e5ca5952dd67c28f4fd90d32afadf
Certificate serial:       019F0B8384AD4CCC19CD03890260B208CA79
Authority key identifier: 13:32:3E:AC:D7:7E:5C:A5:95:2D:D6:7C:28:F4:FD:90:D3:2A:FA:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/rnG49hfUWRbAaTnEufRtk-EpTgI.roa
Signing time:             Sat 27 Jun 2026 23:56:36 +0000
ROA not before:           Sat 27 Jun 2026 23:56:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16331
IP address blocks:        217.116.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:0b:83:84:ad:4c:cc:19:cd:03:89:02:60:b2:08:ca:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13323eacd77e5ca5952dd67c28f4fd90d32afadf
        Validity
            Not Before: Jun 27 23:56:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae71b8f617d45916c06939c4b9f46d93e1294e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:05:89:c5:d0:7d:17:55:36:ec:7c:fa:52:e9:
                    11:9e:7e:1c:ef:89:47:36:26:06:34:fe:8f:dc:f9:
                    e0:57:7f:69:1c:26:4d:ed:8f:54:95:98:29:be:36:
                    80:96:55:60:b1:ac:aa:9d:ae:ac:5b:b5:04:20:2a:
                    0a:09:28:d4:12:b1:e9:c2:e3:62:cd:c1:6d:61:8f:
                    04:bb:95:56:a2:3c:60:9f:4d:f7:ea:92:ec:04:6f:
                    60:15:c7:97:a0:b6:c6:4b:2a:c7:5d:e4:b2:3c:65:
                    c5:65:5d:53:9a:ca:99:22:0c:1a:e7:05:ab:0f:da:
                    61:01:a5:28:5e:f8:54:d4:d3:9c:fc:ad:4b:b2:3a:
                    eb:0f:56:ce:c9:e4:4c:ea:09:81:44:b2:40:7b:95:
                    45:04:25:1d:b2:22:bc:a3:59:72:f1:57:47:69:ab:
                    be:4a:d8:d9:10:36:f3:96:e9:d7:6c:c3:55:39:01:
                    b7:e3:f9:ed:5c:d5:9a:ce:e0:26:f5:e2:5b:75:30:
                    cd:f1:9e:46:1d:c5:3e:f5:e0:51:e6:b5:1d:60:28:
                    2c:d3:3e:f2:05:cc:46:ae:84:29:1d:43:0e:ba:74:
                    bb:ab:bb:34:28:d4:b0:8c:34:01:68:b5:f6:fe:b9:
                    11:f3:5c:0b:bc:c1:30:99:6c:7e:10:c7:e8:d8:1a:
                    59:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:71:B8:F6:17:D4:59:16:C0:69:39:C4:B9:F4:6D:93:E1:29:4E:02
            X509v3 Authority Key Identifier:
                keyid:13:32:3E:AC:D7:7E:5C:A5:95:2D:D6:7C:28:F4:FD:90:D3:2A:FA:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/rnG49hfUWRbAaTnEufRtk-EpTgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/cbeac8-ebed-45fb-b724-70b1c69b4232/1/EzI-rNd-XKWVLdZ8KPT9kNMq-t8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.116.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:7a:3d:e6:1b:fa:5a:f6:85:c6:2b:ff:56:7c:e7:e0:a5:13:
         cc:55:6a:f3:3f:1e:bc:e5:1e:59:37:0a:54:8a:53:cb:84:83:
         8b:7d:27:84:30:38:22:cd:90:5e:03:17:fc:d7:72:13:a4:df:
         66:b5:33:40:f2:b8:fe:e0:88:79:f9:90:bb:82:b1:8e:80:90:
         f1:0f:ef:02:48:8d:6e:3f:11:74:36:26:a3:54:82:6e:15:a4:
         df:15:e7:7a:d6:8a:4d:a8:2b:bf:d6:d8:1a:98:14:dd:c5:78:
         ff:f3:e2:3d:87:3c:31:16:31:81:f0:88:32:97:a3:46:95:b3:
         32:10:07:11:db:72:cc:78:e4:f1:eb:c7:29:4c:4a:76:90:20:
         92:b5:93:b0:2c:f0:06:8d:07:ee:9d:c6:41:ab:56:36:a9:01:
         07:0a:2a:56:83:be:ab:7c:fd:9f:62:dc:2b:70:8c:1d:0e:6d:
         47:bf:5f:44:94:5e:d4:2a:1c:6b:78:37:c8:3b:ad:39:81:45:
         cf:ca:78:fa:e5:a1:90:64:69:02:ba:a5:68:56:3a:7b:53:54:
         3a:1b:81:72:87:4a:4a:1c:f6:6f:5b:ae:e4:3a:3d:6f:86:e2:
         f3:f2:72:94:b4:cd:17:86:a2:28:58:62:51:b8:5b:3a:88:48:
         95:6f:5f:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8Lg4StTMwZzQOJAmCyCMp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMzIzZWFjZDc3ZTVjYTU5NTJkZDY3YzI4ZjRmZDkwZDMy
YWZhZGYwHhcNMjYwNjI3MjM1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcxYjhmNjE3ZDQ1OTE2YzA2OTM5YzRiOWY0NmQ5M2UxMjk0ZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAWJxdB9F1U27Hz6UukRnn4c74lH
NiYGNP6P3PngV39pHCZN7Y9UlZgpvjaAllVgsayqna6sW7UEICoKCSjUErHpwuNi
zcFtYY8Eu5VWojxgn0336pLsBG9gFceXoLbGSyrHXeSyPGXFZV1TmsqZIgwa5wWr
D9phAaUoXvhU1NOc/K1LsjrrD1bOyeRM6gmBRLJAe5VFBCUdsiK8o1ly8VdHaau+
StjZEDbzlunXbMNVOQG34/ntXNWazuAm9eJbdTDN8Z5GHcU+9eBR5rUdYCgs0z7y
BcxGroQpHUMOunS7q7s0KNSwjDQBaLX2/rkR81wLvMEwmWx+EMfo2BpZewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5xuPYX1FkWwGk5xLn0bZPhKU4CMB8GA1UdIwQY
MBaAFBMyPqzXflyllS3WfCj0/ZDTKvrfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXpJLXJOZC1YS1dWTGRaOEtQVDlrTk1xLXQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jYmVhYzgtZWJlZC00NWZiLWI3MjQt
NzBiMWM2OWI0MjMyLzEvcm5HNDloZlVXUmJBYVRuRXVmUnRrLUVwVGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jYmVhYzgtZWJlZC00NWZiLWI3MjQtNzBiMWM2OWI0MjMy
LzEvRXpJLXJOZC1YS1dWTGRaOEtQVDlrTk1xLXQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2XSgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfej3mG/pa9oXGK/9WfOfgpRPMVWrzPx685R5ZNwpU
ilPLhIOLfSeEMDgizZBeAxf813ITpN9mtTNA8rj+4Ih5+ZC7grGOgJDxD+8CSI1u
PxF0NiajVIJuFaTfFed61opNqCu/1tgamBTdxXj/8+I9hzwxFjGB8Igyl6NGlbMy
EAcR23LMeOTx68cpTEp2kCCStZOwLPAGjQfuncZBq1Y2qQEHCipWg76rfP2fYtwr
cIwdDm1Hv19ElF7UKhxreDfIO605gUXPynj65aGQZGkCuqVoVjp7U1Q6G4Fyh0pK
HPZvW67kOj1vhuLz8nKUtM0XhqIoWGJRuFs6iEiVb19h
-----END CERTIFICATE-----