Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3XJGVVD5EyhZ3-kknmoId7d5pz0.roa
File:                     3XJGVVD5EyhZ3-kknmoId7d5pz0.roa (raw, json)
Hash identifier:          XWLXgNALTz/L4UkJCfNPJpznC/EGpv/xZoFmTi4ApcA=
Subject key identifier:   DD:72:46:55:50:F9:13:28:59:DF:E9:24:9E:6A:08:77:B7:79:A7:3D
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019D81C935D64EEBC108A028D4C8884A66D8
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3XJGVVD5EyhZ3-kknmoId7d5pz0.roa
Signing time:             Sun 12 Apr 2026 13:02:20 +0000
ROA not before:           Sun 12 Apr 2026 13:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211087
IP address blocks:        2a0c:9a40:8f80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:c9:35:d6:4e:eb:c1:08:a0:28:d4:c8:88:4a:66:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr 12 13:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd72465550f9132859dfe9249e6a0877b779a73d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2c:51:f9:0c:6a:51:57:96:b7:af:75:b9:8b:
                    18:08:82:7e:0e:03:a7:bc:04:02:6a:8d:7b:1b:7b:
                    60:1c:3e:a6:73:94:12:2a:3a:f5:dd:39:1f:12:67:
                    ee:82:29:55:56:59:c1:33:19:4f:98:0f:53:d7:17:
                    82:62:01:62:cc:f7:bc:33:f8:2b:a7:dc:b9:a6:1c:
                    ac:73:f1:42:c9:b6:8f:ed:58:93:e5:9e:33:62:ec:
                    b5:a2:a5:f7:53:6f:79:75:14:93:46:f6:11:b6:6b:
                    31:88:f7:5e:5e:9c:15:ac:a9:ed:53:b3:3a:35:75:
                    ab:92:03:0c:5a:e3:4c:5d:a6:73:d4:49:4f:b8:51:
                    77:c4:9e:26:8a:eb:1e:e4:9f:fa:58:9b:22:5b:f1:
                    af:13:7d:40:88:cb:db:dd:78:f9:63:62:b2:64:e9:
                    61:ef:e1:42:3e:58:58:2f:79:38:f3:44:02:9a:7e:
                    76:7b:a5:08:6d:af:fd:a7:44:1f:f6:29:ed:23:3a:
                    ed:29:09:70:ea:90:5c:e8:d7:49:aa:a0:90:56:3d:
                    fc:2a:5b:67:db:ae:f9:ca:38:22:99:19:2f:97:6e:
                    1e:1c:64:98:70:b5:17:51:79:f0:b1:8d:19:83:57:
                    f3:3c:e5:f1:df:79:f6:f5:70:f4:58:b8:21:65:e3:
                    cb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:72:46:55:50:F9:13:28:59:DF:E9:24:9E:6A:08:77:B7:79:A7:3D
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3XJGVVD5EyhZ3-kknmoId7d5pz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8f80::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:89:d3:31:ca:c5:e4:94:3c:2e:11:01:2c:bf:f5:8c:15:bb:
         51:f0:e4:5c:0c:6a:48:1d:38:5d:73:e9:b1:25:a5:ab:05:62:
         80:82:8e:e9:76:92:71:25:19:d5:a2:f4:8a:41:85:4c:f0:50:
         7f:92:9d:59:e6:d0:ac:c5:76:06:bf:75:a7:65:a3:ff:12:25:
         3f:cc:d9:b4:5c:09:cd:3b:8e:8c:d1:da:34:6c:34:a7:cf:b9:
         93:8e:1c:92:51:ef:48:d5:57:94:3e:e6:5a:61:ff:03:81:cb:
         99:4c:17:ac:13:3e:3f:0c:fd:49:0a:ee:9e:22:91:92:45:aa:
         cb:3d:b1:fe:99:f4:82:b8:7c:ae:39:07:6b:f4:d9:e1:68:a1:
         d4:6c:5d:ea:b7:cd:00:87:a0:49:3b:5f:c7:94:f0:df:1b:ac:
         76:25:2b:e5:eb:13:e4:f0:c8:73:33:f1:a1:df:66:73:3b:82:
         ff:60:bf:a2:06:ad:6e:1f:14:37:1a:65:f0:bc:c0:e9:cc:a1:
         30:a9:2d:d1:ab:dd:10:52:03:14:92:9f:f0:d3:87:d0:1d:4a:
         60:b9:7b:5f:e7:00:57:41:2d:5b:dd:8f:ab:f7:e9:a8:a1:b5:
         e4:5e:c1:3c:08:1a:1b:4f:7f:18:aa:bd:ff:26:08:57:f2:35:
         5f:40:de:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2ByTXWTuvBCKAo1MiISmbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNDEyMTMwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDcyNDY1NTUwZjkxMzI4NTlkZmU5MjQ5ZTZhMDg3N2I3NzlhNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCxR+QxqUVeWt691uYsYCIJ+DgOn
vAQCao17G3tgHD6mc5QSKjr13TkfEmfugilVVlnBMxlPmA9T1xeCYgFizPe8M/gr
p9y5physc/FCybaP7ViT5Z4zYuy1oqX3U295dRSTRvYRtmsxiPdeXpwVrKntU7M6
NXWrkgMMWuNMXaZz1ElPuFF3xJ4miuse5J/6WJsiW/GvE31AiMvb3Xj5Y2KyZOlh
7+FCPlhYL3k480QCmn52e6UIba/9p0Qf9intIzrtKQlw6pBc6NdJqqCQVj38Kltn
2675yjgimRkvl24eHGSYcLUXUXnwsY0Zg1fzPOXx33n29XD0WLghZePLMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN1yRlVQ+RMoWd/pJJ5qCHe3eac9MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvM1hKR1ZWRDVFeWhaMy1ra25tb0lkN2Q1cHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQI+A
MA0GCSqGSIb3DQEBCwUAA4IBAQAUidMxysXklDwuEQEsv/WMFbtR8ORcDGpIHThd
c+mxJaWrBWKAgo7pdpJxJRnVovSKQYVM8FB/kp1Z5tCsxXYGv3WnZaP/EiU/zNm0
XAnNO46M0do0bDSnz7mTjhySUe9I1VeUPuZaYf8DgcuZTBesEz4/DP1JCu6eIpGS
RarLPbH+mfSCuHyuOQdr9NnhaKHUbF3qt80Ah6BJO1/HlPDfG6x2JSvl6xPk8Mhz
M/Gh32ZzO4L/YL+iBq1uHxQ3GmXwvMDpzKEwqS3Rq90QUgMUkp/w04fQHUpguXtf
5wBXQS1b3Y+r9+moobXkXsE8CBobT38Yqr3/JghX8jVfQN7k
-----END CERTIFICATE-----