Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/2IS8ehPE_sCiDT3IKqQJSnR31Vs.roa
File:                     2IS8ehPE_sCiDT3IKqQJSnR31Vs.roa (raw, json)
Hash identifier:          KVWr9Ud7q4N9SAPdSLXY5bHwHlBjYS0Fp6X1c6n/9jo=
Subject key identifier:   D8:84:BC:7A:13:C4:FE:C0:A2:0D:3D:C8:2A:A4:09:4A:74:77:D5:5B
Certificate issuer:       /CN=e4d7aaa3d25c2f9ebbec74c830cc0cde9318c8f8
Certificate serial:       019D814D9B63DA8D3D1CC47A3B265BEA7AD6
Authority key identifier: E4:D7:AA:A3:D2:5C:2F:9E:BB:EC:74:C8:30:CC:0C:DE:93:18:C8:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/2IS8ehPE_sCiDT3IKqQJSnR31Vs.roa
Signing time:             Sun 12 Apr 2026 10:47:20 +0000
ROA not before:           Sun 12 Apr 2026 10:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:4d:9b:63:da:8d:3d:1c:c4:7a:3b:26:5b:ea:7a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4d7aaa3d25c2f9ebbec74c830cc0cde9318c8f8
        Validity
            Not Before: Apr 12 10:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d884bc7a13c4fec0a20d3dc82aa4094a7477d55b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ff:bf:a9:7b:10:a8:48:63:fd:62:a1:8f:d2:
                    59:97:5b:be:a4:a4:fd:d7:8f:0c:82:43:7e:e0:fd:
                    15:fa:ed:da:71:80:69:05:69:95:71:68:82:30:d6:
                    b6:01:7c:f2:5c:2b:7f:0d:91:84:1f:5b:5d:69:6a:
                    e7:39:66:96:08:38:05:cf:b1:42:63:b9:a7:7b:8a:
                    28:7d:3e:ab:fe:b7:41:f4:28:f7:72:37:fd:5b:2e:
                    6e:51:40:87:df:d7:be:4c:4c:35:d3:8c:4c:47:d2:
                    7a:1e:6a:b7:0f:df:33:3d:7c:42:fd:74:b1:5c:e0:
                    df:fc:ad:a7:2a:19:fa:d7:65:b1:78:f2:57:3c:e6:
                    44:e4:18:f2:7a:a1:e8:b1:94:c2:5e:04:1d:ef:be:
                    66:14:1d:39:05:a5:41:b9:e0:9b:16:bd:50:bb:5b:
                    a5:42:15:c7:e8:22:39:b4:6e:49:8e:15:07:df:e9:
                    9d:88:af:db:5b:17:c6:68:81:1b:c8:6d:81:fb:99:
                    56:f4:6f:35:12:db:d3:17:d9:16:c4:d0:86:5a:fb:
                    5e:3f:0e:a2:56:02:ef:be:ea:82:5d:bc:c4:d9:21:
                    77:89:58:16:d2:41:ed:59:71:3c:7e:0f:86:c6:7f:
                    1c:79:f7:c0:e9:7c:2b:f6:81:b3:6a:65:aa:c8:5e:
                    1e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:84:BC:7A:13:C4:FE:C0:A2:0D:3D:C8:2A:A4:09:4A:74:77:D5:5B
            X509v3 Authority Key Identifier:
                keyid:E4:D7:AA:A3:D2:5C:2F:9E:BB:EC:74:C8:30:CC:0C:DE:93:18:C8:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Neqo9JcL5677HTIMMwM3pMYyPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/2IS8ehPE_sCiDT3IKqQJSnR31Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8b4147-e6e0-4d80-a93f-ef63b816dd35/1/5Neqo9JcL5677HTIMMwM3pMYyPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:e6:b1:47:3f:e4:8e:75:91:26:18:a5:50:96:f1:8c:ed:5b:
         d4:ef:26:c6:52:4a:10:a7:f8:99:30:7c:d1:ca:c1:78:c8:3f:
         7d:54:2a:a2:93:b5:28:21:8c:cb:a5:c6:4a:91:18:33:47:bc:
         31:7a:45:f9:6e:2c:d6:5b:bd:9d:80:69:36:a2:ff:1a:17:fe:
         d8:25:28:f3:d8:1c:69:d0:fa:56:61:e1:d1:67:99:1d:03:9c:
         6b:1f:89:ef:d1:b3:33:96:5a:37:00:d4:c2:00:dd:b7:ad:3a:
         4a:8d:00:ff:f3:bb:71:8f:de:fd:82:cf:de:80:4c:cd:f7:17:
         68:d3:6d:58:bc:21:50:90:ef:ff:4a:15:8b:61:9e:74:a5:6f:
         0a:ed:ca:ee:9f:3b:57:45:6a:02:70:6a:ab:4a:93:e7:7b:e8:
         62:da:a3:63:b9:ae:ad:9b:50:47:84:c5:ee:71:08:8a:b0:76:
         81:ff:0f:7f:5c:1e:81:33:b6:71:fd:35:1f:e7:83:95:55:35:
         b3:e7:e6:e2:18:b6:0b:31:c6:d4:83:ab:07:b1:e8:bd:dc:0c:
         0b:db:79:86:16:e4:44:10:ac:c4:d5:d2:c5:f5:bf:7f:95:6a:
         50:41:3f:ab:e7:0d:d6:be:c3:03:3f:72:d7:17:6c:12:da:2b:
         21:4c:b8:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2BTZtj2o09HMR6OyZb6nrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZDdhYWEzZDI1YzJmOWViYmVjNzRjODMwY2MwY2RlOTMx
OGM4ZjgwHhcNMjYwNDEyMTA0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg0YmM3YTEzYzRmZWMwYTIwZDNkYzgyYWE0MDk0YTc0NzdkNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP+/qXsQqEhj/WKhj9JZl1u+pKT9
148MgkN+4P0V+u3acYBpBWmVcWiCMNa2AXzyXCt/DZGEH1tdaWrnOWaWCDgFz7FC
Y7mne4oofT6r/rdB9Cj3cjf9Wy5uUUCH39e+TEw104xMR9J6Hmq3D98zPXxC/XSx
XODf/K2nKhn612WxePJXPOZE5BjyeqHosZTCXgQd775mFB05BaVBueCbFr1Qu1ul
QhXH6CI5tG5JjhUH3+mdiK/bWxfGaIEbyG2B+5lW9G81EtvTF9kWxNCGWvtePw6i
VgLvvuqCXbzE2SF3iVgW0kHtWXE8fg+Gxn8ceffA6Xwr9oGzamWqyF4eMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNiEvHoTxP7Aog09yCqkCUp0d9VbMB8GA1UdIwQY
MBaAFOTXqqPSXC+eu+x0yDDMDN6TGMj4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5lcW85SmNMNTY3N0hUSU1Nd00zcE1ZeVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84YjQxNDctZTZlMC00ZDgwLWE5M2Yt
ZWY2M2I4MTZkZDM1LzEvMklTOGVoUEVfc0NpRFQzSUtxUUpTblIzMVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84YjQxNDctZTZlMC00ZDgwLWE5M2YtZWY2M2I4MTZkZDM1
LzEvNU5lcW85SmNMNTY3N0hUSU1Nd00zcE1ZeVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHyQDAN
BgkqhkiG9w0BAQsFAAOCAQEAieaxRz/kjnWRJhilUJbxjO1b1O8mxlJKEKf4mTB8
0crBeMg/fVQqopO1KCGMy6XGSpEYM0e8MXpF+W4s1lu9nYBpNqL/Ghf+2CUo89gc
adD6VmHh0WeZHQOcax+J79GzM5ZaNwDUwgDdt606So0A//O7cY/e/YLP3oBMzfcX
aNNtWLwhUJDv/0oVi2GedKVvCu3K7p87V0VqAnBqq0qT53voYtqjY7murZtQR4TF
7nEIirB2gf8Pf1wegTO2cf01H+eDlVU1s+fm4hi2CzHG1IOrB7HovdwMC9t5hhbk
RBCsxNXSxfW/f5VqUEE/q+cN1r7DAz9y1xdsEtorIUy43w==
-----END CERTIFICATE-----