Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/df8fyZGgZ-MHftFhqfv8cp43YrI.roa
File:                     df8fyZGgZ-MHftFhqfv8cp43YrI.roa (raw, json)
Hash identifier:          6b+ndI23XxYj6JqzyvYHphqWGIdD3cmhum/VBu59tcE=
Subject key identifier:   75:FF:1F:C9:91:A0:67:E3:07:7E:D1:61:A9:FB:FC:72:9E:37:62:B2
Certificate issuer:       /CN=367160181739568e578e1b5f57976a60398062e6
Certificate serial:       019E9C77FF45F0ABB8549FB299BCECCEF9BF
Authority key identifier: 36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/df8fyZGgZ-MHftFhqfv8cp43YrI.roa
Signing time:             Sat 06 Jun 2026 10:26:10 +0000
ROA not before:           Sat 06 Jun 2026 10:26:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215849
IP address blocks:        2a09:3f07::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9c:77:ff:45:f0:ab:b8:54:9f:b2:99:bc:ec:ce:f9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=367160181739568e578e1b5f57976a60398062e6
        Validity
            Not Before: Jun  6 10:26:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75ff1fc991a067e3077ed161a9fbfc729e3762b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c1:5f:1a:c3:b1:ab:a4:2d:78:72:ec:3a:84:
                    5c:89:98:2e:c0:77:f8:5e:d8:7a:68:84:f1:31:af:
                    d4:21:cc:85:46:89:a6:91:34:10:10:58:6a:41:72:
                    2e:c6:37:ae:3c:5d:06:4b:48:d5:1c:82:d2:b1:6e:
                    fa:9b:64:4b:0b:1e:99:b4:cb:4f:72:fb:81:f3:db:
                    56:d0:4e:40:ea:2b:d3:0e:fb:84:c0:9d:3f:53:85:
                    e7:d7:78:ce:1e:f0:b3:6b:a9:ad:f1:41:c4:16:ef:
                    3d:55:94:95:05:22:36:eb:55:80:a0:e6:87:95:32:
                    84:b8:16:08:2a:bf:47:17:85:47:5f:da:68:3c:6f:
                    87:1f:2a:bc:98:b5:ef:5e:68:09:ab:83:54:46:79:
                    f5:b2:c3:fc:c7:2e:48:9c:04:d3:ac:6a:d7:9e:5d:
                    80:72:ba:ea:5c:cb:a8:55:e7:71:cc:28:9f:d9:16:
                    65:37:75:8b:48:23:dc:a5:ac:9c:bc:1c:81:64:a0:
                    c9:da:d0:88:8f:92:28:47:34:79:d6:63:eb:d2:d4:
                    0b:ef:9c:03:bf:c7:90:09:e6:23:3e:86:44:96:9b:
                    73:f0:3c:f5:43:63:07:d3:a2:e3:89:b2:bf:5a:d9:
                    9a:2d:d5:d2:e0:86:be:07:93:93:08:df:5b:43:a0:
                    de:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FF:1F:C9:91:A0:67:E3:07:7E:D1:61:A9:FB:FC:72:9E:37:62:B2
            X509v3 Authority Key Identifier:
                keyid:36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/df8fyZGgZ-MHftFhqfv8cp43YrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:e5:0b:cd:54:df:2d:38:20:94:bc:be:43:ec:d1:cc:b8:94:
         5b:f8:e7:c9:0c:35:5e:73:f8:6f:a0:d9:e8:e7:b5:4a:94:76:
         bd:40:3d:02:a2:1e:2e:fa:c1:1e:63:16:2b:5d:a7:c2:9c:89:
         e4:ba:22:1e:81:82:6f:44:9e:90:4b:37:55:ac:83:28:d1:7e:
         be:1a:27:19:42:36:e4:23:37:e4:7a:1d:8f:66:04:05:d1:3a:
         7f:58:d2:64:1b:8e:14:53:2f:9a:57:d4:43:c1:9d:f8:20:fa:
         74:5d:11:75:84:fe:bc:4d:0d:1f:08:c4:c6:4e:8c:49:b7:d6:
         62:74:4c:e5:9b:d0:ff:9d:f8:cc:d3:d0:59:12:87:fe:ce:84:
         84:91:35:90:ee:b9:cb:18:bf:41:58:51:fc:5f:69:ee:ef:37:
         6c:c4:49:d4:a0:06:22:4d:65:26:48:0d:63:a6:42:86:3e:6e:
         1c:2b:b2:d0:2a:23:4e:1f:2c:52:7b:f5:ea:fe:6d:27:5a:d0:
         53:5d:38:5e:90:37:00:53:ba:19:09:74:75:7b:cc:3f:ca:eb:
         b8:4c:64:b6:4c:9d:be:b1:7a:d1:8a:71:e6:ce:92:32:93:9e:
         68:3e:68:87:f4:3a:4c:aa:e0:e9:a7:30:81:a7:fb:3e:40:20:
         f0:49:d1:85
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6cd/9F8Ku4VJ+ymbzszvm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NzE2MDE4MTczOTU2OGU1NzhlMWI1ZjU3OTc2YTYwMzk4
MDYyZTYwHhcNMjYwNjA2MTAyNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZmMWZjOTkxYTA2N2UzMDc3ZWQxNjFhOWZiZmM3MjllMzc2MmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MFfGsOxq6QteHLsOoRciZguwHf4
Xth6aITxMa/UIcyFRommkTQQEFhqQXIuxjeuPF0GS0jVHILSsW76m2RLCx6ZtMtP
cvuB89tW0E5A6ivTDvuEwJ0/U4Xn13jOHvCza6mt8UHEFu89VZSVBSI261WAoOaH
lTKEuBYIKr9HF4VHX9poPG+HHyq8mLXvXmgJq4NURnn1ssP8xy5InATTrGrXnl2A
crrqXMuoVedxzCif2RZlN3WLSCPcpaycvByBZKDJ2tCIj5IoRzR51mPr0tQL75wD
v8eQCeYjPoZElptz8Dz1Q2MH06LjibK/WtmaLdXS4Ia+B5OTCN9bQ6DexQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHX/H8mRoGfjB37RYan7/HKeN2KyMB8GA1UdIwQY
MBaAFDZxYBgXOVaOV44bX1eXamA5gGLmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYt
ZWU4Y2ZkZDJlZDk0LzEvZGY4ZnlaR2daLU1IZnRGaHFmdjhjcDQzWXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYtZWU4Y2ZkZDJlZDk0
LzEvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgk/BzAN
BgkqhkiG9w0BAQsFAAOCAQEAmeULzVTfLTgglLy+Q+zRzLiUW/jnyQw1XnP4b6DZ
6Oe1SpR2vUA9AqIeLvrBHmMWK12nwpyJ5LoiHoGCb0SekEs3VayDKNF+vhonGUI2
5CM35Hodj2YEBdE6f1jSZBuOFFMvmlfUQ8Gd+CD6dF0RdYT+vE0NHwjExk6MSbfW
YnRM5ZvQ/534zNPQWRKH/s6EhJE1kO65yxi/QVhR/F9p7u83bMRJ1KAGIk1lJkgN
Y6ZChj5uHCuy0CojTh8sUnv16v5tJ1rQU104XpA3AFO6GQl0dXvMP8rruExktkyd
vrF60Ypx5s6SMpOeaD5oh/Q6TKrg6acwgaf7PkAg8EnRhQ==
-----END CERTIFICATE-----