Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/9iCGXGMlG9blrWg1oCgEyBnOWDE.roa
File:                     9iCGXGMlG9blrWg1oCgEyBnOWDE.roa (raw, json)
Hash identifier:          jitXayUeLYoVIziGdLkVAJnm4bC+Qige+N+C29Ex3+E=
Subject key identifier:   F6:20:86:5C:63:25:1B:D6:E5:AD:68:35:A0:28:04:C8:19:CE:58:31
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C2727DF796778334EA04A062F648775BE
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/9iCGXGMlG9blrWg1oCgEyBnOWDE.roa
Signing time:             Wed 04 Feb 2026 05:37:30 +0000
ROA not before:           Wed 04 Feb 2026 05:37:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214481
IP address blocks:        2a0d:d940:200c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:27:df:79:67:78:33:4e:a0:4a:06:2f:64:87:75:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb  4 05:37:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f620865c63251bd6e5ad6835a02804c819ce5831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ed:18:d6:f4:db:84:5e:e3:9c:9d:d1:c2:6c:
                    c1:5b:4d:c3:96:bc:9d:80:b5:d1:12:be:4d:a7:60:
                    6e:d0:5b:22:ec:a6:93:93:e1:96:0f:c7:f8:6c:dc:
                    17:9c:47:17:3b:ff:ce:05:3f:4b:ce:74:94:89:b6:
                    1b:f2:95:ab:46:38:3f:66:e4:a5:11:a9:ba:da:c1:
                    46:e0:4c:61:a8:3a:8f:67:ae:fd:cb:53:18:6d:3f:
                    2a:35:06:fa:fd:9a:dd:18:4b:24:7f:7b:52:30:cd:
                    35:8b:2b:fb:21:40:b3:ef:7e:0a:7a:5e:fc:32:90:
                    8a:66:10:48:10:62:61:d4:db:6d:63:bb:83:01:e4:
                    08:a2:03:5c:91:8c:a1:76:b8:60:29:86:6b:0f:16:
                    bc:6f:fe:25:e5:2a:2b:7a:d0:1e:e9:44:e3:de:dc:
                    bd:ef:77:c9:e5:e9:1e:d3:47:52:8e:64:4e:86:8a:
                    7a:45:41:6e:f1:15:ad:3b:f4:e4:80:a8:14:15:95:
                    70:0a:cc:bf:4f:83:9b:ef:ba:2e:0c:9f:79:8a:5e:
                    7f:ca:8d:7d:ae:7f:7e:c6:38:55:48:4c:16:0e:a7:
                    e4:e8:d1:5a:0f:7e:fb:20:67:5c:ab:36:ef:80:e1:
                    3a:87:47:09:27:bd:7e:97:1b:d1:19:1a:13:93:03:
                    c0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:20:86:5C:63:25:1B:D6:E5:AD:68:35:A0:28:04:C8:19:CE:58:31
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/9iCGXGMlG9blrWg1oCgEyBnOWDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:200c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:b2:74:c7:b7:ec:9d:b1:7f:d0:cc:6d:e0:0e:33:ce:08:26:
         a5:a1:44:e7:fb:bf:2f:c1:17:88:e7:6d:61:ae:ed:45:66:c1:
         7c:41:6c:a6:33:ea:ab:fd:e1:7e:11:f7:4c:de:ed:d9:77:be:
         84:cf:f1:31:ca:d8:1a:d6:0f:a3:72:1c:2d:f9:17:fa:f0:ad:
         fe:23:31:51:0b:03:47:68:24:df:7d:fa:22:73:f1:21:00:36:
         0c:86:16:19:6f:4e:88:84:83:68:8b:63:16:3e:e6:74:46:d5:
         e6:0f:7b:87:ed:a9:6a:5f:2f:6f:51:56:cb:ff:96:fa:fa:b2:
         05:1a:7b:72:f5:ad:99:9e:03:d8:43:8d:5f:82:33:f6:26:ef:
         e4:8c:26:a5:be:bc:ca:97:94:e4:94:3d:93:b0:e6:04:46:06:
         41:18:78:f6:9c:ba:71:9b:d8:fd:97:87:ca:53:3b:de:ae:6e:
         84:e9:9b:97:e6:28:fe:27:9b:fc:78:d4:4e:e3:15:3a:07:e1:
         1c:69:f0:01:4f:b0:81:16:26:bb:8d:ea:a8:02:d0:79:17:bf:
         d3:c4:e4:3c:e4:af:bb:28:e6:2e:07:da:c4:5a:8a:23:db:c9:
         ee:1e:fa:31:9f:6d:3f:d9:26:ef:fe:10:40:63:d0:dd:8a:39:
         41:cb:cf:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwnJ995Z3gzTqBKBi9kh3W+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjA0MDUzNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjIwODY1YzYzMjUxYmQ2ZTVhZDY4MzVhMDI4MDRjODE5Y2U1ODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO0Y1vTbhF7jnJ3RwmzBW03Dlryd
gLXREr5Np2Bu0Fsi7KaTk+GWD8f4bNwXnEcXO//OBT9LznSUibYb8pWrRjg/ZuSl
Eam62sFG4ExhqDqPZ679y1MYbT8qNQb6/ZrdGEskf3tSMM01iyv7IUCz734Kel78
MpCKZhBIEGJh1NttY7uDAeQIogNckYyhdrhgKYZrDxa8b/4l5SoretAe6UTj3ty9
73fJ5eke00dSjmROhop6RUFu8RWtO/TkgKgUFZVwCsy/T4Ob77ouDJ95il5/yo19
rn9+xjhVSEwWDqfk6NFaD377IGdcqzbvgOE6h0cJJ71+lxvRGRoTkwPAlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYghlxjJRvW5a1oNaAoBMgZzlgxMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvOWlDR1hHTWxHOWJscldnMW9DZ0V5Qm5PV0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAM
MA0GCSqGSIb3DQEBCwUAA4IBAQAPsnTHt+ydsX/QzG3gDjPOCCaloUTn+78vwReI
521hru1FZsF8QWymM+qr/eF+EfdM3u3Zd76Ez/Exytga1g+jchwt+Rf68K3+IzFR
CwNHaCTfffoic/EhADYMhhYZb06IhINoi2MWPuZ0RtXmD3uH7alqXy9vUVbL/5b6
+rIFGnty9a2ZngPYQ41fgjP2Ju/kjCalvrzKl5TklD2TsOYERgZBGHj2nLpxm9j9
l4fKUzverm6E6ZuX5ij+J5v8eNRO4xU6B+EcafABT7CBFia7jeqoAtB5F7/TxOQ8
5K+7KOYuB9rEWooj28nuHvoxn20/2Sbv/hBAY9DdijlBy88t
-----END CERTIFICATE-----