Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/d4bPDy6gX7ZhycjJ-oatXsJg1gI.roa
File:                     d4bPDy6gX7ZhycjJ-oatXsJg1gI.roa (raw, json)
Hash identifier:          +X1Zf7QDOV9QkmAjgROJXnd2JUd3+Ot/nBrbiw8iIAs=
Subject key identifier:   77:86:CF:0F:2E:A0:5F:B6:61:C9:C8:C9:FA:86:AD:5E:C2:60:D6:02
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019EA7538A9BC96B595C59794E8805ADF1A0
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/d4bPDy6gX7ZhycjJ-oatXsJg1gI.roa
Signing time:             Mon 08 Jun 2026 13:02:10 +0000
ROA not before:           Mon 08 Jun 2026 13:02:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212112
IP address blocks:        2a0d:d940:10b::/48 maxlen: 48
                          2a0d:d940:9009::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:53:8a:9b:c9:6b:59:5c:59:79:4e:88:05:ad:f1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun  8 13:02:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7786cf0f2ea05fb661c9c8c9fa86ad5ec260d602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b7:58:75:85:c4:8f:67:c3:03:e2:17:79:e0:
                    76:e1:2a:aa:74:75:ac:47:08:08:37:fd:66:0a:53:
                    82:7e:25:d5:37:ac:42:40:d2:74:ae:e7:8b:1a:59:
                    a5:35:51:ad:b1:ec:92:d1:f3:b5:f0:ce:b4:16:b5:
                    d5:67:4c:7a:40:86:c4:31:58:4d:f1:2b:77:ca:da:
                    a8:39:d2:48:3e:f3:d5:8d:f7:e3:5f:ea:e6:25:7b:
                    7d:35:c0:13:7b:c4:d2:98:85:e3:f2:e0:4e:51:85:
                    4f:3b:0f:46:cb:48:46:ac:bc:ef:36:59:e7:81:a4:
                    10:ac:5d:73:07:4c:b8:91:4f:e7:c8:5e:a6:fa:1b:
                    71:fe:45:3d:c4:4a:19:d9:44:44:db:47:17:c4:30:
                    ca:2d:52:32:bf:98:45:99:63:79:86:54:42:fb:b0:
                    31:81:74:b2:a1:87:19:0d:66:4d:23:5e:2d:aa:a3:
                    b6:95:78:9c:41:8d:cf:a9:d0:4f:36:8b:33:a1:50:
                    45:17:60:4b:9f:73:ff:6d:a5:33:76:88:08:fd:1a:
                    2f:99:5d:ef:56:01:fb:5f:f6:3c:b8:70:3d:d3:ba:
                    7a:bd:ac:01:37:5f:6b:0e:68:24:4f:e9:88:c9:be:
                    fb:55:18:0a:cc:6a:79:97:33:3c:79:e9:4e:15:25:
                    e8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:86:CF:0F:2E:A0:5F:B6:61:C9:C8:C9:FA:86:AD:5E:C2:60:D6:02
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/d4bPDy6gX7ZhycjJ-oatXsJg1gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:10b::/48
                  2a0d:d940:9009::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:2a:35:4c:b7:ed:e4:15:dd:ea:ad:ed:37:ef:f4:41:97:14:
         69:24:e6:8a:6f:37:fd:c8:0b:7c:3a:59:98:df:f1:78:8e:33:
         15:2b:7e:82:2a:23:11:4a:bd:9b:8a:b9:8a:94:f0:91:df:63:
         63:db:4e:63:44:23:94:1b:29:62:b7:ff:04:29:02:ec:2c:84:
         3c:ea:35:d9:e8:2d:9b:65:e4:15:93:33:68:68:77:0a:d3:c6:
         dc:3d:f0:f8:a7:d5:22:ee:6e:b1:24:ba:d5:02:20:70:00:4a:
         dc:01:72:57:98:8b:0f:3c:d6:ef:96:0f:a2:1c:d5:05:e7:5e:
         b5:d5:a4:86:5d:b6:8d:c1:4e:e3:2c:80:14:25:f3:57:79:fb:
         56:80:1f:19:c3:00:f8:42:f7:b7:25:9f:18:3a:a1:db:c8:d6:
         b2:16:b2:59:76:bb:f2:30:53:cd:fe:03:74:56:66:4f:7a:0f:
         ec:8b:a7:aa:f4:1f:6e:b6:49:b2:7a:ba:fa:32:2b:b4:6d:ea:
         5d:75:e4:da:fe:a4:ab:86:dd:37:68:bf:de:83:7f:a9:65:35:
         ca:56:47:bf:9c:b8:4d:56:00:3e:72:04:dd:eb:88:c9:a0:88:
         f4:c3:7b:ad:49:62:fc:3b:cf:4a:5a:e2:47:7f:21:66:09:e8:
         37:76:c1:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6nU4qbyWtZXFl5TogFrfGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNjA4MTMwMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzg2Y2YwZjJlYTA1ZmI2NjFjOWM4YzlmYTg2YWQ1ZWMyNjBkNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybdYdYXEj2fDA+IXeeB24SqqdHWs
RwgIN/1mClOCfiXVN6xCQNJ0rueLGlmlNVGtseyS0fO18M60FrXVZ0x6QIbEMVhN
8St3ytqoOdJIPvPVjffjX+rmJXt9NcATe8TSmIXj8uBOUYVPOw9Gy0hGrLzvNlnn
gaQQrF1zB0y4kU/nyF6m+htx/kU9xEoZ2URE20cXxDDKLVIyv5hFmWN5hlRC+7Ax
gXSyoYcZDWZNI14tqqO2lXicQY3PqdBPNoszoVBFF2BLn3P/baUzdogI/RovmV3v
VgH7X/Y8uHA907p6vawBN19rDmgkT+mIyb77VRgKzGp5lzM8eelOFSXogQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHeGzw8uoF+2YcnIyfqGrV7CYNYCMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvZDRiUER5NmdYN1poeWNqSi1vYXRYc0pnMWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQAEL
AwcAKg3ZQJAJMA0GCSqGSIb3DQEBCwUAA4IBAQB/KjVMt+3kFd3qre037/RBlxRp
JOaKbzf9yAt8OlmY3/F4jjMVK36CKiMRSr2birmKlPCR32Nj205jRCOUGylit/8E
KQLsLIQ86jXZ6C2bZeQVkzNoaHcK08bcPfD4p9Ui7m6xJLrVAiBwAErcAXJXmIsP
PNbvlg+iHNUF51611aSGXbaNwU7jLIAUJfNXeftWgB8ZwwD4Qve3JZ8YOqHbyNay
FrJZdrvyMFPN/gN0VmZPeg/si6eq9B9utkmyerr6Miu0bepddeTa/qSrht03aL/e
g3+pZTXKVke/nLhNVgA+cgTd64jJoIj0w3utSWL8O89KWuJHfyFmCeg3dsE5
-----END CERTIFICATE-----