Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/fnyKv9Z6W1X3B0Qgpuv0IqS_trI.roa
File:                     fnyKv9Z6W1X3B0Qgpuv0IqS_trI.roa (raw, json)
Hash identifier:          oMGn/oJi6W+0WxTmW5GgGVa4HKOUpRDhfDtwM04eG0U=
Subject key identifier:   7E:7C:8A:BF:D6:7A:5B:55:F7:07:44:20:A6:EB:F4:22:A4:BF:B6:B2
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019D7675BB933790B65BCD09B47ACA090A36
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/fnyKv9Z6W1X3B0Qgpuv0IqS_trI.roa
Signing time:             Fri 10 Apr 2026 08:15:20 +0000
ROA not before:           Fri 10 Apr 2026 08:15:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199232
IP address blocks:        2a0d:d940:90ae::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:75:bb:93:37:90:b6:5b:cd:09:b4:7a:ca:09:0a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Apr 10 08:15:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e7c8abfd67a5b55f7074420a6ebf422a4bfb6b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3b:a7:29:de:34:dd:f2:91:af:f4:d1:9c:ae:
                    00:65:ae:0e:5a:c2:8c:f7:6e:02:ff:f2:eb:8c:de:
                    98:2a:47:32:73:3b:41:ef:b9:3b:23:34:34:d2:6f:
                    17:74:8f:dd:5d:96:ab:76:ff:94:25:5f:4a:1e:56:
                    28:ea:9c:48:0d:4e:6b:cd:3d:45:b7:ca:a5:69:4a:
                    ec:19:45:6e:8d:58:ac:83:b9:38:8c:c9:37:33:75:
                    ba:34:c4:11:94:b1:05:10:60:bb:d5:f3:f5:12:37:
                    32:0f:8b:76:12:b4:ab:97:f1:03:dd:90:a2:e0:51:
                    7e:6a:f3:e9:d9:01:da:12:8f:2f:f0:c2:e2:48:c1:
                    31:dd:a5:3a:bc:a4:13:90:dc:df:7e:e4:a6:6d:a9:
                    2a:d9:e2:c2:c0:42:a2:a4:54:64:03:1f:af:42:e4:
                    05:21:95:9a:a1:f1:7e:31:a2:50:f6:1e:0a:17:36:
                    d3:89:23:72:02:cd:bd:57:93:23:7a:32:d2:24:2d:
                    2f:d7:2b:d6:61:57:b1:68:60:60:c7:07:92:9d:58:
                    6e:c8:85:8c:df:41:7a:07:ef:43:69:c6:50:40:b5:
                    76:6f:cd:a2:5b:10:91:1a:a4:8f:5c:d7:4c:ea:15:
                    a2:3f:ad:61:e4:29:cc:b7:73:e4:ae:d9:d2:dc:0a:
                    cd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7C:8A:BF:D6:7A:5B:55:F7:07:44:20:A6:EB:F4:22:A4:BF:B6:B2
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/fnyKv9Z6W1X3B0Qgpuv0IqS_trI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:90ae::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:1c:f6:94:00:63:65:ae:64:8d:68:c0:fa:38:c6:02:d0:85:
         29:fa:8b:d4:8a:1f:c8:e8:a0:52:66:36:5d:4d:9e:6e:f1:29:
         45:2d:7b:4f:8e:01:6d:26:41:92:23:b0:fa:c4:3c:2d:03:4e:
         8b:21:72:1d:c0:0d:62:e5:4b:b3:da:63:57:72:0c:ae:12:72:
         d8:e7:e2:4f:74:6e:75:cf:88:a0:2c:50:71:53:bf:4c:51:73:
         8c:7f:4d:5d:ca:07:87:86:97:48:d5:da:21:9a:83:7c:c0:b4:
         16:a5:8f:76:9d:8e:b2:c8:db:4f:de:c2:69:12:8d:f7:bf:43:
         5c:86:d5:50:ea:1a:1c:62:52:90:fb:f4:bb:c5:1b:29:c7:2e:
         72:f4:3c:1d:f4:5a:0e:39:35:a9:c5:6a:83:89:e4:cc:75:94:
         d3:fb:6c:01:96:39:a2:ab:e2:f7:4b:95:62:2e:a3:80:74:a1:
         6c:b1:de:d1:63:bf:ae:05:2a:4d:55:02:ce:dd:67:99:f4:bc:
         ab:d7:66:28:10:11:d2:f5:bb:27:53:81:45:ad:6d:bd:98:7c:
         3b:76:40:64:7b:6d:09:01:fa:5d:94:47:bd:5c:19:bc:23:78:
         4f:49:c5:66:68:b7:98:22:34:91:9d:d5:0a:40:a5:65:21:1c:
         fb:f7:a4:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ12dbuTN5C2W80JtHrKCQo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNDEwMDgxNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdjOGFiZmQ2N2E1YjU1ZjcwNzQ0MjBhNmViZjQyMmE0YmZiNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDunKd403fKRr/TRnK4AZa4OWsKM
924C//LrjN6YKkcycztB77k7IzQ00m8XdI/dXZardv+UJV9KHlYo6pxIDU5rzT1F
t8qlaUrsGUVujVisg7k4jMk3M3W6NMQRlLEFEGC71fP1EjcyD4t2ErSrl/ED3ZCi
4FF+avPp2QHaEo8v8MLiSMEx3aU6vKQTkNzffuSmbakq2eLCwEKipFRkAx+vQuQF
IZWaofF+MaJQ9h4KFzbTiSNyAs29V5MjejLSJC0v1yvWYVexaGBgxweSnVhuyIWM
30F6B+9DacZQQLV2b82iWxCRGqSPXNdM6hWiP61h5CnMt3PkrtnS3ArNLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH58ir/WeltV9wdEIKbr9CKkv7ayMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvZm55S3Y5WjZXMVgzQjBRZ3B1djBJcVNfdHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQJCu
MA0GCSqGSIb3DQEBCwUAA4IBAQAYHPaUAGNlrmSNaMD6OMYC0IUp+ovUih/I6KBS
ZjZdTZ5u8SlFLXtPjgFtJkGSI7D6xDwtA06LIXIdwA1i5Uuz2mNXcgyuEnLY5+JP
dG51z4igLFBxU79MUXOMf01dygeHhpdI1dohmoN8wLQWpY92nY6yyNtP3sJpEo33
v0NchtVQ6hocYlKQ+/S7xRspxy5y9Dwd9FoOOTWpxWqDieTMdZTT+2wBljmiq+L3
S5ViLqOAdKFssd7RY7+uBSpNVQLO3WeZ9Lyr12YoEBHS9bsnU4FFrW29mHw7dkBk
e20JAfpdlEe9XBm8I3hPScVmaLeYIjSRndUKQKVlIRz796S7
-----END CERTIFICATE-----